cybersecurity terms

Information is the lifeblood of your small business. Data that gets stolen or damaged can cost or even ruin an enterprise. Understand how to keep digital data safe with these cybersecurity terms. These can help you pick an excellent intrusion prevention system.

These terms are good to know. Especially without a computer emergency response team.


What are Some Cybersecurity Terms?

The following is a cybersecurity glossary. Refer to this library of cybersecurity terminology when needed.


Access control list — These deny or grant access to digital environments. They were originally firewalls. These grant the right to read a file or files in a directory.

Access control service — Azure Access Control Service (ACS) is a Microsoft cloud service. It provides access to system resources and web applications. One of the top security mechanisms.

Advanced persistent threat (APT) — State-sponsored groups and nations hacking into networks. Legal and financial services and governments are targets. They can remain undetected.

Antivirus software — A computer program to remove, detect and prevent malicious code.

Authentication — Security tools match users’ credentials to an authorized database. Preventing a security breach requires a user ID and password. Or, a biometric signature like a facial scan. Or a digital signature. It’s all called discretionary access control designed to control sensitive information.


Backup — Copying files and other types of data. There are different types. One for all the data stored or a full system backup.

Breach — Someone gains access who isn’t authorized to devices, networks, applications, or computer data. Personal devices can suffer a malware infection. An entire network can undergo a DDOS attack.

Brute force attack — Hackers use different combinations to access encrypted data, login info, etc.

Business continuity plan — BCPs deal with preventing and/or recovering from a cyberattack. Data backup and recovery are important. The idea is to restore business functions.

BYOD — This security policy allows people to use their own devices at work. BYOD includes smartphones, computers, and tablets. Online document editing systems with encryption help.


Checksum — Values are assigned to files and data before transmission. They are a sequence of letters and numbers used to compare data transmitted for errors and tampering.

Clickjacking — Clickjacking tricks users. They click buttons they think are safe. Victims can install malware, have credentials stolen, or even activate their webcams.

Cloud computing — Computer services delivered on the Internet. Storage, servers, software, analytics, and the like. You only pay for the services you use. This reduces data loss and operating costs. Keeps data object collections safe.

Computer virus — This is malware that causes damage to software and data. It’s malicious software that spreads from computer to computer.

Credit card skimmers — These get attached to card readers. And they collect credit card numbers.

Critical Infrastructure — Describes cyber systems and assets important to physical and economic security.

Cross-site scripting — Hackers inject malware code into an otherwise unaffected website. This is a security flaw in web applications.


Data breach — An attack whereby protected, confidential or sensitive data gets taken from a computer system or network. User behaviors can be the culprits.

Data encryption — This takes information and encodes it. It can only be accessed and read with the right decryption key.

Data integrity — This is the term for data consistency and accuracy. Physical integrity protects against power outages and hackers.

Data theft — When digital information gets stolen that contains confidential information from electronic devices, servers, and computers, it’s theft.

Denial of service (DoS) attack — These attacks trigger a network or computer crash. By flooding the target with requests and information.

Disaster recovery plan — This is a structured, documented approach that responds to an information system disaster. These start by putting together a list of laptops, desktops, and hardware.


Encrypted data — Also called ciphertext. It’s a way of protecting data confidentiality by encoding the information.

Encode — This is the process of changing data into a different format. It’s about using codes like numbers, symbols, and letters. Another good data loss prevention tool. Systems gain authorization based on keys.

ERM — A good enterprise risk management definition is simple. It includes looking at small businesses’ strategic, financial and operational risks. It also has policies and standards as well as IT operations. Like the web server used. It should automatically identify systems that are infected.

Exploit — Any computer system attack is defined this way. Like a software program that causes hardware or software failure.


Firewall — These can be either software or hardware-based. They’ve been a staple of defense for a quarter of a century.

A firewall monitors traffic — what to block and what to allow. As opposed to an intrusion detection system that’s passive.


Hacker — A hacker looks to gain unauthorized access.

Honeypot — This is a decoy that is used to lure potential hackers. It’s a system that attaches to networks.


IaaS — This is the type of cloud service. It offers networking storage and computing services on demand. One of four types of cloud computing service choices.

Identity theft — This is a crime. It’s about stealing financial or personal information. The most common type is financial. It can include a web address.

Internet protocol — This is the way information and data get sent from one computer to another. IP addresses identify the different computers.

IPS — This is a software or hardware security tool. It monitors computer networks and takes action when it finds issues.


JBOH — This is a mobile device attack that focuses on Android devices. JavaScript-Binding-Over-HTTP attacks quite often use infected apps.


Keylogger — These can be hardware devices or software solutions that steal what victims type. Information can include details or answers to questions, passwords, and even chats, and documents.


Local area network — This is a network of connected devices. You can find a LAN in one building.

Link redirecting — These redirect search engines and web page visitors. They get used when content gets relocated.


Malware — Harmful code gets written to steal information and violate network security. Examples include spyware, ransomware, worms, and viruses. An IP address can get hacked too.


Network file exchange — This is a data transfer method. It’s about sharing information in a network with different levels of access. Mandatory access control to grant clearance is important. A network security system designed well is critical.


Outsider threat — The threat that comes from outside. Like an ex-employee or unhappy customer. Another reason interpreting electronic data is important.

Operating system — The software that provides services for computer programs. And it manages hardware and software. Such basic systems are often targets.

OWASP — The Open Web Application Security Project. This is a nonprofit working to improve software security.


Password sniffing — This is a special software application that steals passwords and usernames by recording network traffic.

Patch — A patch is a change or update to an application or network system. They repair flaws or introduce new features.

Patch management — This is about improving testing, researching, and installing patches and updates to systems.

Penetration testing — This is a simulated attack against a computer or network. It’s designed to check for vulnerabilities. Like preventing network file exchange hacks.

Phishing — These are social engineering attacks that try to steal information. They mimic information from trusted groups. A common cyber attack.


Ransomware — This kind of malware takes data hostage, encrypting stored data. The ransom is usually demanded in cryptocurrency.

Rootkit — These enter computers through infected emails. And then download infected software.

Social engineering — A cyberattack based on human interaction. The hacker might pretend to be your boss.

Security ScoreThese measure security controls and provide a score. Your level of vulnerability to cybercrime is evaluated.

Spam — Unsolicited texts, emails, or other usually commercial messages. Any kind of these digital messages that get sent in bulk.

Spyware — This malicious software will gain access to a computer, steal data, and forward it to a third party. Business credentials and sensitive financial data can be taken.

Virtual Private Network (VPN) — A VPN is encrypted. They keep network resources private. A VPN provides a secure connection to an otherwise unsecured Internet service provider.


Whitelist — A whitelist is about authorized access. It denies some applications, domain names, emails, or internet addresses while approving others.

WiFi — A Wireless network connects devices like smartphones tablets and computers. It connects via a wireless router to enabled devices using radio waves.

Worm —This is malware that replicates by itself. They spread between computers through attachments. Or software glitches. Source code gets infected.


Zero-day exploit — This is a vulnerability in hardware or software. The term zero-day refers to the timing. The flaw gets exploited by a hacker before there’s a fix.

Zombie — This is a device or computer that’s been infected. A large group of these is called a botnet.

Image: Envato Elements

This article, “Cybersecurity Terms You Should Know ” was first published on Small Business Trends

Source: Small Business Trends

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.