Cybersecurity Glossary

A-C

Advanced Persistent Threat (APT)
Sophisticated, long-term cyberattack where hackers gain access to networks and remain hidden for months or years, stealing data continuously.

Backup
Copies of your important data stored separately from your main systems. Your lifeline when ransomware, hardware failure, or accidents strike.

Botnet
Network of compromised computers controlled remotely by cybercriminals, often used to launch large-scale attacks or send spam.

Business Email Compromise (BEC)
Sophisticated scam where criminals impersonate executives or suppliers to trick employees into transferring money or revealing sensitive information.

Cloud Security
Protection measures for data, applications, and services stored in cloud platforms like Microsoft 365, Google Workspace, or Amazon Web Services.

Compliance
Following cybersecurity laws and regulations relevant to your industry, such as GDPR for data protection or PCI DSS for payment processing.

Cyber Essentials
UK government-backed cybersecurity certification that demonstrates your business has essential security measures in place.

Cybersecurity
The practice of protecting computer systems, networks, and data from digital attacks, theft, and damage. Every business needs a cybersecurity strategy.

D-F

Data Breach
When unauthorized people gain access to confidential company or customer data. Can result in hefty fines, lawsuits, and damaged reputation.

DDoS (Distributed Denial of Service)
Cyberattack that overwhelms websites or servers with fake traffic, causing them to crash or become unavailable to real users.

Digital Forensics
Investigation process used after cyberattacks to understand what happened, how much damage was done, and collect evidence for legal action.

Encryption
Technology that scrambles data so only authorized people can read it. Like putting your information in a digital safe that requires the right key to open.

Endpoint
Any device that connects to your network – computers, phones, tablets, printers. Each endpoint is a potential entry point for attackers.

Firewall
A security system that monitors and blocks suspicious internet traffic, acting like a digital security guard for your network. Essential for any business with internet access.

G-M

GDPR (General Data Protection Regulation)
European data protection law that requires businesses to protect customer data and can impose fines up to 4% of annual revenue for violations.

Identity and Access Management (IAM)
System that ensures only the right people have access to the right resources at the right times, crucial for controlling who can access what in your business.

Incident Response
Your planned approach for handling cyberattacks or security breaches, including who to contact, what steps to take, and how to recover quickly.

ISO 27001
International standard for information security management systems, providing a framework for protecting sensitive company information.

Malware
Any malicious software designed to harm your computer or steal information, including viruses, spyware, trojans, and ransomware. The umbrella term for all bad software.

Multi-Factor Authentication (MFA)
Security method requiring two or more forms of identification (like password + phone code) before granting access. Dramatically reduces the risk of account breaches.

P-R

Password Manager
Software that generates and stores strong, unique passwords for all your accounts. Eliminates the need to remember dozens of passwords.

Patch Management
Process of keeping software updated with the latest security fixes. Many cyberattacks exploit known vulnerabilities in outdated software.

PCI DSS
Security standard required for businesses that accept credit card payments, designed to protect cardholder data from theft.

Penetration Testing
Ethical hacking services where security experts attempt to break into your systems to find vulnerabilities before real criminals do.

Phishing
Email or message scams that trick people into revealing passwords, credit card details, or other sensitive information by pretending to be from legitimate companies. One of the most common cyber threats businesses face.

Ransomware
Malicious software that locks or encrypts your files and demands payment to restore access. Ransomware attacks can shut down entire businesses and cost thousands in recovery.

Risk Assessment
Evaluating your business to identify cybersecurity vulnerabilities and determine which threats pose the greatest danger to your operations.

S-Z

Security Awareness Training
Education programs that teach employees to recognize and avoid cyber threats like phishing emails and social engineering attacks.

SIEM (Security Information and Event Management)
Technology that collects and analyzes security data from across your network to detect threats in real-time.

SOC 2
Auditing standard that evaluates how well companies protect customer data, important for businesses that handle sensitive client information.

Social Engineering
Psychological manipulation tactics used by criminals to trick people into revealing confidential information or performing actions that compromise security.

SQL Injection
Hacking technique that exploits vulnerabilities in web applications to access or manipulate databases containing sensitive information.

Supply Chain Attacks
Cyberattacks that target third-party vendors or software providers to gain access to their customers’ systems and data.

Two-Factor Authentication (2FA)
Security process requiring users to provide two different authentication factors, typically a password and a code sent to their phone.

VPN (Virtual Private Network)
Creates a secure, encrypted connection over the internet, protecting your data when working remotely or using public WiFi. Essential for remote workers.

Vulnerability Assessment
Systematic scanning of your systems to identify security weaknesses that could be exploited by attackers.

Web Application Firewall (WAF)
Security solution that protects websites and web applications from attacks like SQL injection and cross-site scripting.

Zero Trust
Security approach that doesn’t automatically trust anyone or anything inside or outside your network, requiring verification for every access request.

Zero-Day
Previously unknown software vulnerability that hackers exploit before developers can create a fix. Particularly dangerous because there’s no defense ready.

Need Cybersecurity Help?

Understanding these terms is important, but implementing proper cybersecurity requires expertise. Rosca Technologies helps London businesses protect themselves with tailored security solutions.

Get expert help today:

• Phone: 020 8088 0665
• Email: daniel@rosca-technologies.com
• Free Security Assessment: Contact us for a complimentary review of your current security

Our Services Include:

• Penetration Testing & Vulnerability Assessments
• GDPR Compliance Support
• Security Awareness Training
• Incident Response Planning
• 24/7 Security Monitoring