A
Antivirus
Software designed to detect, prevent, and remove malicious programs (malware), keeping your systems secure.
Audits
A systematic evaluation of your IT systems, processes, or security to ensure compliance and identify vulnerabilities.
Automated deployments
A streamlined way to release software updates or patches without manual intervention, ensuring efficiency and precision.
B
Backups
Duplicates of your data that can be used to restore systems in case of a cyberattack, data loss, or system failure
Business continuity plan
A roadmap to ensure your business can continue operating during and after a crisis or cyberattack.
Business impact analysis
An assessment to identify critical operations and the impact of disruptions, helping you prioritise resources.
C
Cipher suites
Algorithms that secure communication by encrypting and safeguarding sensitive data during transmission.
CISA (Cybersecurity and Infrastructure Security Agency)
A U.S. government agency providing cybersecurity resources and support to businesses.
Compliance
Adherence to industry regulations and standards, such as GDPR or PCI DSS, to protect data and avoid penalties.
Cyber Essentials certification
A government-backed scheme in the UK that helps organisations protect themselves against common cyber threats.
Cyber threat
Any potential malicious activity designed to steal, damage, or disrupt systems or data.
Cybersecurity
Measures and processes to protect systems, networks, and data from cyberattacks.
D
Data breach
An incident where sensitive data is accessed, stolen, or leaked without authorisation.
Dark web scanning
Monitoring for your sensitive information, such as login credentials, being sold or distributed on the dark web.
Disaster Recovery (DR)
A plan that focuses on quickly restoring IT systems after a disruptive event.
DDoS attack
A Distributed Denial of Service attack aims to overwhelm systems or websites by flooding them with traffic.
DPA (Data Protection Act)
A UK law that governs how personal information should be used, stored, and protected.
E
Encryption
Transforming data into a coded format to secure it from unauthorised access.
Endpoint protection
Security solutions designed to protect endpoint devices like laptops, tablets, and smartphones from threats.
F
Firewall
A security system that monitors and controls incoming and outgoing network traffic based on pre-set rules.
G
GDPR
The General Data Protection Regulation is a legal framework in the EU to protect individuals’ personal data.
I
Incident response plan
A set of procedures for identifying, managing, and addressing cyberattacks or breaches.
Insider threat
An internal person (employee or contractor) who poses a security risk to the organisation, intentionally or unintentionally.
ISO 27001
An international standard for information security management systems (ISMS), ensuring data security best practices.
IT infrastructure
The hardware, software, network resources, and services that support business operations.
M
Malware
Malicious software designed to harm or exploit systems, such as viruses, worms, or ransomware.
N
NCSC (National Cyber Security Centre)
A UK authority offering guidance and resources to improve organisational cybersecurity.
P
Patch / Patching
Updates to software to fix vulnerabilities and improve security.
Password management
Tools or practices to securely store and manage passwords for systems and applications.
Penetration testing (Pen testing)
Ethical hacking to identify security weaknesses in your systems.
Phishing
A social engineering attack where fraudulent messages are used to trick individuals into revealing sensitive information.
R
Recovery Point Objectives (RPO)
The maximum acceptable amount of data loss measured in time.
Recovery Time Objectives (RTO)
The maximum acceptable time for recovery after an incident.
Ransomware
Malware that encrypts a victim’s data and demands payment for its release.
S
Segregation of environments
Separating development, testing, and production environments to avoid unintended disruptions and enhance security.
SIEM (Security Information and Event Management)
A solution that collects and analyses security data, providing real-time alerts for threats.
Social engineering
Tactics used to manipulate individuals into revealing confidential information.
SOC (Security Operations Centre)
Now largely replaced by TLS, it helps encrypt data between a web browser and a server.
Supply chain security
Ensuring security throughout the network of suppliers, partners, and vendors.
System monitoring
Continuous tracking of systems to ensure they’re functioning correctly and securely.
T
Threat actor
An individual or group responsible for a cybersecurity attack.
TLS (Transport Layer Security)
A cryptographic protocol that encrypts data communication over the internet.
Two-Factor Authentication (2FA)
An additional layer of security that requires two verification steps to access systems.
V
VPN (Virtual Private Network)
A secure connection that protects your data and hides your online identity.
Vulnerability
A weakness in a system that can be exploited by cybercriminals.
Vulnerability scanning
Automated tools that identify vulnerabilities in your systems or network.
W
Web security testing
The process of ensuring your website is protected against threats such as hacking and data theft.
Z
Zero trust
A security framework requiring strict verification for anyone trying to access systems or data.
