Cybersecurity Glossary of Terms Every Small Business Should Know

Posted on April 01, 2021

Topics: IT Infrastructure, Network Security

Cybersecurity Glossary of Terms Every Small Business Should Know

With small and medium-sized organizations now storing, managing and accessing more data than ever before, cybersecurity is now a crucial component for business success.

In fact, cyber crime has continued to grow over the past few years. According to the Washington Post, estimated global losses from cybercrime are projected to hit just under a record $1 trillion for 2020 - that’s almost double 2018, when a reported $500 billion was lost.

Falling prey to a cyber attack could completely cripple the operations of your business, or even lead to huge fines and costs that could potentially put you out of business. After all, according to IBM, the average cost of a data breach in 2020 was a staggering $3.86 million dollars. 

With that in mind, it’s crucial your organization implements and invests in a cybersecurity strategy that effectively protects your network and your data. To help get you started, OT Group has created this list of the most important cybersecurity terms your small business needs to know.

The most important cybersecurity terms for small businesses


Antivirus software is a computer program that is used to prevent, detect and remove malicious programs and files from a computer or network. Most antivirus programs run automatically in the background to provide real-time protection. 


A backup, or data backup, is a copy of computer data that’s taken and stored elsewhere so it can be used to restore the original in the event of data loss or a data breach. 

Breach Council

This is the term that refers to a lawyer with specific knowledge and experience in cybersecurity. This lawyer helps organizations to navigate the required response after they have been subjected to a data breach.

Brute force attacks

A form of hacking that uses trial-and-error to guess login information, encryption keys or other sensitive access points into a company’s network. Hackers slowly work through all possible combinations in a bid to gain access to an account.  


A computer bug is an error or flaw in the coding of a computer program that produces unexpected results. A bug can also represent a vulnerability in a system that could be discoverable by cybercriminals.

Credential stuffing 

A type of cyberattack in which a cybercriminal uses stolen credentials, such as usernames, email addresses and their corresponding passwords, to gain unauthorized access to a user’s account. 


The practice of protecting computers, servers, mobile services, network and company data from various forms of malicious cyber attacks. These attacks are aimed at accessing sensitive information, extorting money from businesses or interrupting normal business processes. 

Data breach

A data breach occurs when internal, sensitive data is made accessible to external entities without authorization. 

Denial-of-service attack (DoS)

A type of cyberattack where a computer is used to flood systems, services or networks with traffic that exhausts their bandwidth, preventing users from completing legitimate requests.

Distributed denial-of-service attack (DDos)

DDoS is the same as a denial-of-service attack, but instead of just one computer it’s when multiple systems target a single system. The targeted network is bombarded with packets from multiple locations. 


A method used to scramble data, making it unreadable to anyone without the encryption key. Encryption makes it difficult for cyber criminals to steal data, especially when end-to-end encryption is used. 


An endpoint is every device connection to your network, including laptops, mobile devices, printers and other pieces of hardware. Cybercriminals can use endpoints to gain access to a company’s network. 


A firewall is a network security system that monitors and controls incoming and outgoing network traffic, based on a range of predetermined security measures. A firewall acts as a barrier between a trusted network and an untrusted network. 


A person who uses their knowledge of programming code or a computer system to modify its functions or operations. Hackers can be ethical and authorized to find vulnerabilities, or malicious and unauthorized. 

Incident response plan

This is a strategy created by a business to detail exactly what to do to immediately secure the company’s network and data in the event of a security breach. An incident response plan can include emergency contacts and how to recover data. 

Initial control point (ICP)

This is the initial point in your network that a hacker gained control of to execute their attack. 


Malware, also known as malicious software, is an umbrella term used to describe a range of malicious software attacks that aim to breach your company’s network through vulnerabilities. Malware includes software such as spyware, ransomware and computer viruses.

Multi-factor authentication (MFA)

A form of authentication that adds an additional layer of security by requiring users to provide a second, or even third, factor of authentication to get into an account. This additional form of authentication could include anything from a mobile phone, email address, fingerprint or voice.


Most organizations use a network. It’s a group of computers that are virtually connected to each other, in order to share files, data, and applications. Cybersecurity strategies are typically created to protect an entire network, not just one computer. 


An update or change for an operating system or applications. A patch is used to repair flaws or bugs in a system, securing potential vulnerabilities. 


A process in which cybercriminals attempt to steal sensitive information through fraudulent communications that appear to come from a reputable source. This cybersecurity threat typically aims to steal sensitive data such as login information or credit card details through fraudulent emails or phone calls. 


Ransomware, a type of malware, is a malicious software that encrypts a user’s data. The attacker then demands a ransom from the user to restore access to the data. The hacker promises to hand over a decryption key upon payment, but there’s no guarantee of that happening. 


As part of the recovery process, employees should have guidelines on how they can quickly access backed-up data in the event of a cybersecurity incident. 

Social engineering

Social engineering, in the cybersecurity definition, is a form of psychological manipulation which attempts to trick people into revealing sensitive information.


A form of unwanted and unsolicited communication that typically is received via email. While most forms of spam are legitimate advertising, some will fall under the phishing category and will include malicious links and attachments. 


Another form of malware, spyware is a malicious software that’s designed to enter a computer system and then gather data about the user and forward it to a third-party without your consent. Spyware, however, can also be a legitimate software that monitors your data for commercial purposes - such as for advertising.

Trojan horse

A trojan horse is a type of malware that is disguised as legitimate software. Trojan horses are used by cyber criminals to gain access to a users’ system by tricking them through social engineering. 

Unauthorized access

Any access or use of a computer system, network or resource by a user who was not explicitly granted authorization to access them.

Virtual private network (VPN)

A VPN provides privacy , anonymity and security to users by creating a private network connection across a public network connection. This is great for remote work, as it secures your employee’s internet connection no matter where they are working from.


A type of malicious code or program that’s written to alter or modify the way a computer operates, typically by attacking itself to a legitimate program or document. A computer virus is designed to spread from one computer to another. 


Vishing, also known as voice phishing, is the phone’s version of email phishing. It uses automated voice messages in an attempt to steal private and financial information from a user. 


Any weakness in a company’s network or security system. Vulnerabilities are any weakness in your network that cyber criminals can use to access your network, applications or systems. 


A computer worm is a type of malware that spreads copies of itself from computer to computer. By duplicating itself, a computer worm is able to spread to other systems and is typically used to deposit other forms of malware on each of the systems it encounters. 

Want to learn more about cybersecurity and how to protect your small or medium-sized business in Ontario from potential threats? Contact OT Group today. We would love to help better secure your business. 

New call-to-action

Related posts

IT Infrastructure - August 24, 2022

What are the Advantages of Data Backup and Recovery?

Subscribe to our blog

Blog Subscription