Cyber lingo made simple: A small business guide

Be honest. When you hear or read the words ‘cyber security’, do your eyes glaze over and ‘I don’t need to worry about this’ or ‘cybercrime won’t happen to me’ pops into your mind? The only problem with this is that you do need to consider it as the chances of experiencing a cyberattack are very real.


Whether you receive a suspicious text on your phone asking for payment, or an email from someone pertaining to be a colleague asking you to send over business-critical documents are just a couple of cyber threats that can happen to anyone at any time.


Staying cyber resilient is so important to your business and yes, the terminology that comes with it can be rather intimidating at times. At the Cyber Resilience Centre for Wales (WCRC) we are fully committed to making all things cyber-related much more digestible for small businesses especially ones that don’t have the internal IT support that a lot of the bigger companies have access to.


To get you started below is a list of the most frequently used cyber terms and what they mean.


2FA – Two-factor authentication is the use of two different components to verify a user's claimed identity. Also known as multi-factor authentication (see below).


Anti-virus - Software that is designed to detect, stop and remove viruses and other kinds of malicious software


Breach/data breach - An incident in which data, computer systems or networks are accessed or affected in a non-authorised way.


Encryption - A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.


Malware - Malicious software is a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals.


MFA - An authentication method that requires the user to provide two or more verification factors to gain access, also known as two-factor authentication (2FA).


Patching - Applying updates to firmware or software to improve security and/or enhance functionality.


Phishing - A cybercrime in which a target(s) are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.


Ransomware - Malicious software that makes data or systems unusable until the victim makes a payment


Smishing - Phishing via SMS: mass text messages sent to users asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website.


Social engineering - Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker


Spyware - Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyberattacks.


Virus - Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.


VPN – A virtual private network (VPN) is an encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations


Vulnerability - A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.


If you’re interested in learning more about the support and guidance the WCRC provides as well as its free membership, then contact us today.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.