Call Us Now
Free Consultation

Cybersecurity Glossary

Plain-English Cybersecurity Definitions for Business Owners

Cybersecurity is full of acronyms and jargon. We translated the terms that actually matter for running a small or mid-sized business — written for owners, IT managers, and decision-makers, not security engineers. Use Ctrl+F to find a specific term, or jump to a category below.

📖 Plain English 🆓 Free to use 🔄 Updated regularly 🏢 Built for businesses

Browse by Category

Three Categories, Ten Essential Terms

Jump straight to the section you need, or scroll through the full glossary below.

Threats & Attacks

2 terms

The most common ways attackers target small and mid-sized businesses — what they are and how they work.

  • Phishing
  • Ransomware
Jump to section →

Defense & Tools

5 terms

The protective layers and monitoring systems that catch threats before they cause damage to your business.

  • Endpoint
  • EDR
  • SOC
  • SIEM
  • Encryption
Jump to section →

Identity & Access

3 terms

How modern security verifies who's who and controls what each person can reach — the backbone of Zero Trust.

  • MFA
  • VPN
  • Zero Trust
Jump to section →

Category 1 of 3

Threats & Attacks

The most common ways attackers target small and mid-sized businesses — what they look like, how they work, and why they keep succeeding.

Phishing

↑ Top

Phishing is when an attacker tricks someone into handing over sensitive information — passwords, credit card numbers, banking credentials, or access to company systems — by impersonating a trusted source. The most common form is email, but phishing also happens through text messages (smishing), phone calls (vishing), and fake websites. A typical phishing email looks like it's from a real company (Microsoft, your bank, a vendor, even your boss) and pushes you to click a link, open an attachment, or "verify" your login on a fake page that captures whatever you type.

Why it matters for your business

Phishing is the single most common way attackers get into business networks — the vast majority of cyber incidents start with a phishing email. It doesn't matter how strong your firewall is: if one employee types their password into a fake login page, the attacker is inside. Employee training, email filtering, and multi-factor authentication together dramatically reduce this risk.

Ransomware

↑ Top

Ransomware is malicious software that encrypts a victim's files — locking them so they can't be opened — then demands payment (usually in cryptocurrency) to unlock them. Modern ransomware also steals copies of the data before encrypting it, then threatens to publish the stolen data online if the ransom isn't paid. This is called double extortion. Attacks usually start through a phishing email, an unpatched software vulnerability, or a stolen password, then spread laterally across the network to maximize damage before the encryption is triggered.

Why it matters for your business

Ransomware can stop a small or mid-sized business for days or weeks. The average ransom is now in six figures, and recovery costs (downtime, IT remediation, legal fees, customer notification, lost revenue) often run several times higher than the ransom itself. Cyber insurance carriers increasingly require specific defenses — MFA, EDR, and immutable backups — before they'll write a policy. The strongest defense is a layered one: phishing-resistant authentication, endpoint detection and response, and tested backups that ransomware cannot reach.

Category 2 of 3

Defense & Tools

The protective layers and monitoring systems that catch threats before they cause damage — from individual devices all the way up to 24/7 security operations.

Endpoint

↑ Top

An endpoint is any device that connects to your business network — desktops, laptops, smartphones, tablets, servers, printers, even network-connected cameras and conference room TVs. In modern cybersecurity, "endpoint" specifically refers to the user-facing devices where work happens and where attackers most often gain a foothold. Each endpoint is a potential entry point, which is why endpoint security tools (antivirus, EDR, device management) are the foundation of any cybersecurity program.

Why it matters for your business

The shift to remote work multiplied the number of endpoints outside the office firewall. A laptop on hotel WiFi, a phone checking work email at home, a tablet in a coffee shop — each is a potential way in. Traditional perimeter security ("keep the bad stuff outside the firewall") no longer works. Modern security assumes endpoints will be exposed and focuses on detecting and stopping threats on the device itself.

EDR (Endpoint Detection and Response)

↑ Top

EDR stands for Endpoint Detection and Response. It's the modern replacement for traditional antivirus. Where antivirus looks for known malware signatures, EDR continuously watches for suspicious behavior on every endpoint — unusual processes, unexpected file changes, abnormal network connections — and can automatically isolate a compromised device from the rest of the network before the threat spreads. EDR also generates detailed forensic data that security analysts use to investigate incidents and harden defenses going forward.

Why it matters for your business

Traditional antivirus is no longer enough. Attackers regularly use techniques — fileless malware, living-off-the-land tactics, novel ransomware variants — that signature-based antivirus simply can't see. EDR catches what antivirus misses. Most cyber insurance carriers now require EDR as a baseline control before they'll write or renew a policy. For a small or mid-sized business, EDR managed by a 24/7 SOC turns endpoint security from "hopefully nothing got through" into "we'll know within minutes and contain it automatically."

SOC (Security Operations Center)

↑ Top

A SOC, or Security Operations Center, is a team of cybersecurity analysts who monitor an organization's networks, endpoints, and cloud systems around the clock for signs of attack. A SOC combines tools (EDR, SIEM, threat intelligence feeds) with human expertise to spot threats that automated systems miss, investigate suspicious activity, and respond to incidents in real time. Most small and mid-sized businesses can't justify the cost of building their own SOC — instead, they get SOC coverage through a managed service provider or a specialized security vendor.

Why it matters for your business

Cyber attacks don't keep business hours. Ransomware crews specifically time their attacks for weekends and holidays when IT staff are away. A 24/7 SOC means someone is watching even when your team isn't. Trinity includes 24/7 SOC monitoring with our cybersecurity service — this is security operations specifically, not general help desk coverage. Since our SOC went live in 2018, our managed clients have had zero successful cyber events.

SIEM (Security Information and Event Management)

↑ Top

SIEM stands for Security Information and Event Management. A SIEM platform collects log data from across your environment — firewalls, servers, endpoints, cloud apps, identity systems — into one central place, correlates the events, and raises alerts when patterns suggest an attack. Think of it as the security camera system for your IT environment: it records what's happening everywhere, and it flags activity that looks suspicious so a human analyst (usually in the SOC) can investigate.

Why it matters for your business

Attackers rarely trigger one obvious alarm. A real attack looks like a series of small, individually unremarkable events — a login from a new country, a file download at an odd hour, an account suddenly accessing systems it normally doesn't touch. SIEM connects those dots across your whole environment. Without it, those signals stay scattered across dozens of separate tools and nobody sees the pattern until it's too late. SIEM is what makes 24/7 SOC monitoring effective.

Encryption

↑ Top

Encryption is the process of scrambling data so that it can only be read by someone with the correct decryption key. Modern encryption uses mathematical algorithms that are practically impossible to break by brute force. Businesses use encryption in two main contexts: in transit (data moving between systems, like an email being sent or a file uploaded to a cloud app) and at rest (data sitting on a hard drive, in a backup, or in a database). HTTPS, BitLocker, and encrypted backups are all examples of encryption you encounter every day.

Why it matters for your business

Encryption is one of the few cybersecurity controls that protects data after a breach. If an attacker steals an encrypted backup or laptop, the data inside is useless without the key. Many regulations (HIPAA for medical, PCI for payment cards, state data breach laws) require encryption of sensitive data — and encryption can reduce breach notification obligations if a device is lost or stolen. Encrypted, immutable backups are also the single best defense against ransomware: even if attackers encrypt your live systems, they can't touch a properly secured backup.

Category 3 of 3

Identity & Access

How modern security verifies who's who and controls what each person can reach — the backbone of every Zero Trust strategy and the highest-leverage place to invest in defense.

MFA (Multi-Factor Authentication)

↑ Top

MFA, or Multi-Factor Authentication, requires you to prove your identity in more than one way before being granted access to an account. The classic combination is "something you know" (a password) plus "something you have" (a code from your phone or an authenticator app). Even if an attacker steals your password through phishing or a data breach, they can't get in without the second factor. The most secure forms of MFA use authenticator apps (Microsoft Authenticator, Duo) or physical security keys; SMS text codes are better than nothing, but they're vulnerable to SIM-swap attacks.

Why it matters for your business

Microsoft has reported that MFA blocks over 99% of automated account takeover attacks. It is the single highest-impact, lowest-cost security control a business can deploy. Cyber insurance now requires MFA on every privileged account — most carriers won't write a policy without it. Every Microsoft 365 tenant, every VPN, every remote access tool, and every administrative account should have MFA enabled. If we had to pick one cybersecurity control to recommend universally, this would be it.

VPN (Virtual Private Network)

↑ Top

A VPN, or Virtual Private Network, creates an encrypted tunnel between a device and a private network — usually a company's office network or cloud environment — so that traffic flowing over the public internet can't be read or tampered with. For decades, VPNs were the standard way to give remote employees access to company resources: the laptop connects to the office VPN, then behaves as if it's physically inside the office. Consumer VPN products (like NordVPN or ExpressVPN) use the same underlying technology but for a different purpose: routing personal traffic through a remote server for privacy.

Why it matters for your business

VPNs are useful, but they aren't a complete security solution and they aren't quite what they used to be. Once a device connects through a VPN, it typically gets broad access to the internal network — which means a compromised laptop on a VPN can become a compromised network. The industry is steadily shifting toward Zero Trust models that verify each user, device, and resource request individually instead of granting blanket network access. For most businesses, the right answer is "VPN where it still makes sense, layered with MFA, EDR, and a Zero Trust mindset."

Zero Trust

↑ Top

Zero Trust is a security model built on a simple principle: never assume a user, device, or connection is trustworthy just because it's already inside the network. Every access request — whether it's coming from the office, a home computer, a phone, or a cloud app — is verified against current identity, device health, and context before being allowed. Zero Trust replaces the old castle-and-moat model (trusted inside, untrusted outside) with continuous verification at every layer. In practice, Zero Trust uses MFA, device compliance checks, conditional access policies, network segmentation, and least-privilege permissions.

Why it matters for your business

The classic perimeter-based model fails the moment one credential is phished or one laptop is compromised. Zero Trust assumes breaches will happen and limits how far an attacker can go once inside. It also matches how modern businesses actually work — employees on laptops at home, on phones on the road, on cloud apps from anywhere. You can't draw a clean perimeter around that. Most small and mid-sized businesses don't need to "buy Zero Trust" as a product; they need to apply Zero Trust principles to the tools they already have (Microsoft 365, Azure, identity providers, EDR).

Didn't Find Your Term?

Two Ways We Can Help From Here

Cybersecurity vocabulary evolves quickly. If we missed a term you're trying to understand, send it our way and we'll add a plain-English definition. And if your questions are getting bigger than "what does this acronym mean," we're happy to take a look at your environment and tell you where the real risks are.

Suggest a Term

See a term you'd like defined? Drop us a line. We add new entries whenever business owners and IT managers ask the same question more than once.

Suggest a term →

Talk to Trinity About Security

We'll look at your current setup — endpoints, identity, backups, monitoring — and tell you straight where the real risks are. No pressure, no script.

Schedule a conversation →

Prefer to talk? Call us at 336-303-1730.

BBB A+ Accredited since 2011 200+ Triad businesses served Zero client cyber events since 2018 20+ years in business