A
Antivirus Software – A program designed to detect, prevent, and remove malware from computers and networks.Authentication – The process of verifying the identity of a user, device, or system, typically through passwords, biometrics, or multi-factor authentication (MFA).
B
Backup – A copy of data stored separately to protect against loss, corruption, or cyberattacks.Baiting – A type of social engineering attack that entices victims with an appealing offer (e.g., a free USB drive or software download) that actually contains malware.
Botnet – A network of compromised computers controlled remotely by cybercriminals to launch attacks such as spam, DDoS, and malware distribution.
Brute Force Attack – A method used by cybercriminals to gain unauthorised access to systems or accounts by systematically trying all possible password combinations until the correct one is found.
Business Email Compromise (BEC) – A form of fraud where attackers impersonate a trusted business contact to trick employees into transferring funds or sensitive information.
C
Cyber Attack – A malicious attempt to disrupt, damage, or gain unauthorised access to computer systems, networks, or data.Cyber Essentials – A UK government-backed certification that helps organisations implement basic cybersecurity measures to protect against cyber threats.
Cyber Hygiene – Best practices individuals and organisations follow to maintain cybersecurity, such as regular software updates and strong password management.
D
Data Breach – An incident where sensitive, confidential, or protected information is accessed, disclosed, or stolen by an unauthorised party.DDoS (Distributed Denial of Service) Attack – A cyberattack that overwhelms a system, server, or network with excessive traffic, making it inaccessible to legitimate users.
Digital Footprint – The trail of data a person leaves behind when using the internet, including social media activity, online purchases, and website visits.
E
Encryption – The process of converting data into a coded format to prevent unauthorised access, ensuring secure communication and data storage.Endpoint Security – Protection of network-connected devices (endpoints) such as laptops, mobile phones, and IoT devices from cyber threats.
F
Firewall – A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.Fraudulent Email (Phishing Email) – A deceptive email that tricks users into revealing personal information or downloading malware.
G
GDPR (General Data Protection Regulation) – A European Union law that sets rules for the collection, processing, and protection of personal data.H
Hacker – An individual who gains unauthorised access to computer systems or networks, either for ethical research (white hat) or malicious purposes (black hat).Hashing – A cryptographic technique that converts data into a fixed-length string, often used for securely storing passwords.
I
Identity Theft – A type of cybercrime where a person’s personal information is stolen and used fraudulently.Incident Response – A structured approach organisations follow to manage and mitigate cybersecurity incidents effectively.
J
Juice Jacking – A cyberattack where cybercriminals compromise public charging stations to steal data or install malware on connected devices.K
Keylogger – Malware that records keystrokes to steal passwords, credit card numbers, and other sensitive information.L
Least Privilege Principle – A security concept that limits user access rights to only what is necessary for their job functions.M
Malware (Malicious Software) – Any software designed to harm or exploit computer systems, including viruses, ransomware, spyware, and Trojans.Multi-Factor Authentication (MFA) – A security process that requires multiple forms of verification (e.g., password + mobile authentication) before granting access.
N
Network Security – Measures taken to protect data, systems, and networks from cyber threats, including firewalls, encryption, and monitoring.NCSC (National Cyber Security Centre) – A UK government organisation providing cybersecurity guidance and support to individuals and businesses.
O
Open Source Intelligence (OSINT) – Information collected from publicly available sources, often used for cybersecurity research or cybercrime.P
Patch Management – The process of updating software and systems to fix security vulnerabilities and prevent cyberattacks.Penetration Testing (Pen Testing) – A simulated cyberattack conducted to identify vulnerabilities in a system before real attackers exploit them.
Phishing – A cyberattack where attackers impersonate legitimate entities via email, phone, or text to steal sensitive information.
Pig Butchering Scam – A long-term social engineering fraud where cybercriminals gain a victim’s trust over time before convincing them to invest in fake financial schemes.
Pretexting – A form of social engineering where an attacker fabricates a scenario to obtain sensitive information, such as pretending to be an authority figure or IT support.
Q
Quarantine (in Cybersecurity) – Isolating suspicious files or emails to prevent malware from spreading across a network.Quid Pro Quo Attack – A social engineering attack where an attacker offers something beneficial (e.g., IT assistance, free software) in exchange for access or sensitive information.
R
Ransomware – A type of malware that encrypts a victim’s data and demands payment in exchange for restoring access.S
Scareware – A type of social engineering attack that tricks users into believing their device is infected with malware.Shoulder Surfing – A technique where an attacker spies on a person entering sensitive information.
SIM Swapping – A fraud technique where an attacker takes control of a victim’s phone number.
Smishing – A phishing attack conducted via SMS (text message).
Social Engineering – A method where criminals manipulate individuals into revealing confidential information.
Spear Phishing – A targeted phishing attack aimed at specific individuals or organisations.
T
Tailgating (Piggybacking) – A social engineering attack where an attacker gains access to a restricted area.Trojan Horse – Malware disguised as legitimate software.
W
Watering Hole Attack – A cyberattack where hackers compromise frequently visited websites.Whaling Attack – A phishing attack aimed at high-level executives.
Whitelist – A list of trusted applications, websites, or users.
Worm – A type of malware that replicates itself and spreads across networks.