Cybersecurity & ITAcronyms Decoded

An attack where criminals impersonate a vendor, executive, or trusted contact via email to redirect payments, change banking details, or trick employees into transferring money to fraudulent accounts.

Why it matters: BEC is the costliest cyber attack against businesses today. Attackers don't need malware — they just need a convincing email and a moment of inattention.

Malicious software that encrypts your files or systems, then demands payment (usually in cryptocurrency) for the decryption key. Modern ransomware also steals data and threatens to leak it if you don't pay.

Why it matters: Even with backups, ransomware events average over 20 days of downtime. The attackers also publish stolen data to pressure payment.

An email designed to trick the recipient into clicking a malicious link, entering credentials on a fake login page, or downloading malware. Phishing is the entry point for the majority of business breaches.

Why it matters: Modern phishing attacks are convincing, well-designed, and often targeted. The "you can spot a phish by typos" advice is a decade out of date.

Phishing delivered via text message instead of email. Common variants include fake delivery notifications, fraudulent bank alerts, and impersonation of executives asking for urgent help.

Why it matters: Text messages bypass the email security tools you've invested in, and people trust SMS more than email by default.

Phishing conducted over the phone. Often combines impersonation (claiming to be Microsoft, the IRS, or a vendor) with social pressure to extract credentials, payment information, or remote access.

Why it matters: AI voice cloning has made vishing dramatically more dangerous. A 30-second voice sample can be used to impersonate an executive convincingly.

Any software designed to damage, disrupt, or gain unauthorized access to a computer system. Includes viruses, ransomware, spyware, trojans, and rootkits. The umbrella term for "bad code."

Why it matters: Modern malware is often custom-built to evade traditional antivirus, which is why behavioral detection and active monitoring matter.

Attacks that exploit human psychology rather than technical vulnerabilities. Convincing someone to give up a password, transfer money, or grant access — without ever needing to "hack" anything.

Why it matters: Most successful breaches involve some social engineering. People are usually the weakest link, not the technology.

A security flaw that hasn't been publicly disclosed or patched yet. Attackers exploit zero-days because no defense exists for them at the time of attack.

Why it matters: Signature-based antivirus can't catch zero-days because there's no signature yet. Detection requires behavioral analysis.

An attack that compromises a vendor, software provider, or trusted partner to gain access to their customers. You did everything right; your vendor got breached, and you became the next victim.

Why it matters: Your security is only as strong as your weakest vendor. SolarWinds, Kaseya VSA, and MOVEit are recent examples of supply chain breaches.

Attacks designed to capture login credentials — usually via phishing pages, info-stealer malware, or breach databases — so attackers can log in legitimately as the user.

Why it matters: Credential theft bypasses most security tools because the attacker isn't "hacking" — they're just logging in. This is why MFA exists.

A security service combining 24/7 monitoring, threat detection, and active response — typically delivered through a Security Operations Center (SOC). Catches active intrusions and stops them in progress.

Why it matters: Antivirus blocks known threats. MDR catches the unknown ones — the active attacks that traditional tools miss.

Security software running on each computer that monitors for suspicious behavior, not just known malware signatures. Records activity so security teams can investigate and respond to threats.

Why it matters: EDR is the modern replacement for traditional antivirus. It catches behavioral patterns that signature-based tools can't.

A platform that collects security data from across your environment (computers, servers, email, cloud apps) and analyzes it to find threats. The technology layer underneath most modern security operations.

Why it matters: SIEM provides the visibility that makes 24/7 threat detection possible. Without it, you're flying blind.

A team of security analysts, often staffed 24/7, that monitors security data, investigates alerts, and responds to threats. The human layer that turns SIEM data into action.

Why it matters: Tools generate alerts. A SOC investigates them. Without analysts, your security tools are just expensive notification systems.

Security platforms that combine detection across multiple sources — endpoints, email, cloud, network — into a single integrated view. Marketed as "EDR plus everything else."

Why it matters: Attackers don't stay in one part of your environment. XDR follows them across systems instead of looking at one piece in isolation.

A login method requiring two or more verification factors — typically a password plus a code from your phone or an authenticator app. Stops most credential theft attacks cold.

Why it matters: MFA is the single highest-impact security control most businesses can implement. Cyber insurance now requires it for renewal.

A system that lets users log into one identity provider (like Microsoft 365 or Google Workspace) and use that single login to access multiple applications — without separate passwords for each.

Why it matters: Fewer passwords means fewer password-related breaches. SSO + MFA is the modern security baseline.

A security model where every access request is verified regardless of source — even from inside the corporate network. The opposite of "trusted internal, untrusted external" thinking.

Why it matters: Once attackers get inside your network, "trusted internal" lets them move freely. Zero Trust assumes they're already inside.

A security principle where users and systems get only the access they need to do their job — nothing more. The receptionist doesn't need admin access to the file server.

Why it matters: When (not if) credentials get stolen, least privilege limits how much damage the attacker can do.

Tools and policies that prevent sensitive data (credit card numbers, SSNs, client records) from leaving your environment — whether by accident, theft, or insider action.

Why it matters: Data leaving your environment is data you can't unleak. DLP catches the email with attached client records before it sends.

An email authentication method that cryptographically signs outgoing messages from your domain so receiving servers can verify the email actually came from you and wasn't modified in transit.

Why it matters: Without DKIM, attackers can spoof emails appearing to come from your domain. With it, fraudulent senders get rejected.

An email policy that tells receiving servers what to do when an email claiming to be from your domain fails authentication checks — reject it, quarantine it, or just monitor.

Why it matters: DMARC is what actually stops domain spoofing. Without it, anyone can send email pretending to be from your business.

A DNS record listing which mail servers are authorized to send email on behalf of your domain. Email from any other server gets flagged or rejected by recipients.

Why it matters: SPF is one of three pieces (with DKIM and DMARC) that together stop email impersonation of your domain.

U.S. federal law protecting medical and health information. Covers any business handling protected health information (PHI) — not just hospitals. Includes specific security and privacy requirements.

Why it matters: HIPAA fines can be substantial. Even non-medical businesses can fall under HIPAA if they handle health data for clients.

A security standard required by credit card networks for any business that accepts, processes, or stores credit card data. Defines specific technical and procedural controls.

Why it matters: Non-compliance can mean fines, increased fees, or losing the ability to accept credit cards entirely.

A U.S. federal agency that publishes cybersecurity frameworks and standards. NIST CSF (Cybersecurity Framework) is widely adopted by businesses and government agencies as a security baseline.

Why it matters: NIST frameworks are the de facto reference for "what does good cybersecurity look like" in the U.S. Cyber insurance and contracts often reference them.

The combined plan for keeping your business running during disruptions (continuity) and getting back to normal operations after (recovery). Covers everything from ransomware to power outages to natural disasters.

Why it matters: Most businesses without a BCDR plan don't survive a major disruption. Cyber insurance now typically requires documented plans.

The maximum acceptable downtime for a system or business function before significant impact. "Our email RTO is 4 hours" means we'd consider it a serious problem if email was down longer than 4 hours.

Why it matters: Setting RTOs forces you to think about which systems matter most — and to size your backup/recovery solutions accordingly.

The maximum acceptable amount of data loss measured in time. "Our RPO is 1 hour" means we can tolerate losing up to 1 hour of work in a recovery scenario, so backups must run at least hourly.

Why it matters: RPO drives your backup frequency. If your last backup was 24 hours ago and you have an hour-RPO requirement, you're not actually meeting it.

Software that lets a managed IT provider remotely monitor your computers and servers, push security updates, deploy software, and fix issues without needing to physically be there.

Why it matters: RMM is what makes proactive IT management possible. Without it, your provider only sees problems after you call them.

The business management platform a managed IT provider uses internally — ticketing, time tracking, billing, project management, contracts. The system that runs the MSP itself.

Why it matters: A well-run PSA is invisible to clients but ensures issues are tracked, billing is accurate, and nothing falls through the cracks.