Resources
Every IT and security conversation comes with its own alphabet soup. We've translated the terms business owners actually need to know — in plain English, with no jargon-justifying-more-jargon. Use the search and filters to find what you need.
An attack where criminals impersonate a vendor, executive, or trusted contact via email to redirect payments, change banking details, or trick employees into transferring money to fraudulent accounts.
Why it matters: BEC is the costliest cyber attack against businesses today. Attackers don't need malware — they just need a convincing email and a moment of inattention.
Related: Account Takeover, Defender for Office 365
Learn more about BECMalicious software that encrypts your files or systems, then demands payment (usually in cryptocurrency) for the decryption key. Modern ransomware also steals data and threatens to leak it if you don't pay.
Why it matters: Even with backups, ransomware events average over 20 days of downtime. The attackers also publish stolen data to pressure payment.
Related: Immutable Backup
An email designed to trick the recipient into clicking a malicious link, entering credentials on a fake login page, or downloading malware. Phishing is the entry point for the majority of business breaches.
Why it matters: Modern phishing attacks are convincing, well-designed, and often targeted. The "you can spot a phish by typos" advice is a decade out of date.
Related: Defender for Office 365
Learn more about phishingPhishing delivered via text message instead of email. Common variants include fake delivery notifications, fraudulent bank alerts, and impersonation of executives asking for urgent help.
Why it matters: Text messages bypass the email security tools you've invested in, and people trust SMS more than email by default.
Phishing conducted over the phone. Often combines impersonation (claiming to be Microsoft, the IRS, or a vendor) with social pressure to extract credentials, payment information, or remote access.
Why it matters: AI voice cloning has made vishing dramatically more dangerous. A 30-second voice sample can be used to impersonate an executive convincingly.
Related: Voice AI
Any software designed to damage, disrupt, or gain unauthorized access to a computer system. Includes viruses, ransomware, spyware, trojans, and rootkits. The umbrella term for "bad code."
Why it matters: Modern malware is often custom-built to evade traditional antivirus, which is why behavioral detection and active monitoring matter.
Attacks that exploit human psychology rather than technical vulnerabilities. Convincing someone to give up a password, transfer money, or grant access — without ever needing to "hack" anything.
Why it matters: Most successful breaches involve some social engineering. People are usually the weakest link, not the technology.
Related: Prompt Injection
A security flaw that hasn't been publicly disclosed or patched yet. Attackers exploit zero-days because no defense exists for them at the time of attack.
Why it matters: Signature-based antivirus can't catch zero-days because there's no signature yet. Detection requires behavioral analysis.
Related: Patch Management
An attack that compromises a vendor, software provider, or trusted partner to gain access to their customers. You did everything right; your vendor got breached, and you became the next victim.
Why it matters: Your security is only as strong as your weakest vendor. SolarWinds, Kaseya VSA, and MOVEit are recent examples of supply chain breaches.
Related: Model Poisoning
Attacks designed to capture login credentials — usually via phishing pages, info-stealer malware, or breach databases — so attackers can log in legitimately as the user.
Why it matters: Credential theft bypasses most security tools because the attacker isn't "hacking" — they're just logging in. This is why MFA exists.
Related: Password Manager, Identity Theft, Account Takeover, Dark Web Monitoring
A security service combining 24/7 monitoring, threat detection, and active response — typically delivered through a Security Operations Center (SOC). Catches active intrusions and stops them in progress.
Why it matters: Antivirus blocks known threats. MDR catches the unknown ones — the active attacks that traditional tools miss.
Related: Endpoint Protection, MSSP
Learn more about MDRSecurity software running on each computer that monitors for suspicious behavior, not just known malware signatures. Records activity so security teams can investigate and respond to threats.
Why it matters: EDR is the modern replacement for traditional antivirus. It catches behavioral patterns that signature-based tools can't.
Related: Endpoint Protection, M365 Business Premium, Insurance Application Requirements
EDR vs Antivirus explainedA platform that collects security data from across your environment (computers, servers, email, cloud apps) and analyzes it to find threats. The technology layer underneath most modern security operations.
Why it matters: SIEM provides the visibility that makes 24/7 threat detection possible. Without it, you're flying blind.
Related: Microsoft Sentinel, MSSP
See Brydan SIEMA team of security analysts, often staffed 24/7, that monitors security data, investigates alerts, and responds to threats. The human layer that turns SIEM data into action.
Why it matters: Tools generate alerts. A SOC investigates them. Without analysts, your security tools are just expensive notification systems.
Related: Microsoft Sentinel, MSSP, NOC
Security platforms that combine detection across multiple sources — endpoints, email, cloud, network — into a single integrated view. Marketed as "EDR plus everything else."
Why it matters: Attackers don't stay in one part of your environment. XDR follows them across systems instead of looking at one piece in isolation.
A login method requiring two or more verification factors — typically a password plus a code from your phone or an authenticator app. Stops most credential theft attacks cold.
Why it matters: MFA is the single highest-impact security control most businesses can implement. Cyber insurance now requires it for renewal.
Related: 2FA, Password Manager, Account Takeover, Conditional Access, Entra ID, FTC Safeguards Rule, Insurance Application Requirements
A system that lets users log into one identity provider (like Microsoft 365 or Google Workspace) and use that single login to access multiple applications — without separate passwords for each.
Why it matters: Fewer passwords means fewer password-related breaches. SSO + MFA is the modern security baseline.
Related: Entra ID
A security model where every access request is verified regardless of source — even from inside the corporate network. The opposite of "trusted internal, untrusted external" thinking.
Why it matters: Once attackers get inside your network, "trusted internal" lets them move freely. Zero Trust assumes they're already inside.
Related: Conditional Access, Firewall, VPN, Network Segmentation
A security principle where users and systems get only the access they need to do their job — nothing more. The receptionist doesn't need admin access to the file server.
Why it matters: When (not if) credentials get stolen, least privilege limits how much damage the attacker can do.
Related: Network Segmentation
Tools and policies that prevent sensitive data (credit card numbers, SSNs, client records) from leaving your environment — whether by accident, theft, or insider action.
Why it matters: Data leaving your environment is data you can't unleak. DLP catches the email with attached client records before it sends.
Related: Data Leakage to LLMs
An email authentication method that cryptographically signs outgoing messages from your domain so receiving servers can verify the email actually came from you and wasn't modified in transit.
Why it matters: Without DKIM, attackers can spoof emails appearing to come from your domain. With it, fraudulent senders get rejected.
Related: SMTP
An email policy that tells receiving servers what to do when an email claiming to be from your domain fails authentication checks — reject it, quarantine it, or just monitor.
Why it matters: DMARC is what actually stops domain spoofing. Without it, anyone can send email pretending to be from your business.
Related: SMTP
A DNS record listing which mail servers are authorized to send email on behalf of your domain. Email from any other server gets flagged or rejected by recipients.
Why it matters: SPF is one of three pieces (with DKIM and DMARC) that together stop email impersonation of your domain.
Related: SMTP
The discipline of identifying software updates (patches), testing them, deploying them across every device, and confirming they actually installed. Covers operating systems, browsers, productivity apps, line-of-business software, and firmware.
Why it matters: Most breaches exploit known vulnerabilities that have patches available — the attackers' advantage is that the patches haven't been installed yet. Disciplined patch management closes that window faster than attackers can act.
The umbrella term for security software installed on each computer — antivirus, EDR, anti-malware, host firewall, and device control combined into one platform. Sometimes called "endpoint security" or, on the higher end, "EPP" (Endpoint Protection Platform).
Why it matters: Every device is a potential entry point for attackers. Endpoint protection is the last line of defense if a phishing link gets clicked or a malicious file gets opened — its job is to catch the attack on the machine before it spreads.
A feature that encrypts the contents of an email message so only the intended recipient can decrypt and read it. Different from email authentication (SPF/DKIM/DMARC, which prove who sent the message); encryption protects what's IN the message.
Why it matters: Healthcare, legal, and financial businesses often need to send sensitive client information by email — encryption is what makes that compliant with HIPAA, attorney-client privilege requirements, and similar rules. Without it, the message is essentially a postcard.
Related: HIPAA
The encryption protocol that protects data moving between your browser and a website (the padlock in the address bar). TLS is the current version; SSL is the older name still used in conversation. Used by HTTPS websites, encrypted email transport, VPNs, and most modern internet traffic.
Why it matters: Without SSL/TLS, anything you type into a website — including passwords, credit card numbers, and patient records — travels across the internet as plain text that anyone in between can read. The padlock icon is your visual confirmation it's encrypted.
Related: HTTPS, WPA3, Quantum Computing, Post-Quantum Cryptography
A login that requires two different things to verify you — typically a password plus a one-time code from your phone or an authenticator app. The most common form of multi-factor authentication (MFA).
Why it matters: 2FA stops the most common attack against business email and cloud apps: stolen passwords used by attackers in other countries. Without 2FA, a single phished password is enough to take over an account; with it, the attacker needs the phone too.
Related: MFA
Software that generates, stores, and auto-fills strong unique passwords for every account, so users only need to remember one master password. Business versions also include shared vaults for team logins, password rotation tracking, and breach monitoring.
Why it matters: The biggest password problem in business isn't that people use weak passwords — it's that they reuse the same one across dozens of sites. When one site gets breached, attackers try that password everywhere. Password managers eliminate the reuse problem.
Related: Credential Theft, MFA
When criminals use someone's personal information (Social Security number, driver's license, date of birth) to open accounts, file tax returns, take out loans, or commit other fraud in that person's name. Often happens after a data breach exposes the underlying personal data.
Why it matters: Identity theft is the long-term consequence of personal data leaks. For businesses that hold customer PII (Social Security numbers, driver's license scans, payment details), a breach can expose customers to years of cleanup — and the business to lawsuits, regulatory fines, and reputation damage.
Related: Account Takeover, Credential Theft
When an attacker gains control of a real user's account (email, banking, social media, business app) by using stolen credentials, then operates as that user — sending fraudulent emails, transferring money, changing settings, or pivoting to other systems. Distinct from identity theft: ATO uses your accounts; identity theft creates new accounts in your name.
Why it matters: Account takeover of a business email account is often the first step in a BEC attack — the attacker spends weeks reading email to understand vendor relationships, then sends a fraudulent invoice from the real account. MFA is the single best defense.
Related: Identity Theft, Credential Theft, BEC, MFA, Dark Web Monitoring
A service that continuously scans criminal forums, leak sites, and dark-web marketplaces for stolen credentials, customer data, or business information tied to your domain — and alerts you if anything turns up. Often included with managed-security packages.
Why it matters: When employee credentials show up for sale on the dark web, it's almost always because of an external breach (not yours). Catching the leak early lets you force a password reset and enable MFA before the attacker uses the credentials.
Related: Credential Theft, Account Takeover
No terms match your search. Try a different keyword or clear the filter.
Brydan helps Las Vegas businesses navigate IT and cybersecurity decisions without the alphabet soup. Whether you need a security review, an IT strategy session, or just a straight answer to a question, we're here.
