There are so many IT terms, jargon, and acronyms today that knowing them all intimidates even seasoned IT professionals. Someone looking for help with IT issues who isn’t familiar with these phrases will be completely lost!
This list of IT terminology covers the most common jargon and acronyms you’ll come across while learning about products like Sky Work. This guide will help you better communicate your needs to anyone in the IT industry. Everything is arranged alphabetically. Use the corresponding letter below to skip ahead!
Have a question? Need more IT terms defined? Contact us and we’ll add the term/jargon/acronym to the list!
Any centralized dashboard where admins (administrators) of accounts see their most vital data and make edits is an administration portal. They act as the main homepage for any software program. Here’s an example of an administration portal.
Advanced Persistent Threat Groups (APT Groups)
Advanced Persistent Threat Groups (APT Groups) are hackers who are able to infiltrate targets and remain undetected for extended periods of time. To breakdown the name:
- Advanced: The group has access to a full range of powerful hacking tools and ways to gather information.
- Persistent: Specific targets are assigned and worked on continually until they are broken. This contrasts with opportunistic hackers who go after easy vulnerabilities.
- Threat: These groups have the capability to intrude on nearly any target.
They are commonly acting on behalf of a government. Targets can be other governments, important infrastructure (electrical grids), and corporate espionage.
Application Data Management (ADM)
ADM is how the IT team works with the management team of a business to ensure that all data is accurate and consistent across databases. An example is a business may have data shared among their Customer Relationship Management (CRM) software, supply chain database, and invoice billing software.
ADM seeks to sync customer names, addresses, invoices and other shared data across all systems when it is changed in one. This is done to make sure all systems are in sync together with no conflicts between systems.
Application management is the active management of applications throughout their lifecycle. This lifecycle starts with development, advances to ongoing management and improvement, and concludes with sunsetting (ending support) the application. Properly managing them leads to better security during their lifecycle, and better data management when apps are sunsetted.
Application Programming Interface (API)
An API is the set of instructions and commands developers use to control one program from another. APIs are how apps work today:
- When you post a picture from your photos app on your phone right to Facebook, an API is what makes that possible.
- When you buy something online, an API handles sending your credit card information to the software that authorizes your credit card.
APIs let developers leverage the work other developers have already done without having to build it all themselves from scratch.
The ability for multiple people to work on the same document at once is application sharing. Writers working on a difficult section can share it with their editor for live feedback.
This is a key component of Sky Work’s Sky Docs add-on feature. Users can share documents with multiple people in a secure cloud and everyone with permission can make changes at once.
Application Security Verification Standard (ASVS)
This standard is a list of application security requirements and tests that developers use to build, test, and verify that their applications are secure. This constantly evolving standard is set and maintained by the OWASP Foundation.
For the purposes of IT jargon, your attack surface is relative to the number of internet-connected devices or apps you have—your attack surface increases as you use more apps or devices. With more devices/apps you have a larger “attack surface” for hackers to target. The advent of IoT has vastly increased attack surfaces the world over.
Authentication is the process used to verify someone’s identity. The most common are usernames and passwords. Biometrics—such as face scans and fingerprints—are also authentication methods.
Ensures that only the correct people get access to data and systems. This is done with authentication methods—such as passwords—to be sure that the right person is gaining access. An owner of the data or systems is responsible for determining who is authorized to see the data, typically through an administration dashboard.
A server is where digital data is stored for retrieval by other digital systems. A backup server simply serves as a backup to any data on another server. A backup server can be a physical server located in a business or remotely over the internet (in the cloud).
Any archivers, transfer protocols, or version control systems used to create duplicates of data are considered backup software. Their function is to create a copy of any file, data, or entire hard drive and to store it somewhere safe. This can be on another hard drive, or a backup server. The server stores the data while the software actually duplicates and transports the data.
Bait and Switch Attack
There are many bait and switch attacks in use, but the most common form is:
- A hacker buys ad space on a website or an ad network.
- The hacker submits an ad considered safe by the network.
- The safe ad is then switched out for something malicious, usually with a link redirect to a malicious site.
- The malicious site will commonly force a download of some type of malware, or spoof a legit looking site and ask for sensitive data.
Another popular form of bait and switch is a website offering a free whitepaper containing content of value. The whitepaper is actually malware.
B2B (Business to business)
Business-to-business software in IT jargon is when a business designs software that is only useful to another business and is not for consumers. Sky Work is a B2B product as we are a business selling a product that is only useful to another business, not an individual.
B2C (Business to consumer)
Business to consumer software is designed by a company with a wide consumer market in mind, rather than the narrow business focus of a B2B product. Sky ECC and Moola are B2C software made by us at Sky Global.
Big data seems new but it is not. It has included the trade data from stock markets, or all the data from a national census. Modern big data is the billions of searches done on search engines every day, all the conversations happening on social media, or all the purchases people make online.
What’s new is our ability to process, understand, and use data through machine learning algorithms. This has helped turn unstructured data, such as those online searches and conversations, into organized trends that are identified and capitalized on.
In the context of IT terms, biometrics are any biological signal used to authenticate users:
- Iris scans
- Facial recognition
- Voice recognition
While biometrics seem cutting-edge, they have been around for decades and have notable security weaknesses. Hackers can use photographs to reconstruct fingerprints. That’s why biometrics are commonly used along with a password in a multi-factor authorization setting. The biggest problem with biometrics is once your fingerprint or face or voice have been compromised, you can’t change them like you can change a password.
Any time a device is unable to operate—as in it won’t turn on or is frozen—it is bricked. This is a comedic way of saying “inoperable” or “broken” as your phone—once the epitome of modern technology—is now as useful as a brick. Not that bricks aren’t useful, they just don’t help when you want to call the office or check the current stock price.
Brute Force Attack
Hackers execute these attacks using tools that guess passwords thousands of times a second in hopes of getting the right one. They typically use bots installed maliciously on other machines to boost computing power.
The easy way to stop them is to place limits on the number of incorrect password submissions. The program will lock itself out after a certain number of failed attempts and require intervention before a login can be attempted again.
BYOD (Bring Your Own Device)
BYOD is an often-heard IT acronym. It means employees bring their own device to work and use it as their primary or secondary working tool. This is done to increase efficiency, while also decreasing costs for the employer.
The problem is BYOD policies can vastly decrease company data security—unless you take precautions. Sky Work reduces security risk from BYOD devices by giving companies control over work data on employee devices.
CIM (Customer Information Management)
Any business with customers must have CIM procedures in place. It refers to all of the software, hardware, and apps used to collect, move, and store customer data.
This involves collecting customer data points from a wide variety of sources and assembling them in one space. Proper CIM gathers data from apps, social media, and in-store surveys from one customer and stores all these data points together. CIM is essential today to be compliant with GDPR, PIPEDA, and similar consumer privacy laws.
CIO (Chief Information Officer)
The executive position of CIO—Chief Information Officer, or sometimes Chief Digital Information Officer (CDIO)—is responsible for providing a link between the needs of the business, users, and the technology used by them.
Good CIOs help those inside and outside of the IT departments as the communication point between them. They need experience in both sides of the business to do their job effectively.
CIRT (Cyber Incident Response Team)
The Cyber Incident Response Team (sometimes CSIRT—Cyber Security Incident Response Team) responds to any type of negative cyber incident committed against a company. The members will typically be:
- IT members who are trained to recognize and stop attacks
- IT members who are trained to repair damage
- Site security officers who monitor physical access
- Public relations team members who communicate with the media
- Sponsoring member of the senior executive team who can make quick decisions
A good CIRT has representatives from a variety of departments across the organization who are prepared to react to a cyber incident to their specialties. The FIRST forum established the standard framework many use to build their teams.
CISO (Chief Information Security Officer)
A senior executive responsible for an organization’s entire security strategy. This includes data, technologies used at the company, and the company network. It is their job to make sure that all data is protected and that the assets used to protect that data are protected. They will do this by:
- Ensuring all company networks are secured
- Directing IT staff in ways to reduce risk in their department
- Responding to cyber incidents
- Managing all cyber security technologies
- Establishing standards, policies, and controls for all data
- Ensuring compliance with industry standards, such as ISO27001
The position of CISO is so high-ranking that many report to the CEO, while others even bypass the CEO and report to the board of directors.
Also known as clickjacking, a clickjack attack is when a hacker tricks a user into clicking on something which isn’t what it seems. For example, a pop up asks you to click it to download antivirus software to clean your PC when what you download is actually malware. Or download an update to Adobe Flash Player or Acrobat.
Another example is an Amazon-based clickjacking attack via email. A user is shown a button that says “Click Here to Read More” about an interesting story. The hacker hides an invisible layer on top for a one-click Amazon purchase. This underscores the importance of email security tactics related to phishing.
Company Owned, Business Only (COBO) is a mobile device policy where a business owns a mobile device they give to employees restricted to business use only. There are two reasons why a business would do this:
- They have employees with data that is very sensitive which must be protected. Employees having a phone they are required to use for all work-related communications is common, especially in governments.
- The business has specialty devices with one app on them. This could be an inventory phone with a scanner attachment, or a tablet used exclusively for the checkout system.
This differs significantly from COPE and BYOD mobile device policies.
This may sound like a spy movie, but in today’s information age commercial espionage is very common. Most commercial espionage is done by hackers hired by one company to hack another company or Advanced Persistent Threat Groups acting on behalf of a government to gain sensitive information or intellectual property.
Also known as industrial espionage, these illegal actions target intellectual property, business processes, customer data, and trade secrets. Sabotage, wherein attackers attempt to disrupt the function of a business, is also considered commercial espionage.
In the world of IT jargon this refers to an organization’s ability to meet the standards set by laws, regulatory standards, and ethical practices. Meeting compliance requirements will involve internal policies addressing all laws and standards set publicly and turn them into employee actions.
Failure to meet compliance in many industries will result in fines, lawsuits, and possible criminal charges. AHC was fined $5.5 million for failing to meet compliance with HIPAA-regulated data security.
Keeping data private and restricted to only those who need to know it. Having private information in a database is one thing, but keeping others from accessing it without the correct authorization is what keeps it confidential.
Cookies are bits of code placed in your browser by a website. Once used to help website owners see how people navigate their site for optimization, now it is largely used to collect browsing data for advertisers.
Cookie’s typically stay on your computer until you clear your web browsing history. Those using a private browser will have all of their cookies deleted when they close their browsing session.
With cookies tracking an increasing amount of data, cookie theft has become a common hacking tactic as it is relatively easy to do over unprotected Wi-Fi networks.
The consequences of a cookie theft range from an attacker being able to post content under your name and as extreme as allowing them to transfer money out of your bank account to theirs. You have to understand the dangers of public Wi-Fi to avoid this attack.
COPE (Company Owned, Personally Enabled)
This is similar to BYOD (Bring Your Own Device) where employees use their own devices for work, except here the company supplies the devices. There will be allowances for both personal and business use of the device.
The benefit to the employer is they are able to secure and manage these standardized devices. This leads to increases in productivity as everyone is on the same device and using the same formats for all documents. Coupling a COPE policy with mobile device management is an option for device security for all businesses.
CTO (Chief Technology Officer)
Similar to the CIO (Chief Information Officer), the CTO closely monitors emerging technology for opportunities to increase efficiency, security, and productivity in the company. CTOs make decisions on the technology used by a company while the CIO works on the implementation of technology with staff. The CTO usually reports directly to the CIO, or they can be of equal ranking in an organization.
Credential Reuse Attack
With users having to remember so many different passwords, it’s common for them to reuse credentials rather than use a password management tool. This has led to the rise of the Credential Reuse Attack, or Credential Stuffing Attack, where hackers steal login credentials from one site and use them elsewhere.
An attacker could steal a meaningless forum password and discover that it also unlocks a bank account. This is the number one reason not to reuse passwords. Many high profile hacks and data breaches come down to credential reuse attacks.
Choose Your Own Device is a policy where the IT team creates a list of devices approved for use. Employees choose the device they want to use from the list. The company can either pay for it and give it to the employee indefinitely, or provide a stipend for the duration of their employment to pay for the device.
This approach is a blend of BYOD and COBO without the restrictions of COBO or the difficulty of securing the variety of choices offered by BYOD.
Any time data is stolen, or viewed by parties it wasn’t intended for, is a data breach. The most common way a data breach happens is weak credentials and passwords.
Data brokers, or information brokers, are people who collect data on consumers from past purchases, online activity (usually via cookies), and other public records. They then sell this data to advertisers for targeted ads. The danger with data brokers is all that information in one spot is tempting for hackers to target. Equifax is a data broker who showed us the consequences of what happens when they are breached.
DDoS (Distributed Denial of Service)
When multiple systems flood one server with more traffic than it was built to handle the server will shut down. This can happen accidentally, such as Reddit’s “Hug of Death”, but is also a malicious attack. Hackers target a business, flood their servers with fake traffic until the server crashes, and cause damage to the business. An emergency contact number for your ISP will help stop a DDoS attack.
Every device with company data needs to be managed in some capacity. This used to only be a simple inventory, but now includes making sure of the secure operation and regular maintenance of digital assets. The term applies broadly to any computing, networking, mobile, or even virtual device a company owns. Device management is a big reason why a company will push their employees to use a mobile device management tool.
Your device is automatically assigned an IP address because of the DHCP (Dynamic Host Configuration Protocol) server. This is done automatically so that there is no need for manual assignment of IP addresses by a network administrator. The IETF documented the standard for this protocol.
DHCP happens automatically when you connect to a network. If you are having problems connecting to a network you may be asked to “release and renew” your IP address. This asks the DCHP server to assign your device a new IP address so you can connect to the network.
This is similar to a Brute Force Attack in that attackers use hundreds, thousands, or millions of possible words to guess the decryption key or password for an account. Dictionary attacks differ from brute force attacks as hackers create their own custom dictionary of commonly used passwords.
DMARC (Domain-based Message Authentication, Reporting, & Conformance)
This email authentication protocol helps email domain owners protect themselves against attacks such as the email spoofing done in phishing attacks by attaching a verification to the header when the message is sent and then read by the receiving email client. It is free for anyone to use and easy to set up.
DNS (Domain Name System)
The Domain Name System links the names people use to visit a website (such as Nike.com) to its actual IP address. Websites are actually identified by strings of numbers that are hard for humans to remember and enter correctly. You see us as SkyWork.com—our domain name—but a computer would actually see us as something more like 126.96.36.199.
Drive-by Download Attack
This is the worst fear of computer users as it involves the downloading of a malicious program without the user knowing about it. The worst case of this is pop-up ads disguising an “X” button to close a window that’s actually a consent to download link. Having antivirus software installed on all devices is a necessity to stop these attacks.
These are hacks where an attacker enters a data stream and is only observing data and not altering it. Other names for this are a sniffing attack or a snooping attack. They work by intercepting unsecured network traffic, making securing your networks a priority with firewalls a priority. VPNs on public networks also help. This is the internet equivalent of a wiretap on a phone line.
Every email header has three components:
- Envelope: Users never see this as it’s what routes the email to its destination.
- Header: The essential data such as FROM, TO, CC, sending and receiving timestamp, and subject line.
- Body: The actual content of the message, including written text and attachments.
Most of the information is hidden because a user doesn’t need to see it, but understanding it helps prevent phishing attacks by comparing suspicious messages to known messages. Here’s an example email header:
X-SpamCatcher-Score: 1 [X]
Received: from [127.0.0.1] (FOO skywork.com)
by foo.skywork.com (SMTP v10)
with ESMTP-TLS id 61239719 for firstname.lastname@example.org; Mon, 26 Feb 2020 11:40:10 -0630
Date: Mon, 26 Feb 2020 11:40:10 -0630
From: Lebron James <email@example.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows 1909; en-US; rv:1.0.1) Gecko/20020733 Chrome/80.0
X-Accept-Language: en-us, en
To: Matthew Yeoman <firstname.lastname@example.org>
Subject: You are the coolest, let’s hang
Content-Type: text/plain; charset=us-ascii; format=flowed
If you are trying to determine if an email is legitimate or not, looking at the email header may give you some clues.
The act of converting information from one form to another to prevent unauthorized users from reading it is encryption. This dates all the way back to the Caesar Cipher where he shifted each letter a certain amount left or right to obscure messages. Modern computing power means that encryption must be many millions of magnitudes more secure than this, with the most modern encryption being the 521-bit ECC encryption used by our sister-company—Sky ECC.
Any computer, tablet, smartphone, or other device which sends and receives information is an endpoint. Endpoints are the final destination for data to be consumed, while also being the device used to request the data sent to it. Unified Endpoint Management (UEM) is a synonym for Mobile Device Management (MDM).
Enterprise Mobility Management (EMM)
When an enterprise has to perform mobile device management it reaches device numbers that most small business owners can’t easily comprehend as thousands of devices are involved.
Most mobile device management at the enterprise level involves incredibly complex software, but a simpler tool like Sky Work is flexible enough to scale up.
Evil Twin Attack
Also called a Fake WAP, this is when a hacker sets up a Wi-Fi (WAP—Wireless Access Point) connection that looks like it is legitimate but isn’t. Hackers use Evil Twins to intercept any data sent over it (like emails, banking information, passwords, etc).
For instance, hackers visit the local airport and set up “Free Airport WiFi” with no password requirement. When people connect to this network the hacker reads any unencrypted text sent over it.
Evil Twin attacks are one of the most dangerous and hard to detect attacks. They’re the biggest reason free Wi-Fi is extremely dangerous.
Names for this IT term vary from a microcell, to picocell, to femtocell, but they all describe a cell phone range extender used by businesses that want to expand the coverage of mobile cellular networks in their business. They use these in areas of their buildings with weak coverage so mobile phone users get a better signal.
Knowing what a femtocell is helps your business cover “dead zones”, while also being able to identify a rogue one as hackers plant them in businesses for eavesdropping attacks.
This is a barrier placed on networks that monitors incoming and outgoing traffic. They can be physical hardware that you put between the networks you’re protecting, or software installed on a computer. Security rules set in the firewall determine what traffic is allowed in and out of the network, offering greater security controls to businesses.
File Transfer Protocol (FTP), or Secure File Transfer Protocol (SFTP), are both protocols used to transfer data between computers and servers. SFTP is replacing FTP as it has security features and better compression for faster transfers. FTP is one of the oldest protocols on the internet and existed before the ability to email from one computer to another.
Europe enacted GDPR (General Data Protection Regulation) on May 25, 2018 to protect the data and privacy of all within the EU zone. GDPR applies to data moving in and out of the EU. The goal is to allow people to have more control over their own data. Anyone—regardless of where they are—doing business with EU entities must comply with the regulation or face stiff fines and penalties. The biggest parts of GDPR are explicit permissions for using email, disclosing how data is gathered on a website, and the “right to be forgotten”.
GPS or RFID tags are used to alter the actions of devices taken outside of virtual boundaries. When a device leaves the established boundaries of a geofence—such as around a business—the device no longer works. You may be familiar with grocery stores causing the wheels of carts to lock if taken off the lot as an example of geofencing. Geofencing can also be used by a business whose app you have to know when you are close to a store. When you get near the app notifies you of specials or deals.
A computer application that isn’t quite malware, but isn’t helpful either, is grayware. They typically slow computing performance and are capable of causing security issues. Examples include spyware, adware, and remote access tools. Other terms include PUP (potentially unwanted program) and PUA (potentially unwanted application).
Hacker—Gray, White, Black
Hackers are anyone who uses a computer or application in ways it was not intended. This can be done for malicious reasons, for fun, or for valid penetration testing. Hackers fall into three categories:
- White hat hackers: “Good guys” who actively work to find vulnerabilities and patch them before they can be exploited.
- Gray hat hackers: White hat hackers doing security research on their own who haven’t been hired by a company. They are operating with good intentions, but may do so in legally questionable ways.
- Black hat hackers: Those looking to disrupt systems, steal data, and cause harm. Their motivation is personal gain at the expense of others.
Many IT professionals are white hat hackers as they use their advanced computer knowledge on behalf of an employer for their benefit without causing harm to others.
These hackers act against websites and businesses which they see as morally or ethically wrong. A fur company whose website is hacked and defaced by hackers who are acting on the belief that selling fur is wrong and that hacking the company is right are hacktivists. Julian Assange is considered a hero in the hackvisit community for his actions with Wikileaks.
The medical industry in the USA is protected by the Health Insurance Portability and Accountability Act (HIPAA). This act clearly defines how patient data is to be protected.
HyperText Transfer Protocol (HTTP), and HyperText Transfer Protocol Secure (HTTPS) display at the beginning of every web address: https://www.SkyWork.com. It was built for browsers and servers to communicate with each other and share data in HTML (the language that websites are built on). HTTP was invented in 1991 by Sir Timothy Berners-Lee to help him organize and collect information across multiple computers.
The “S” in HTTPS stands for secure and ensures the connection between your computer/device and a server are encrypted. You may be familiar with the lock icon in the left of your browser address bar signifying that a website uses HTTPS.
IMAP (Internet Messaging Access Protocol)
Nearly all modern email clients use IMAP for retrieving messages from an email server. The purpose is for multiple email clients and devices to access emails securely, such as your native Gmail client and Apple Mail and Outlook. The standards were set by The Internet Society in 2003, and are now so popular that IMAP is used by Gmail, Outlook, and Yahoo! Mail.
IMEI (International Mobile Equipment Identity)
Every mobile phone is identified by its unique IMEI (International Mobile Equipment Identity) number. Keeping this handy will allow you to blacklist a stolen phone with cell carriers. An IMEI is a valuable piece of information to track in mobile device management because it is unique to every device.
IoT (Internet of Things)
Fridges, cars, cameras, thermostats, and nearly every item you can think of is having some sort of internet connectivity built into it, and this is what the Internet of Things (IoT) is. While they offer great convenience, they are also a security risk you must manage. A good firewall helps secure everything connected to it, including all IoT devices.
Your Internet Protocol (IP) address is a unique number assigned to your device every time you connect to the internet. It functions as any address in the real world functions and tells online tools where you are to deliver information to you. It also tells people where you are, as this website demonstrates.
IPv4 and IPv6 stands for “Internet Protocol version 4/6”. These are the assigned IP addresses that every device on the internet has, and only a certain number of them are available: IPv4 has 4.29 billion possible addresses. The problem is that all assigned IPv4 addresses were assigned as of November 2019. Don’t worry, IPv6 will replace IPv4…as soon as there’s a way for them to directly communicate because as of now they can’t.
An international standard for digital security, ISO 27001 provides a framework for compliance with all of the policies and procedures an organization will have to meet. This includes all legal, physical, and technical controls that a company will need to consider as part of their risk management process.
ISP (Internet Service Provider)
The company you pay to access the internet is your Internet Service Provider (ISP). They operate the network which connects you to the internet starting right at the router you connect to in your home or business.
IT (Information Technology)
An article of IT terms and jargon should define IT! Something is considered IT, or an IT job, when it involves the use of any computer, digital storage, or network to store, secure, create, or exchange any form of electronic data.
The term originated from Thomas L. Whisler and Harold Leavitt in an issue of the Harvard Business Review from 1958: “the new technology does not yet have a single established name. We shall call it information technology (IT).”
J, K, L
There are many misconceptions about what jailbreaking an iPhone is:
- Several security settings have to be bypassed, weakening the protections Apple built in to protect you and your data.
- Jailbreaking gives users root access to the device.
- This access allows jailbroken phones to sideload apps that aren’t on the official App Store.
- This also allows malicious apps to be loaded onto your phone with or without you knowing.
- Another reason for jailbreaking is to break carrier-locked phones. This allows a phone locked to AT&T to be used with Verizon.
The weakening of iOS through jailbreaking is a serious security concern. Only those with the highest IT skill levels should use a jailbroken phone. Jailbreaking a phone usually will mean it can’t be used with a Mobile Device Management solution and jailbroken phones cannot use our sister product Sky ECC.
Sometimes called keystroke logging, this attack uses software installed on the computer to record all keystrokes and mouse clicks made on a machine. Hardware keyloggers exist and can be hidden on the back of machines. Hackers use these tools to steal passwords, banking details, and other data.
Antivirus software reduces the chance of a software-based attack. Firewalls can stop the outgoing traffic of both types of keyloggers. Hardware keyloggers are best dealt with by employees knowing their workstation and alerting the IT team to new devices connected to it.
LAN (Local Area Network)
These are commonly found in schools, laboratories, and office buildings. A LAN connects all of the devices within these small regions for easy and fast data exchange between them. They commonly share one server amongst them.
As the name suggests, Likejacking involves fraudulent activity using Facebook Likes. The typical approach is to get people to “Like” a post or video so that their friends also see it in their feed, pushing for more likes. The act of liking allows the attacker access to personal data from the account who liked them, and is likely a technique perfect by Cambridge Analytica as they amassed and exploited data.
The Media Access Control address (MAC address) is a unique identifier assigned by device manufacturers to devices using Wi-Fi, Bluetooth, and Ethernet technologies. Laptops, smartphones, and tablets all have MAC addresses. The administering body is the IEEE.
Any program that was designed to damage a computer system or network without the user’s consent is called malware. This includes Trojan horses, worms, viruses, and ransomware. A firewall and antivirus software is your best defense.
Man-in-the-Middle Attacks (MITM)
Any attack where a hacker places themselves between you and who you are communicating with as an MITM (man-in-the-middle) attack. This is often done by setting up a fake WAP and then sniffing the data packets sent over the network. Another is session hijacking where the authentication token for the session is stolen and used by the hacker to imitate and make requests as if they’re one of the users. You need strong encryption with a VPN to stop this.
Managed Remote Backup
Also known as “Cloud Backup”, “Remote Backup Service”, and BaaS (backup-as-a-service). This is simply backing up data to an external server, allowing for another copy of data to be kept off site in case of a disaster.
MDM (Mobile Device Management)
An MDM is software allowing you to remotely lock, wipe, and track phones, tablets, and other mobile devices. MDMs operate from an administration dashboard with an overview of all devices. The complexity of these tools varies widely. You should choose one that is easy to use to focus on your business rather than trying to figure out another tool.
MDMs are an essential part of both physical and digital security, and is an IT acronym you’ll find all over this site. Lost devices either have their data wiped, or are found thanks to GPS tracking. Employees who are leaving can be quickly offboarded by deleting their access to company data through the MDM.
MFA (Multi-factor Authentication)
An MFA account requires a standard username and password and another authentication type. These can be a one-time pin code sent to your phone, a fingerprint, or token generators. RSA’s SecurID token is an MFA factor gaining popularity. Data you must keep secure at all costs requires MFA.
MFT (Managed File Transfer)
MFT software transfers files from one computer to another computer or server using a network. This software will feature end-to-end security, as well as reporting, auditing, and automation features.
MSP (Managed Service Provider)
Managed Service Providers remotely manage the IT systems of businesses, primarily focusing on monitoring servers and networks. Payment options include a flat-fee subscription, per user, per device, or as needed.
Other organizations falling under this include Managed Security Service Providers (MSSP), Managed Print Services (MPS), and Application Service Providers (ASP). Each has a slightly different specialty as indicated by their name.
Routers which have the ability to set up multiple networks with separate login credentials have Multi-SSID enabled. Using this feature of a router allows you to set up one network for employees and another for customers. Or, at home, one unrestricted network for adults and another for the kids with content filtering.
These are any apps pre-installed on a device. Native apps are built for specific platforms and operating systems. App developers make specific apps to take advantage of the differences between the platforms. Google Maps, LinkedIn, and even PokemonGo all have native apps for both Android and iOS that differ slightly.
NFC (Near-field Communication)
The NFC protocol allows two devices brought within 4cm of one another to communicate using RFID technology. You will know this from key fobs, contactless payment systems such as “tap” credit and debit cards, or from Apple Pay and Google Pay on your phone.
NIST (US National Institute for Standards and Technology)
In the context of researching IT terms, you’re likely hearing about the NIST (US National Institute for Standards and Technology) for their cybersecurity frameworks. They are working to set better standards for cybersecurity through their Communications and Technology Laboratory, and are advancing other technology as it emerges such as 5G.
These two tasks IT terms are related to managing the experiences of employees as they are hired (onboarding) and leave (offboarding) a business. Modern business practices involve setting users up with the various devices and digital accounts they’ll need.
Onboarding is made easier with a mobile device management tool that loads all of the apps and tools new users need based on their job. Offboarding is also easy as an administrator simply deletes work data and app access from the devices of the employee leaving.
This essentially means “wireless”, but is a common IT term for updating apps, software, configuration settings, and even encryption keys on mobile devices.
Copying a website, usually by swiping the HTML, is commonly done for some sort of fraudulent reason and is called pagejacking. It’s common to do as part of a phishing email scam where victims are sent to what looks to be the right site but is actually a site that has been pagejacked by an attacker.
Password Management Tools
There are a variety of ways password management tools work, but they all have the same basic function of storing secure passwords. A quality password management tool is highly recommended for work and personal use as they minimize credential reuse.
A “patch” is code that closes security holes or fixes bugs in an app. Think of this as another term for updating software and applications. Patch Tuesday is the day when Microsoft releases all new patches on the first (and sometimes fourth) Tuesday of every month.
PCI DSS (Payment Card Industry Data Security Standard)
Anyone involved with payment cards has to follow PCI DSS. The Payment Card Industry Data Security Standard sets information security benchmarks for the collection, storage, transportation, and networks associated with payment card data. This standard is maintained by the PCI Security Standards Council.
Also known as pen testing, this is the act of testing the digital, and sometimes physical, security of digital information. This is the work of white hat hackers who are trying to find security loopholes that a black hat hacker could exploit. They want to find the vulnerabilities and have them fixed before a hacker exploits them.
PGP (Pretty Good Privacy)
An encryption program for email, PGP (Pretty Good Privacy) was created by Phil Zimmerman to better secure all email communications. It includes tools for encrypting, decrypting, and authenticating text and files sent via email. While it’s called “Pretty Good” Privacy, it is actually still unable to be broken via cryptographic or computational methods. Vulnerabilities stem from how difficult it is to implement correctly.
A cybercrime involving the contacting of people via email, phone, or SMS where an attacker imitates someone that the targeted victim would trust. They do this by “spoofing” the email address of senders using legal email software that allows them to change the FROM sender field. This could be using a @fbi.gov address to scare you, or targeting those who use a certain bank with a @yourbank.com address.
Another form of phishing slightly alters email addresses. An example would be spoofing email@example.com and creating an email from firstname.lastname@example.org. In this instance the hacker will receive any reply you send back to the address.
Both attacks are looking to get data which you would share with the trusted entity they are spoofing. This is usually login credentials and banking information. Stopping phishing is done by using trusted contact methods to verify requests.
Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) is a digital information protection law covering all industries. It sets forth what businesses must do to protect the data of customers, how to collect it, and how to disclose data breaches.
Post Office Protocol 3 (POP3) competes with IMAP as a leading email mailbox access protocol that operates over the internet. This protocol is easier to implement than IMAP, but lacks features such as different folders for messages, and flagging the status of messages (read, replied, deleted).
Any device used to process payments at the register or checkout of a retail establishment, including mobile devices such as tablets and smartphones, are considered POS devices (point-of-sale). These tools are usually full of custom software to fulfil various duties of calculation, measurement, inventory tracking, and tax tracking.
Securing mobile devices such as tablets and smartphones used for POS systems is vital. Mobile device management software is able to track and protect these devices.
Your device sends a request over the internet to a server. This server sends data back to you and your device displays it. Any server acting between your device and the server with the data you want is a proxy server. They are used for a variety of reasons, primarily to hide IP addresses, get around geofencing, bypassing filters such as firewalls, and improved performance through the use of proxies locally caching frequently used data.
An intentional misspelling of “own”, it generally means getting one over on someone else in the digital world. You can pwn someone by hacking and taking over their network, defeating an enemy in a video game, or saying a well-timed comeback in a social media chat. Yes, this is the silliest of all the IT terms we’ve covered!
QR codes (Quick Response Codes)
An advanced barcode system whose main advantage is the increased amount of data it can store over the old barcode system. They’re used for inventory, marketing, document management, loyalty programs, and even payment. They were invented by Denso Wave in 1994, and were first used by the automotive industry for Kanban manufacturing.
This malware encrypts entire file folders, drives, or networks with a cryptographic key that the victim does not have. The attackers ask for money in order for victims to get the key that unlocks their files.
Phishing is a common way for ransomware to enter a system. Fight ransomware by being vigilant with what you click on, and be prepared with data backups on separate servers.
The risk still remaining after implementing digital security practices is called residual risk. For example, you are significantly reducing data loss risk by implementing mobile device management on all mobile devices associated with your company. However, someone could still physically take data out of the office—which the MDM can’t prevent. In the real world, seatbelts drastically reduced the risk of injury or death from car crashes, but some injuries and death still occur as residual risks.
A rooted device has had a user obtain control of an Android phone’s kernel—known as root access. This gives the user access to the very core of what makes the device function, allowing the user to bypass restrictions placed on it by the manufacturer—including those built for security.
SaaS (Software as a Service)
Any software licensed on a subscription basis and hosted centrally on a server somewhere on the internet is considered SaaS (Software as a Service). They are typically accessed through a web browser. Popular examples include paid versions of Dropbox, Slack, and Microsoft Office 365. This payment model differs from software you purchase upfront with a perpetual license and exists on computers you own.
SAM (Software Asset Management)
Every business, from small to enterprise, needs a way to manage and optimize the software they purchase. SAM looks at each step from purchase, to deployment and utilization, through to maintenance and disposal. Failure to do so typically results in massive overages in software expenditure as resources go unused. Here are a few to consider.
When software and apps are isolated from other software, apps, and critical systems for security purposes, they are being sandboxed. This is done to stop the spread of malware, or to test new programs or code that isn’t yet trusted. It can also mean a server a developer uses to test code and systems. Most developers have sandboxes to “play” in.
While the name sounds cute, Script Kiddies cause harm to digital systems and networks using software someone else has made and use it maliciously. They aren’t hackers as they don’t have the skills to create their own code, but they are as disruptive as hackers. They usually get involved in phishing, DDoS attacks, and basic Trojan Horse attacks.
Any technology, app, device, or network being used by employees at a business without the knowledge of the IT team or managers is shadow IT. They frequently have issues with security and reliability, and cause compatibility issues when some people use them and others don’t.
MDM is a common way to curb shadow IT. This tool automatically installs the same IT for everyone. It will also restrict unapproved apps from being downloaded. There can still be shadow IT that is browser-based, but an MDM will go a long way towards minimizing it.
SLM (Software License Management)
Similar to Software Asset Management, SLM (Software License Management) manages the licenses being used by employees for software requiring it. Properly managing software licenses saves a business thousands of dollars per month. It is usually part of a Software Asset Management program and not as a standalone.
SMS (Short Messaging Service)
The proper word for “sending a text” is “sending an SMS”. The Short Messaging Service (SMS) has been helping people stay connected with text messaging on mobile phones since 1992!
SMTP (Simple Mail Transfer Protocol)
SMTP moves email messages from one server to another across networks, with the internet being the most common. The “Simple” in SMTP comes from the fact that it was designed to only handle text at first, but there are extensions allowing it to handle anything that isn’t text.
Out of all the hacking techniques out there, all the scary code and programs, nothing is more powerful than simple and well-executed social engineering. It is the act of manipulating basic human psychology in order to gain access to data. To put it bluntly; social engineering is lying to gain information that will be used for fraud.
Any unsolicited messages, data, or content being sent to you is spam. This includes email spam, social media spam, and spam telephone calls. Spam is annoying, but it can also be a threat as attackers send out millions of messages in hopes of getting one person to click on a bad link. Remember to report spam to the right authorities to help reduce it for all.
A targeted version of phishing involving targeted social engineering to get highly targeted individuals to give information to attackers. This is usually done using email spoofing of someone the target will trust, such as their boss, and using information about the trusted person gained elsewhere to convince the target that they are speaking to the real person. This is becoming easy to do thanks to people sharing every detail of their lives on social media.
In IT jargon, spoofing is when an attacker pretends to be a trusted source to a target. The most common spoofing is the email spoofing used in phishing attacks. Website spoofing, where an attacker copies a website’s entire HTML and replicates it to add malicious code or make demands for information are also common. There’s also caller ID spoofing, IP spoofing, and DNS server spoofing. All spoofing is solved by being cautious and directly contacting the entity being spoofed over a trusted communication platform.
SQL Injection Attack
Data-driven applications, such as databases, are victimized by this code injection hack. The hack adds malicious SQL (Structured Query Language) statements into a vulnerable data entry field. There are a variety of commands an attacker executes, such as sending the database’s content to the attacker, changing the data, voiding transactions, or completely destroying the data. They are simple to stop with a firewall.
SSL (Secure Sockets Layer)
SSL is the most common encryption technology for secure communications between servers and browsers, or mail servers and mail clients. It is largely being replaced by TLS (Transport Secure Layer), but is still a secure form of encryption.
Any individual or group looking to do harm, or actively doing harm, to another individual or business is a threat actor. In the context of IT jargon, a threat actor is a synonym for a hacker. They include five major groups:
- Organized hacker groups
- APT (advanced persistent threat) groups
- Insider threats from employees within a company
- Script kiddies, lone wolves
TLP (Traffic Light Protocol)
TLP was created to help guide people on the sharing of sensitive data using a “stoplight” colour-coded scheme. The originator of the document determines who has access to the data using these choices:
- Red: Only those who directly receive the data may read it.
- Amber: Data is only to be shared on a “need-to-know” basis with others in an agreed upon group.
- Green: Anyone within the organization has access to this data.
- White: There are no restrictions on the data besides basic copyright law.
This is made much easier to do with mobile device management software with a feature like Sky Docs. Feel free to download and share this image:
TLS (Transport Layer Security)
TLS is the encryption standard replacing SSL. It secures online communications between servers and browsers, or mail servers and mail clients. The lock in your address bar—indicating that your connection to the website is secured with HTTPS—comes to you courtesy of TLS. The managing body is the IETF.
Any malware pretending to be real software is called a Trojan Horse. They are used to gain access to the system of victims, and use social engineering to get people to download them. A Trojan Horse typically delivers some form of payload such as a worm, ransomware, or keylogger.
Two-factor authentication (2FA)
Any login requiring a username/password along with one other method of authentication is using 2FA. This can include a one-time code sent via SMS or email, hardware token generators, or fingerprints, facial recognition and other biometrics. Here’s a look at all the apps and websites using 2FA.
Unified Endpoint Management (UEM)
An emerging term for mobile device management (MDM). “Endpoints” refers to laptops, tablets and smartphones as the “endpoint” for data to be read, with the “unified” aspect being the dashboard showing all devices.
As with MDMs, UEMs are used to help businesses control data on mobile devices used by employees, including BYOD and COPE. They allow for controls such as:
- Remotely locking lost devices
- Remotely wiping lost devices
- GPS to find lost devices
- Restriction of what apps can be used on the device
- Automatic configuration of security settings
These features can be amplified by features allowing for document control with access restrictions, and productivity apps that offer exceptional security.
VoIP (Voice Over Internet Protocol)
If you’ve used Skype you’ve used VoIP. Any app offering voice chats over the internet, instead of traditional telephone lines, uses some form of VoIP. Apple’s Facetime, WhatsApp, and Signal App all use VoIP. They offer significant savings over long-distance telephone calls with features a phone call simply can’t offer. Like emojis and file sharing.
VPN (Virtual Private Network)
VPNs encrypt the connection between a computer and everything it connects to online. A VPN is an encryption tool designed to stop eavesdropping attacks.
Originally invented by corporations to protect remote workers accessing company servers, they have become a common consumer product. Anyone looking for protection when they connect to networks they don’t trust can purchase one.
WAN (Wide Area Network)
There is no hard definition for a WAN beyond it being a computer network covering a large geographic area. You’re likely connected to a WAN right now via your ISP who controls the WAN that connects you to the Internet.
WAP (Wireless Access Point)
Any networking hardware used to connect devices to the internet using Wi-Fi is a WAP. A router is a WAP, as is your phone when used as a hotspot.
Hackers identify websites used by their targets and infect those websites with malware. They then wait for their targets (be it a region, an organization/company, or group of people) to become infected via a drive-by download attack. The attacker can even do a bait and switch attack by purchasing ad space on the targeted website.
WLAN (Wireless Local Access Network)
Two or more devices linking wirelessly are a WLAN (Wireless Local Access Network). They are very common in homes, but can cover areas as wide as a university campus. With advances in 3G and 4G networks, airplanes and trains have WLANs for passengers to connect to the internet. When you connect your printer over Wi-Fi to your network, it’s using a WLAN.
WPA, WPA2 (Wireless-Protected Access)
WPA and WPA2 are security protocols for protecting Wi-Fi connections. WPA2 uses the more secure AES standard instead of WAP’s less secure RC4 stream cipher.
The day that a security vulnerability in software becomes known is its “zero-day.” What happens next depends on who discovered the vulnerability.
- If the manufacturer discovers it then the zero-day is kept private until a patch is made.
- If a hacker discovers it they can exploit the vulnerability, or report it to the manufacturer as part of a bug bounty program.
Patches are sent out to fix zero-day issues. Attacks which happen against machines that haven’t installed the patch are called zero-day attacks.