Improve Your Cybersecurity Vocabulary

This short glossary of cybersecurity terms is a simple way to raise awareness for terms like “zero-day attack” that employees and executives outside of cybersecurity should know about.

Clickjacking, Link Jacking, Phishing, Smishing, & Other Cybersecurity Terms You Need to Know

The cybersecurity industry has its own language, one that lay people often struggle to understand. This short glossary of cybersecurity vocabulary is a simple way to raise awareness for terms like “zero-day attack,” which employees and executives outside of the cybersecurity realm should know. Regardless of your role in an organization, take the time to learn these commonly used terms and increase your knowledge of the most critical issue of the digital age—cybersecurity.


Access Control

Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. There are two types of access control: physical and logical. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control restricts network traffic to only authorized individuals, and limits connections to computer networks, system files, and data.


Advanced Persistent Threat (APT) 

A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities.


Antivirus Software

Antivirus software is a program designed to prevent, detect, and remove malware from computer systems. It is a critical tool in the cybersecurity arsenal, providing real-time protection against threats such as viruses, worms, trojans, ransomware, and spyware. Antivirus software uses various techniques to counter these threats, including signature-based detection, heuristic analysis, and behavioral monitoring.



A secret entry point established to allow access to software or a computer system. More specifically, in the realm of cybersecurity, a backdoor refers to any method by which unauthorized (and, in some cases, authorized) users can circumvent normal security measures and gain high-level user access (also known as root access) to a computer system, network, or software application.


Black Hat

A black hat refers to a hacker who violates computer security for personal gain or malicious intent. Black hats are known for creating and deploying malware, hacking into systems, and exploiting vulnerabilities for personal gain. Understanding the tactics used by black hats can help in developing stronger security measures and defenses.



Botnets can comprise dozens to over a million individual computers. The term botnet is a shortened form of robotic network – a collection of innocent computers which have been compromised by malicious code to run a remote-control agent and perform criminal actions. 


Brute Force Attack

A brute force attack is a trial-and-error method used by attackers to gain access to an account or system. It involves the attacker systematically checking all possible passwords until the correct one is found. Brute force attacks are simple and reliable, but they require significant computational resources, making strong, complex passwords an effective deterrent.


Bug Bounty

Reward offered by some organizations and developers to individuals who report a vulnerability or bug. In the realm of cybersecurity, many tech companies offer “bug bounty” programs, which are crowdsourcing initiatives that reward individuals for finding and reporting software bugs, especially those related to security exploits and vulnerabilities.



When a bad actor creates an online fictional persona for deceptive purposes. In cybersecurity terms, catfishing refers to the fabrication of a false online identity by a cybercriminal for the purposes of deception, fraud, or exploitation. As the name implies, catfishing is most commonly used for romance scams on dating apps, websites, and social media platforms. However, it can also be used for data gathering as a form of phishing.


Cipher Text

Cipher text refers to the result of encryption performed on plaintext using an algorithm, called a cipher. Cipher text is unreadable until it has been converted back into plain text (decrypted) with a key. Understanding the difference between cipher text and plain text is crucial in cryptography and cryptographic data security.



A malicious technique that tricks the into clicking on a URL, button or other screen object other than that intended by or perceived by the user. In cybersecurity, clickjacking (also known as a “UI redress attack”) occurs when an attacker cleverly employs multiple transparent or opaque layers to deceive a user into clicking on a button or link on one page when the user intended to click on the top-level page.


Cyber Threats

Cyber threats are potential dangers associated with electronic data available on the computer systems, networks, and electronic infrastructure. These threats exploit vulnerabilities and can originate from individuals, groups, or organizations, known as cybercriminals, with malicious intent to cause harm.



Cybercrime encompasses any criminal activity that involves a computer, networked device, or a network. Most cybercrimes are committed via the internet and include offenses like fraud, identity theft, phishing, and cyberstalking. Cybercrime can lead to significant financial and reputational damage for individuals and businesses alike, making cybersecurity measures essential.


Data Breach

A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A data breach can involve financial information of employee’s and/or end users, such as credit card or bank details, protected health information (PHI), personally identifiable information (PII), trade secrets of corporations, or intellectual property. The most common concept of a data breach is an attacker hacking into a network to steal sensitive data.


Data Loss

Data loss refers to an error condition in information systems where information is destroyed by failures or neglect in storage, transmission, or processing. It can occur due to various reasons such as hardware failure, malware attack, accidental deletion, or even a natural disaster. Data loss is a serious issue as it can lead to significant operational and financial problems for individuals and businesses alike. For businesses, data loss can mean losing critical business information, which can disrupt operations and lead to financial losses. For individuals, it can mean losing personal and sensitive information, leading to potential privacy issues. Therefore, implementing robust data backup and recovery solutions is essential to prevent data loss.

Moreover, educating users about safe computing practices and the importance of regular data backups can also help in preventing data loss. Remember, in the digital world, data is one of the most valuable assets, and protecting it should be a top priority. Stay informed, stay secure.



Decryption is the process of converting encrypted data back into its original form so it can be understood. It is a crucial aspect of cybersecurity, particularly in the context of ransomware attacks. In such cases, cybercriminals encrypt the victim’s data and demand a ransom for the decryption key.


Distributed Denial of Service (DDoS) 

An attack which attempts to block access to a digital resource. It is a variation of the DoS attack (see DOS) that can include flooding, connection exhaustion, and resource demand. The distinction of DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. DDoS attacks are often waged using botnets. 


Domain Name System (DNS)

DNS is a foundational internet technology that translates human-readable domain names (like into numerical IP addresses that computers use to communicate. DNS security is crucial because if a DNS server is compromised, users can be redirected to malicious websites without their knowledge.



In the realm of cybersecurity, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network.



An endpoint in cybersecurity refers to a remote computing device that communicates back and forth with a network. Endpoints can include desktops, laptops, smartphones, tablets, servers, and virtual environments. Endpoint security aims to secure every endpoint connecting to a network to block access attempts and other risky activities at these points of entry.



A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. A honeypot may also be able to discover new attacks or the identity of the attackers.


Incident Response

Incident response is a structured approach to managing and addressing the aftermath of a security breach or cyberattack, also known as a security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.


Information Security

Information security, also known as infosec, is a set of strategies for managing the processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and non-digital information. Infosec includes procedures that physically secure data, as well as those that digitally safeguard information.


Intrusion Detection

In cybersecurity, an “intrusion detection system” (IDS) is a tool that monitors network traffic and devices for known malicious activity, suspicious behavior, or security policy violations. It accelerates and automates network threat detection by alerting security administrators to known or potential threats. IDS uses two primary threat detection methods: signature-based detection, which analyzes network packets for specific threat characteristics, and anomaly-based detection, which uses machine learning to identify deviations from normal network activity.



Software that records users’ keystrokes to collect passwords and other high-value information. In the realm of cybersecurity, a keylogger (a.k.a. a “keystroke logger”) is a type of spyware that records and steals consecutive keystrokes entered by a user on a device. The term “keylogger” is self-explanatory: it refers to software that logs what you type on your keyboard. However, keyloggers can do much more than that… including stealing passwords, login credentials, and more.


Link Jacking

An unethical practice of redirecting a link to a middleman or aggregator site or location rather than the original site. Link jacking involves manipulating links so that users are unknowingly redirected to a different destination than they intended. Most often, the targeted users unknowingly enter their login credentials into the spoofed website.



Malware, short for malicious software, is a term that encompasses any software designed to cause damage to a computer, server, client, or computer network. This includes viruses, worms, trojans, ransomware, and spyware. Downloading files from untrusted sources can lead to malware infection, which can result in unauthorized access to your system and potential data breaches.


Multifactor Authentication (MFA)

Multifactor Authentication (MFA) is an account login process that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. It combines two or more independent credentials: what the user knows (such as a password), what the user has (such as a security token), and what the user is (using biometric verification methods). The goal of MFA is to create a layered defense that makes it more difficult for unauthorized individuals to access a target, such as a physical location, computing device, network, or database. If one factor is compromised, there are still additional barriers to breach before successfully breaking into the target. MFA is crucial for reducing security risks and enhancing user authentication in today’s digital landscape.


Penetration Testing

Also known as “pen testing,” this is an attempt to evaluate how hack-proof a system is by trying to exploit it. Think of pen testing as “ethical hacking,” as these are simulated cyberattacks, often conducted with an organization’s permission, to assess cybersecurity capabilities and uncover vulnerabilities.



Phishing attacks are a type of cyberattack that uses email and social engineering to trick a target into taking actions that compromise their security. Attackers send fraudulent messages, often in the form of emails, to deceive victims into revealing sensitive information (such as login credentials or credit card numbers) or downloading malware. Vigilance and awareness are crucial to avoid falling victim to these deceptive tactics.


Plain Text

Plain text, in the context of cybersecurity, refers to any readable data that can be easily understood by humans or machines. It’s the unencrypted data that you input into an encryption algorithm to produce encrypted data (cipher text). The security of plain text is crucial as its exposure can lead to a data breach. Cipher text refers to the result of encryption performed on plaintext using an algorithm, called a cipher. Cipher text is unreadable until it has been converted back into plain text (decrypted) with a key. Understanding the difference between cipher text and plain text is crucial in cryptography and data security.



Ransomware is malware that requires the victim to pay a ransom to access encrypted files. In a typical scenario, a victim unknowingly opens a file attached to an innocent-looking email, and the program encrypts key files and drives, rendering them inaccessible. The files remain locked until the victim pays the demanded ransom. Ransomware poses a significant threat, and organizations must take preventive measures to safeguard their data and systems. The use of cloud computing and/or cloud storage offers a layer of protection, since your data is not stored on an organization’s PCs, mobile devices, or onsite servers.



A rootkit is a type of malicious software that provides a hacker with administrator-level access to a computer or computer network. The hacker installs the rootkit on a computer using a user action, by exploiting a known vulnerability or cracking a password. The rootkit is then able to mask its existence or the existence of other software. The key challenge with rootkits is their stealthy nature, which allows them to be used to spy on or control the computer system without detection.


Security Incident

A security incident is an event that leads to a violation of an organization’s security policies and puts sensitive data at risk. Security incidents include attempted and successful unauthorized access, use, disclosure, modification, or destruction of information.


Security Policy

A security policy is a written document that states how an organization plans to protect its physical and information technology assets. A good security policy includes a broad range of issues, including personal device use, social media, and incident response.


Sensitive Information

Sensitive information refers to data that is protected against unwarranted disclosure. Protection of sensitive information may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations. A data breach involving sensitive information can have severe consequences, including financial loss and damage to a company’s reputation.


Social Engineering

A cyberattack aimed at stealing user data where the attacker pretends to be a trusted individual or organization to trick the victim. Common techniques include phishing and smishing.



The fraudulent practice of sending spoof text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.


Sock Puppet

A “Sock Puppet,” in cybersecurity terms, is an online identity created for purposes of deception. It is used to conceal the true identity of the investigator and gain access to information that requires an account. These fictitious identities can be used to promote a product or service, spread misinformation, influence opinion, suppress dissent, or engage with targets to gather intelligence.


Trojan Horse

A Trojan horse, or simply Trojan, is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware. A Trojan can give a malicious party remote access to an infected computer system.


Unauthorized Access

Unauthorized access refers to the act of gaining access to a computer system, network, or resource without the express permission of the owner. This is often achieved through exploiting vulnerabilities in the system’s security, such as weak passwords or outdated software. Unauthorized access can lead to data breaches, theft of sensitive information, and other malicious activities.


Virtual Private Network (VPN)

A VPN is a service that allows you to connect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. VPNs are commonly used to secure connections to public Wi-Fi hotspots, hide IP addresses, and make your browsing private.



A preapproved list of software, code, file name, path, file size, and hash value. Conversely, any code, whether benign or malicious, excluded from the whitelist will not be able to execute on the protected system (aka “blacklist”).


Zero-Day Exploit

A Zero-Day Exploit is a cyberattack that leverages an unknown or unaddressed security vulnerability in computer software, hardware, or firmware. The term “zero-day” refers to the fact that the software or device vendor has zero days to fix the flaw because malicious actors can already use it to access vulnerable systems. This exploit is typically used by hackers to gain unauthorized access to users’ information or systems before the software developers have had a chance to resolve the issue.


Zero Trust

“Zero Trust” is a cybersecurity framework that operates on the principle of “Never trust, always verify.” It requires all users, both inside and outside an organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before gaining or maintaining access to applications and data. This model assumes there is no traditional network edge and that threats can exist both outside and inside the network.


Stay Informed. Stay Safe

Understanding cybersecurity vocabulary is a crucial element of risk mitigation in today’s digital age of online work and the Internet of Things (IoT). With the rise of cyber threats and increasingly sophisticated tactics used by cybercriminals, it’s important to be familiar with terms like these. A Virtual Private Network (VPN) can provide an additional layer of security, helping protect against cyberthreats. Antivirus software is another essential tool, offering real-time protection against various forms of malware.

Understanding the concept of decryption can also be helpful, particularly in the context of ransomware attacks. Furthermore, securing every endpoint connecting to a network is a critical aspect of cybersecurity and risk management. Awareness of malicious software like rootkits, which can provide hackers with administrator-level access to a computer system, is also vital. Finally, implementing effective access control measures can regulate who or what can view or use resources in a computing environment.

By expanding your cybersecurity vocabulary, you can better understand the potential risks and protect yourself and your organization from potential cyberattacks. Remember, knowledge and awareness are your first lines of defense. Stay informed, stay secure.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

How to Use Student Personas to Inform Your K12 Device Strategy

Elementary, middle, and high school students have different learning needs; naturally, they require different devices for digital learning. This blog will leverage insights from UDT’s recent webinar (June 4), “How to Leverage ‘Back to School’ Personas to Build Your Device Strategy.” Discover ways to identify the student-centric persona groups in your school district and how they can impact your device procurement and management considerations. Learn more by viewing our webinar recording. Looking for additional support? Download our latest guide, “2024 K12 Device Strategy Guide: Choosing the Right Device for Every Learner.”

Guide – Build Your K12 Device Refresh Strategy

Four years after the pandemic, school districts are now readying up to conduct their next large-scale device refresh. Download the guide and benefit from expert insights on how to make tactical improvements to your K12 device strategy.

What AI Means for Your Next K12 Device Refresh 

Artificial Intelligence (AI) is transforming K12 education. This article discusses the role of AI-first processors in the next generation of educational devices.

The Growth of Cybercrime-as-a-Service

Learn why you should worry about Cybercrime-as-a-Service (commonly abbreviated as either CCaaS or CaaS) and what you can do to protect your business from highly organized and sophisticated criminal elements.

Navigating K12 Device Repair After ESSER 

With ESSER funding ending, K12 tech repairs become a challenge. Discover how school districts can navigate device repair and refresh needs effectively.

QR Codes Are the Latest Cyberthreat to K12 Schools—Here’s Why

QR codes are convenient but can pose security risks. Discover how to check if a QR code is safe and prevent cyberattacks in your school.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,