If you want to become acquainted with a particular subject, you must first learn the basic terminology. IT security has its own special terms that are important to the understanding of cyber threats and how to deal with them. In this article, we discuss 10 terms that everyone who works at a computer terminal should know.


We start with this one because it’s so common, and it’s easy to fall for if you’re not careful. Like the name sounds, phishing is when a cyber-criminal puts out bait in the form of an internet link hoping you will “bite”. And if you do, you may be taken to an imposter website where you are asked to give away confidential personal information. The best advice is not to take the bait, and never click links from unknown email senders.

Social Engineering

Not every security breach is a hack. Sometimes it’s just a simple con game. An attacker may call you claiming to be from the IT department and asking for your password. Or they may pretend to be someone from the central office demanding confidential information. Social engineering is any kind of manipulation technique that the bad guys use to get you to reveal private information, give unauthorized access, or otherwise expose the company’s assets. Don’t fall for this deceptive practice!


You know that hardware refers to equipment, and software is another word for an IT application. Malware is a form of software that was created with bad intentions. The term is actually short for malicious software, and it’s a general catch-all for all kinds of harmful applications, such as viruses, worms, or trojan horses. To guard against malware, you should use anti-malware software (often called anti-virus software).


If you take the alphabet and shift every letter over one, then you could write the word “hello” this way: i-f-m-m-p. Now if I texted you and said “Ifmmp!” you would have no idea what I was saying — unless you know the code. Encryption is a way of hiding or altering a message so that its meaning is not clear unless you have special instructions, known as a decryption key. Encryption is a method for securing data and keeping it confidential.


The general meaning of the word has to do with taking advantage of something. Exploit can be used as either a noun or a verb, a thing or an action. A computer exploit is a tool, usually a piece of malicious code, that takes advantage of a known weakness or vulnerability in an IT network or system. Cyber criminals may exploit an opportunity for unauthorized access so that they can go deeper into the system and cause further damage.


Firefighters use a firewall to separate an existing fire from the forest they hope to protect. In the IT world, a firewall is a network device used to create a wall of protection for an IT environment, keeping dangerous or unwanted data traffic out. A firewall can filter out data using a variety of criteria, such as the TCP port or protocol indicated in the data. 

Denial of Service (DoS)

One way to keep a network component from functioning properly is to make it so busy dealing with incoming traffic that it can’t do anything else. That’s the idea behind a denial of service (DoS) attack. An attacking computer continuously sends some kind of message to the target computer, creating a conversation between the devices that eventually exhausts all computing resources. A distributed denial of service (DDoS) is a DoS that uses many devices to attack the target, sometimes grouped as a botnet. 


How does a company know that their IT systems are secure? Penetration testing, or pentesting for short, is a way to evaluate the security strengths and weaknesses of a specific IT component, network, or environment. A form of ethical hacking, pentesting is often performed by an external IT security professional who has been trained to look for weaknesses or vulnerabilities that an attacker might exploit. The rigorous testing is followed by a thorough report with recommendations for security improvements. 

Multi-factor Authentication

Password protection is a way to demonstrate your identity when you log onto an application or device. But that’s only one authentication factor. Multi-factor authentication (MFA) is when you provide additional factors to show that you are who you say you are. Generally, MFA takes advantage of something you have, something you know, or something you are. One example is logging on with a password (something you know) as well as confirming with a six-digit code sent to your smartphone (something you have). MFA can be 2-factor authentication (2FA) or 3-factor authentication (2FA) 

Man-in-the-Middle (MitM) Attack

In simplest terms, computer networking is a digital conversation between two devices. Data is sent back and forth between one computer to another. A man-in-the-middle (MitM) attack occurs when a cyber-criminal breaks into that conversation and intercepts the passing data. One common form of MitM attack takes place in a public place, such as a coffee shop, in which the attacker uses hacking software to intercept messages over a public wi-fi. 


IT security is a complicated subject and may seem overwhelming to the average computer user. But everyone can learn the basics, including some of the most common IT security terms. You’ve got to start somewhere, and these 10 terms will give you a head start. Good for you for learning them today. Keep reading this blog and you’ll find out all kinds of things that you never knew about the world of information technology.