Welcome back to our Jargon Buster series – the place where we untangle all the confusing digital lingo and explain it in plain English. If you’ve been following along, you’ll have already seen us tackle WordPress themes, plugins and widgets, dig into HTML, CSS, and shine a light on SEO, as well as domains, hosting and the languages websites are written in. This time, we’re diving into the world of online safety with our cyber security jargon buster.
And before you tune out thinking it’s all dark web, hackers in hoodies, and spy-level encryption, hold up. We’re not going that deep. This is a light-touch look at the everyday terms you might come across when running your website, opening an email, or just trying to keep your online stuff safe. Think of it as a gentle heads-up to help you spot the lingo – and know what to do about it.
Right, let’s get stuck in to our cyber security jargon buster.
Two-factor authentication (2FA)
Let’s start with something you’ve probably already used without realising: two-factor authentication. Often shortened to 2FA, it’s a way of adding an extra layer of security when logging in somewhere. So instead of just needing a password, you also need a second thing to prove it’s really you – like a code sent to your phone.
It might feel like a faff sometimes, but it’s one of the simplest and most effective ways to stop someone sneaking into your accounts. Definitely worth switching on wherever it’s offered.
Phishing
Unfortunately not the hobby involving a rod and a river – this kind of phishing is the sneaky, unpleasant kind. It’s when someone pretends to be a trustworthy source (like your bank or a familiar website) to try and trick you into handing over sensitive info. That could be a password, credit card number, or even your login to something important.
These scams often arrive via dodgy-looking emails or texts. If something smells a bit off – odd grammar, a strange link, or a vague sense of urgency – it probably is. Don’t click. Just bin it. If in doubt, contact who they’re claiming to be yourself. For example, if “HMRC” is saying you owe them money, find their contact information online (DON’T use any contained in the email) and drop them a message directly.
SSLs (Secure Sockets Layer – the little padlock)
If you’ve ever noticed the little padlock icon in your browser’s address bar, or the fact that a site starts with “https” instead of just “http”, that’s SSL doing its thing. It basically means that the data being passed between your browser and the website is encrypted – in other words, scrambled so that no one else can snoop on it.
If you’re running a website yourself, especially one that collects any sort of user info, you absolutely need an SSL certificate. Not just for security, but because Google and browsers will flag your site as “not secure” if you don’t have one. We’ve actually written about this before, in our article “What is an SSL certificate and why do I need one?” That article even gives you a helpful resource where you can get an SSL for free!
Firewalls
Think of a firewall like a digital bouncer for your website or computer. It sits between your system and the wider internet, checking what’s trying to come in (and go out) and blocking anything that looks a bit dodgy.
There are different types – hardware firewalls, software ones, and even ones built into website hosting platforms. You don’t necessarily need to know exactly how they work, but it’s good to know they’re there, working in the background to help keep the nasties out.
Malware
Short for “malicious software”, malware is the catch-all term for any bit of software designed to do harm. That could be viruses, spyware, ransomware, and all sorts of other unpleasant things. Sometimes it tries to steal data, sometimes it just messes things up for the sake of it.
Keeping your devices and software up to date, using strong passwords, and avoiding suspicious downloads all help lower your risk of picking up a nasty. Backups are important too – in a worst-case scenario, if you’re hit by a ransomware attack, you might need to rely on your most recent backup to keep trading.
DDoS attacks
This one sounds complicated, but it’s really just about websites getting overwhelmed. DDoS stands for Distributed Denial of Service – and it’s when a website is bombarded with a massive flood of traffic all at once.* The goal? To crash the site and make it unavailable.
It’s not something the average small business owner should lose sleep over, but many hosting companies include basic DDoS protection as standard these days. So it’s good to know it’s a thing – and that someone else is keeping an eye on it.
*This flood of traffic is usually from a network of infected devices (this is called a botnet). But that’s starting to get a bit technical, so we’ll leave it there.
We’ll call it there…
There’s loads more that could be said about cyber security (Heather did an entire course on it last year!), but the goal of this cyber security jargon buster is simply to demystify a few of the basics You don’t need to be an expert – just having a bit of awareness goes a long way.
If you’re running a website, chatting to clients online, or even just trying to keep your emails safe, understanding these terms can help you make better decisions (or at least not feel totally lost when your web agency starts mentioning them). If you’d like to check how well your small business is managing cyber security in general, the National Cyber Security Centre has a free tool to scan for potential vulnerabilities – well worth a look.
As always, if you’re not sure about something, feel free to drop us a line – no silly questions, we promise. And, if we can’t help you, we’ll know someone who can!