Plain English

IT & cyber security glossary

IT is full of jargon. Here are the terms you’ll actually hear from us and other providers, explained simply, with no assumed knowledge.

Managed IT support: Outsourcing the day-to-day running of your IT to a provider who proactively looks after it for a fixed monthly fee, rather than calling someone only when it breaks.
Co-managed IT: A provider works alongside your in-house IT person or team, adding extra capacity, tools and specialist skills instead of replacing them.
Helpdesk / service desk: The team you contact when something’s wrong, they log, prioritise and fix your IT issues.
SLA (Service Level Agreement): A written promise about how quickly your provider will respond to and resolve issues.
RMM (Remote Monitoring & Management): Software that lets a provider monitor and fix your computers remotely, often before you notice a problem.
Patch / patching: An update that fixes bugs or security holes in software. “Patch management” means keeping everything up to date automatically.

MFA (Multi-Factor Authentication): A second check at login, usually a code or app prompt on your phone, so a stolen password alone isn’t enough to get in.
EDR (Endpoint Detection & Response): Next-generation antivirus that watches for suspicious behaviour on your devices and can shut down an attack in progress.
SOC (Security Operations Centre): A team (and technology) that monitors your systems for threats around the clock and responds when something’s wrong.
Phishing: Scam emails or messages designed to trick someone into clicking a bad link, handing over a password or paying a fake invoice.
Ransomware: Malicious software that locks up your files and demands payment to release them, one of the most damaging attacks for businesses.
Penetration test (“pen test”): An ethical hacker safely attacks your systems with permission to find weaknesses before a real criminal does.
Vulnerability scanning: Automated checks that regularly look for known weaknesses across your systems so they can be fixed.
Shadow IT: Apps and online accounts staff use for work without IT’s knowledge, a common and overlooked security risk.
PAM (Privileged Access Management): Controlling and protecting the powerful “admin” accounts that, if compromised, would give an attacker the keys to everything.

Microsoft 365: Microsoft’s subscription bundle of Outlook, Teams, Word, Excel, SharePoint and OneDrive, run from the cloud.
The cloud: Software and storage hosted in secure data centres and accessed over the internet, rather than on a server in your office.
SharePoint: Microsoft’s platform for storing, sharing and managing your company’s documents securely.
Conditional access: Rules that decide who can sign in, from where and on what device, for example, blocking logins from outside the UK.
Backup vs. disaster recovery: A backup is a safe copy of your data; disaster recovery is the tested plan for getting your whole business running again after an outage.

Cyber Essentials: A UK government-backed certification proving you have the five basic security controls in place. Often required to win contracts.
Cyber Essentials Plus: The same standard, but independently tested and verified by an assessor rather than self-declared.
ISO 27001: An international standard for managing information security through a formal, audited management system.
GDPR: The UK/EU data-protection law governing how you collect, store and use people’s personal information.
DSAR (Data Subject Access Request): A formal request from an individual to see the personal data you hold about them, which you must answer within a set deadline.

Prefer to talk to a human?

No jargon, no pressure, just straight answers about your IT and security.