SME Business Cyber Security Definitions N to Z


Is a type of cyberattack involving the redirection of web traffic from a legitimate site to a fake site for the purpose of stealing usernames, passwords, financial data, and other personal information. The destination site may load malware on to your computer and the type of  attack is known as Phishing. You need a solution that blocks malware which is beyond traditional Antivirus software.


Is a type of cybercrime where hackers and cybercriminals trick others by pretending to be trustworthy sources to steal sensitive information. They do this through fake emails, websites, or messages that look real. Phishing uses tricks to manipulate people into sharing private information. Phishing relies on human error to be effective. Best form of protection is Awareness training and regular program of simulated attacks with staff receiving feedback on their results.

Delivery of a phishing attack is not only by email, but sms text messaging and voice scams. (Australian tax office calling you, or  a bank calling scam, Amazon parcel delivery are all examples of voice phishing.)


Is malware that prevents users from accessing your system or your data files and demands ransom payment in order to regain access. Payment is usually requested by the following means: via cryptocurrency or credit card. All businesses no matter what size are targeted by attackers. Small businesses in particular are an attractive target because they have less focus on prevention of such attacks. In 2022, the Australian Cyber Security Centres annual report identified the average cost per cyber-crime reported was $39,000 for small businesses (less than 20 employees) and $88,000 for medium business (20 – 90 employees)

Two key strategies to prevent are install a security solution that is more than antivirus and includes real-time protection and implement with your IT provider a backup strategy for all your important files ensure you cover your cloud applications and email files.


Are a kind of malware that can give a threat actor control of your computer without your consent or knowledge. Rootkits are designed to hide their presence on your device. A threat actor who has gotten a rootkit onto your machine (often via phishing email) can remotely access and control it. Because they enable root-level access, rootkits can be used to do things like deactivate your antivirus software, spy on your activity, steal sensitive data, or execute other malware on the device.  A rootkit is not a virus — it’s malware.


A router helps wired and wireless devices communicate. For example, your computer can instruct  your printer to print your documents or download your media from your digital camera without an Internet connection, thanks to a router. When the router is connected to a modem, it enables other devices in the network connect to the Internet through this device by directing network packets between them.

A router and WiFi are not the same things. A router is a networking device, while WiFi is wireless networking technology. A router uses its antennas to create and manage a WiFi network to allow other wireless-ready devices to communicate or potentially connect to the Internet.

Keeping the router software up to date through patching plus using security tools like your firewalls and a private VPN (Virtual Private Network) are the best strategies to prevent cyber-attacks.


Is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.  The inspiration for using the term “spam” to describe mass unwanted messages is a Monty Python skit in which the actors declare that everyone must eat the food Spam, whether they want it or not.

Always implement a spam filter to limit the spam received. The objective is to filter the spam and place it in Junk.

Spear Phishing

A form of phishing, with the sole purpose to convince the recipient to think the message they are responding to is 100 percent legitimate, achieved through personal touches designed to make them think what they’re dealing with is the real thing.


Is where someone pretends to be somebody else in an attempt to gain your confidence, if you fall for it, then it enables the attacker to access systems, steal data, steal money, or spread malware. Spoofing attacks come in many forms, however a common attack is through Email spoofing. This is the act of sending emails with false sender addresses, as part of a phishing attack.

SSL Certificates

Cause your browser to display a padlock icon, indicating that your connection to a websites is secure. SSL is a security technology for establishing an encrypted link between a server and a client, such as a website and a browser, or a pair of email servers.

An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection.


Trojan horse attacks (or simply “Trojans”) in computing are defined as a type of malware that use deception and social engineering to trick unsuspecting users into running seemingly benign computer programs that hide malicious ulterior motives. While technically they are not computer viruses but rather a separate form of malware, “Trojan horse virus” has become a common way to refer to them.

Prevention tactics are installing a security solution such as malwarebytes as well as ensuring your II provider has scheduled periodic diagnostic scans, has in place a schedule for automatic updates of your operating system software, and ensuring you have the latest security updates, keeping your applications updated, ensuring any security vulnerabilities are patched policies that users visiting unsafe or suspicious websites, training staff to be sceptical of unverified attachments and links in unfamiliar emails, ensure a strong and complex passwords are implemented across the business and where appropriate usage of firewalls.

Virtual Private Network (VPN)

VPN encrypts your online traffic in real time, allowing you to establish a private connection to the Internet. Your Internet traffic travels through an encrypted tunnel and will look like it’s coming from the VPN server rather than your own IP address. This is very important especially if you are using a public Wi-Fi or a shared Wi-Fi connection.


A program designed to cause damage, steal personal information, modify data, send email, display messages or a combination of these actions.

Zero Day

Is any software vulnerability exploitable by hackers that doesn’t have a patch yet. As you can imagine, such a vulnerability can result in a critical cybersecurity breach.

It is called Zero day because the software creators have zero days to respond after hackers have taken advantage of it.

Zero Trust

Is a security framework that states organizations should not trust any entity inside or outside of their network perimeter at any time. The effect is to implement an approach that provides the visibility and IT controls needed to secure, manage, and monitor every device, user, app, and network belonging to or being used by the organization and its employees and contractors to access business data. The goal of a Zero Trust configuration is to restrict access to sensitive data, applications, and devices to a need-to-know basis.

What to do next?

SME Business Cyber Security Definitions Handbook will cover more terms, however if any of these terms ae making you think about security and you want to have a friendly chat about your security posture or resilience then please contact your local Computer Troubleshooter on 1300 28 28 78