Bookmark this page! This glossary is regularly updated with new tech terms. Last updated: April 2026
Technology is always changing and evolving quickly. It can be difficult to keep up with everything a user needs to know. This handy guide is meant to be a quick reference for any tech terms that might be new to you. Bolded terms within definitions are found elsewhere in the document. Let’s translate this technobabble!
API (Application Programming Interface): A set of rules and protocols that allows different software applications to communicate with each other, enabling integration between systems
Anti-Spam: Software designed to identify and block spam or unwanted emails
Authentication: Confirming a user’s identity to allow access, usually with passwords, biometrics, or security tokens
Biometrics: Using physical features, like fingerprints or facial recognition, to verify someone’s identity
Botnet: A network of compromised computers or devices controlled by cybercriminals to carry out coordinated attacks, such as sending spam or launching DDoS attacks
Business Continuity Plan: Preparations to help start business operations as soon as possible after a disruption or disaster
Business Email Compromise (BEC): A type of phishing in which attackers use targeted, spoofed emails to gain access to someone’s inbox
Cloud Computing: Provides services over the Internet like storage or processing, allowing resources to be accessible and scalable
Cloud Security Posture Management (CSPM): Tools that continuously monitor cloud environments for security misconfigurations and compliance violations to prevent data breaches
Conditional Access: Only grants a user access when they meet certain conditions, like location or compliant devices
Data Center: A facility that processes large amounts of data, such as computer servers, storage systems, and networking equipment
Data Loss Prevention (DLP): Security measures and tools designed to prevent sensitive data from being accessed, shared, or leaked outside an organization
DDoS (Distributed Denial of Service): A cyberattack in which multiple compromised systems overwhelm a target server, website, or network with traffic, making it unavailable to legitimate users
DevOps/DevSecOps: Development practices that combine software development (Dev) with IT operations (Ops); DevSecOps adds security (Sec) throughout the development lifecycle
Disaster Recovery Plan: Similar to a Business Continuity Plan, this is a detailed strategy to recover and restore operations and data after a disaster
Distribution List: An email address that forwards email it receives to multiple users defined in the list. See M365 Group Emails to learn how they differ from Distribution Lists
- Alias: In the context of emails (such as Distribution Lists or M365 Group Emails), an additional email address that can be used to reach a user
DMARC: Aka Domain-based Message Authentication, Reporting, and Conformance, this protocol helps prevent email spoofing by ensuring email authentication
DNS (Domain Name System): A system that changes domain names (like example.com) into IP addresses
Encryption: The conversion of data into a coded format to protect sensitive information
Endpoint Detection and Response (EDR): Security tools that continuously monitor endpoints (computers, mobile devices) for threats and enable rapid response to detected incidents
Firewall: Security feature that monitors and controls network traffic to protect internal networks from untrustworthy external networks
Generative AI: Artificial Intelligence that can create new content, such as text, images, or music
Grayware: Software that isn’t designed to be malicious but can still pose security risks or worsen a user’s experience
Help Desk: A support service that assists users by troubleshooting technical issues related to hardware, software, or networks
Hybrid Cloud: A computing environment that combines public cloud services with private cloud or on-premise infrastructure, allowing data and applications to move between them
Identity and Access Management (IAM): Security frameworks that manage digital identities and control user access to resources through authentication and authorization policies
Incident Response Plan: A documented strategy outlining how an organization will detect, respond to, and recover from cybersecurity incidents or data breaches
IP Address: A unique identifier assigned to devices connected to the internet
IT Assessment: A comprehensive review of an organization’s IT systems, policies, and infrastructure to identify risks, gaps, and opportunities for improvement. Check out our IT checklist for inspiration!
IoT (Internet of Things): Physical devices connected to the internet that collect and exchange data, from smart home devices to industrial sensors
LLM (Large Language Model): A type of artificial intelligence that is trained on massive datasets
Malware: Malicious software like viruses, worms, or spyware designed to harm or gain unauthorized access to systems
M365 Group Emails: A more collaborative approach to distribution lists in which users also share a mailbox, calendar, and files
Mobile Device Management (MDM): Tools used to secure and manage employees’ mobile devices to ensure compliance and protect data
Multi-cloud: Using multiple cloud computing services from different providers (such as AWS, Azure, and Google Cloud) to meet various business needs
Multifactor Authentication (MFA): A security practice that requires users to verify their identity using two or more methods, such as a password and a code from an app. 2FA (two factor authentication) and 2SV (two step verification) are synonymous, with two factors implied
Passwordless Sign-in: A security practice that allows users to identify using an account/email and factor(s) other than a password, such as a passkey
Passkey: A physical or digital device with a small amount of encrypted data that resembles a “key” to sign in to a service. This is used to prove a user’s identity, often as part of passwordless sign-in
Penetration Test: A simulated cyberattack used to test the security of a system and identify vulnerabilities before they can be exploited
Personally Identifiable Information (PII): Personal data, such as names or Social Security numbers, that are used to identify an individual
Phishing: A targeted cyberattack in which attackers trick individuals into revealing sensitive information with fake emails or websites
Ransomware: Malicious software that encrypts a victim’s data and then allows the threat actor to demand payment for the decryption of stolen data
Remote Backup: Data stored securely in an offsite location, ensuring fast recovery in case of disasters or technical failures
RMM (Remote Monitoring and Management): Software tools that allow IT providers to monitor and manage client systems remotely, enabling proactive maintenance and support
RPO/RTO (Recovery Point Objective / Recovery Time Objective): RPO defines the maximum acceptable data loss in a disaster; RTO defines the maximum acceptable downtime before systems must be restored
SaaS/PaaS/IaaS: Cloud service models: Software as a Service (ready-to-use applications), Platform as a Service (development platforms), Infrastructure as a Service (virtualized computing resources)
Security Token: Similar to a passkey, but used to keep a device or program “logged in” without the constant need of a sign-in
Sensitive Information: Critical data that requires protection, like trade secrets, financial records, or personal information
Server: A powerful computer or system that is designed to provide resources, data, or services to other devices in a network and the people using them
Shadow IT: IT systems, software, or services used within an organization without explicit approval or oversight from the IT department
Shared Mailbox: A mailbox that multiple users can access to read and send emails from a common email address
Single Sign-On (SSO): Authentication process that allows individuals to access multiple applications or systems with a single set of credentials, like a code emailed to the user
SOC (Security Operations Center): A centralized unit or team that monitors, detects, and responds to cybersecurity threats in an organization’s systems and networks
Social Engineering: Manipulating people through psychological tactics to trick them into revealing sensitive information or granting unauthorized access
Spear Phishing vs. Phishing: Phishing targets broad audiences with generic scams; spear phishing is highly targeted, using personalized information to deceive specific individuals or organizations
SMTP (Simple Mail Transfer Protocol): A set of standards used for sending and relaying emails, followed especially for emails sent in high volumes
SPF (Sender Policy Framework): An email authentication method designed to prevent email spoofing by verifying that sender IP addresses are authorized by the domain owners
Spyware: Malicious software that secretly gathers information about a user’s activities, often for fraudulent or intrusive purposes
Supply Chain Attack: A cyberattack that targets a company by compromising a third-party vendor or supplier in its supply chain, exploiting trusted relationships
Technical Debt (Tech Debt): Deferred IT maintenance that can accumulate just like financial debt
Trojan: A type of malicious software that is disguised as legitimate applications or files that, when used, can compromise systems or steal sensitive information
Two-factor Authentication (2FA): A form of Multifactor Authentication (MFA) in which two methods of authentication are used
Virus: Malicious software designed to infect systems, replicate itself, and infect the systems to disrupt operations or compromise data
Virtual Private Network (VPN): A secure connection that encrypts data and protects online activities by routing traffic through a private server for privacy and anonymity
Vulnerability Management: The ongoing process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and software
Whaling: A targeted form of phishing that specifically attacks high-profile executives or senior leaders (“big fish”) to steal sensitive data or gain privileged access
Worm: A self-replicating malicious program that spreads across systems without user intervention
Zero-Day Vulnerability: A security flaw in software or hardware that is unknown to the vendor and has no available patch, making it exploitable by attackers
Zero Trust Security: A security model that requires strict identity verification for every person and device trying to access resources, regardless of whether they are inside or outside the network
Still have IT Questions?
SpireTech explains technology in plain English and provides managed IT services for Portland businesses. Trust the locals.