As you learn about digital security and privacy, you may encounter words that you’re not familiar with. This glossary has simple, short definitions.
Authentication: Proving that you are who you say you are.
Bad actor: A person, group, or organization that is acting maliciously.
Cloud: Internet-based; using remote servers. A cloud service is an online service. Cloud storage is online storage.
Cookie: A file that contains information which identifies you to a website, so that it can keep track of who you are. Cookies are simply part of how users interact with websites, and aren’t inherently a privacy risk. But when cookies are used to track users around the Web, they are considered a privacy risk.
Credentials: Proof that you are who you say, such as your username and password.
Cryptography, cryptographic, crypto-: Having to do with encoding data to make it secret and not easily readable.
Cyber-: A prefix meaning related to computers or computing. For example, cybersecurity, cybercrime, cyberspace.
Data: Facts, pieces of information. Computers and digital devices store and process data. “Data” is a plural word (the singular is “datum”), but data is commonly used as singular.
Defense in depth: Using multiple security layers to increase your overall security.
Device: Generic term for computing hardware, such as computer, phone, or tablet.
Encrypt, encryption: To encode data to make it secret and not easily readable. Data that’s not encrypted is unencrypted (also called plain text or cleartext). Undoing/reversing encryption is decryption.
End-to-end encryption: Encryption that keeps data secret along the entire path from sender to intended recipient, so that only the intended recipient can see/hear it. It keeps data encrypted while in transit (traveling) and at rest (in storage). This prevents not only hackers, but also governments and even the companies transmitting the data from seeing it.
Hack, hacking, hacker: A person who maliciously breaks into computer systems, networks, and digital devices. Originally hacker was a positive term (you may have heard of life hack as meaning finding a shortcut), and cracker was the corresponding negative term (meaning to crack into). Over time hacker has evolved into a mostly negative term, though the term white hat hacker survives as meaning a person who hacks with good intent, to find vulnerabilities before malicious people do.
Internet of Things (IoT): The wide range of devices that have processors and are connected to the Internet, generally referred to as “smart” devices. Includes smart speakers, thermostats, home entertainment systems, home security systems, car systems, baby monitors, and many more devices.
Internet Service Provider (ISP): The company that provides your Internet connection. At your home, that could be a cable, DSL, or fiber company, such as Comcast, Spectrum, or AT&T. For your mobile devices, that’s your wireless carrier, such as Verizon, Sprint, or AT&T.
Key: The digital equivalent of a physical key; text, code, or software that unlocks something.
Mac: Abbreviation of Macintosh, a computer manufactured by Apple. Note that it’s not spelled MAC (all caps) because it’s not an acronym. There is an acronym MAC, for Media Access Control address (a unique identifier for a device on a network).
Malware: Generic term for malicious software. Includes viruses, spyware, ransomware, trojans, rootkits, and more.
Metadata: Data about data. For example, the metadata of a phone call are the details about the call, such as phone number called, time of call, and duration of call. The metadata of an email are the details about the email, such as email address sent to, time sent, and subject.
Operating system (OS): The main software that runs on a computer or other digital device, which other software runs inside. Common computer operating systems are Windows, macOS (Apple), and Linux. Common mobile operating systems are iOS (Apple) and Android.
Personally identifiable information (PII): Information by which you can be identified, such as name, Social Security number, driver’s license number, phone number, and email address.
Phishing: Fraudulent messages that attempt to steal info. For example, you may receive an email that appears to be from your bank, asking you to click a link to log in. But the link actually points to a malicious website disguised to look like your bank, which steals your login info as soon as you enter it.
Principle of Least Privilege: Give users, accounts, and services only as much access and capability as they truly need, to limit the damage they can do (deliberately or accidentally).
Privacy: Keeping hidden or secret the data that you want to keep hidden or secret.
Ransomware: Malware that encrypts your files (so that you can’t access them) and holds them for ransom. There’s no guarantee that you’ll get your files back if you pay the ransom.
Security: Restricting access to an object or data, ensuring that only the proper people or systems can access it.
Security questions: Questions that must be correctly answered to authenticate you. Often used as a secondary way to authenticate if you forget your password.
Sensitive: Data that is valuable and you don’t want to fall into the wrong hands. For example, Social Security number, home address, financial information, medical information.
Short Message Service (SMS): Technical name for text messaging, text messages, texting. Technically, only text can be sent by SMS. If you send anything else (images, audio, etc.) you’re using MMS (Multimedia Messaging Service).
Smishing: Fraudulent SMS/text messages that attempt to steal info; phishing done by SMS/text message.
Social engineering: Manipulating or tricking people into giving access to information or systems.
Spam: Unsolicited “junk” messages received by email, text/SMS message, social media messaging system, or some other messaging system. Note that it’s not spelled SPAM (all caps) because it’s not an acronym. A person who sends junk messages is a spammer; the action is spamming.
Special characters: Written symbols that aren’t letters or numbers. Examples: ~ ! @ # $ % ^ & * ( _ + [ \ ; ‘ < . ?
Surveillance: Watching, observing, tracking. Digital surveillance can be done by a human, but most surveillance is done automatically by systems.
Two-factor authentication (2FA), multi-factor authentication (MFA): Using more than one means to prove that you are who you say you are. A password is commonly one factor; other factors could be a code generated by an authentication app, or biometrics (fingerprint, iris scanner, etc.).
Verify, verification: To prove or provide evidence for.
Virtual Private Network (VPN): A secure tunnel from your device to a remote server. Can be used to protect your Internet traffic when you’re on an insecure network (such as public Wi-Fi) or to make it look like you’re located somewhere else, allowing you to get around Internet restrictions (such as in China).
Vishing: Fraudulent phone calls or voicemails that attempt to steal info; phishing done by phone.
Vulnerable, vulnerability: Capable of being attacked or exploited because of a flaw.
Zero-day, 0-day: A zero-day vulnerability is a software or hardware flaw that is generally unknown, so no one has yet created a defense against it; it can be attacked or exploited immediately.