Every industry has its jargon, and IT has more than most. The problem is that these terms get thrown around as if everyone already knows them. Here are the ones we're asked about most often, explained the way we'd explain them to a friend.
You don't need to memorise any of this. But understanding these concepts helps you make better decisions about your business — and have more useful conversations with your IT provider.
The Cloud
“The cloud” simply means someone else’s computers, accessed over the internet. When your email or files live “in the cloud,” they’re stored in a secure data centre rather than on a machine in your office. You reach them from anywhere with an internet connection.
Everyday examples
Microsoft 365 and Google Workspace are everyday examples. Your emails, documents, and spreadsheets sit in Microsoft’s or Google’s data centres — not on a server in your storeroom — which is why you can open them on your phone, at home, or in a client’s office.
Why it matters: Cloud services reduce the need for expensive on-site hardware, simplify remote working, and shift the responsibility for server maintenance to the provider. They also mean your files survive a laptop being stolen or an office fire.
Virtual Private Network
A VPN creates a private, encrypted tunnel between your device and another network. Businesses use them so staff can safely reach office systems from home or while travelling, as if they were sitting in the office.
Why it matters on public Wi-Fi
Without a VPN, data travelling over an untrusted Wi-Fi network — a coffee shop, hotel, or airport — can potentially be intercepted. A VPN encrypts the connection so it looks like scrambled data to anyone snooping on the same network.
Why it matters: If your staff work remotely or travel, a business VPN is an important layer of protection — especially when accessing sensitive systems or client data.
Multi-Factor Authentication
MFA means proving who you are with more than just a password — usually a prompt or code on your phone as well. Even if someone steals your password, they can’t get in without that second factor.
What it looks like in practice
After entering your Microsoft 365 password, your phone shows a prompt asking “Are you trying to sign in?” You tap Approve. That second step is the MFA factor. An attacker who has your password but not your phone cannot get through.
Why it matters: Microsoft research shows MFA blocks over 99.9 % of automated account-compromise attacks. It’s one of the single most effective security steps a business can take, and it’s usually included free with existing Microsoft 365 licences.
Zero Trust
An approach to security summed up as "never trust, always verify." Instead of assuming everything inside the company network is safe, a Zero Trust setup checks every user and device each time they try to access something.
Why the old approach no longer works
Traditional security assumed that once you were on the office network, you were trustworthy. Zero Trust treats every access request — even from inside the office — as potentially suspicious until it’s verified. With staff working from many locations and devices, that assumption of internal trust no longer holds.
Why it matters: Zero Trust is increasingly the recommended security model for businesses with remote workers, cloud services, or multiple devices. It suits a world where the “perimeter” of your network is no longer four walls.
Phishing
A scam where criminals send messages pretending to be someone you trust — your bank, a supplier, your boss — to trick you into clicking a malicious link, sharing a password, or making a payment.
A common scenario
A common example: an email that looks exactly like a Microsoft 365 login page asks you to "re-verify" your account. You enter your password — and you’ve just handed it to a criminal. The defence is a healthy pause: verify before you act, using a known contact method rather than the link in the email.
Why it matters: Phishing is the starting point for the majority of business email compromises and ransomware attacks. Staff awareness is the most effective defence.
Ransomware
Malicious software that encrypts your files and demands payment to release them. It’s one of the most damaging threats to businesses today, and attacks don’t only target large organisations — SMEs are regularly hit.
How an attack unfolds
Ransomware typically arrives via a phishing email or an unpatched vulnerability. Once it runs, it silently encrypts files across your computer and any network drives it can reach — then displays a ransom demand. Paying does not guarantee recovery.
Why it matters: Good backups stored separately from your main systems are your most reliable defence. If ransomware can’t reach your backups, you can restore your files without paying.
Endpoint Detection and Response
A modern step up from traditional antivirus. Rather than only checking files against a list of known threats, EDR watches how a device behaves and can step in automatically when something looks like an attack — even a brand-new one it has never seen before.
Antivirus vs EDR: the analogy
Standard antivirus looks for known bad files — like a security guard checking a list of banned faces. EDR watches behaviour — like a guard who notices that someone is acting suspiciously, even if they’re not on the list. An "endpoint" is simply any device: a laptop, desktop, or server.
Why it matters: Modern ransomware and zero-day attacks are specifically designed to bypass traditional antivirus. EDR closes that gap by detecting suspicious behaviour rather than relying on known-threat signatures.
Backup vs Sync
Sync keeps the same files matched across your devices and the cloud (like OneDrive). Backup keeps separate, dated copies you can restore from later. They sound similar but do very different jobs.
Why the difference matters
If you accidentally delete a file, OneDrive sync will faithfully delete it everywhere — including the cloud copy. A dedicated backup would let you restore the file from a point before the deletion. Sync is about access; backup is about recovery.
Why it matters: Many businesses assume OneDrive or Google Drive is their backup. It isn’t. You need backup — not just sync — to be truly safe from accidental deletion, ransomware, and account compromise.
Still not sure what something means?
There's no such thing as a silly question. If a tech term is making your head spin, get in touch — we're happy to explain it without the jargon.
Ask us anything