IT Acronyms.
In Plain English.

Software that scans your computers for known viruses and malicious files. It works from a list of known threats — if a threat isn't on the list, AV often misses it. The original standard for endpoint security, now considered a baseline rather than sufficient protection on its own.

Security software installed on each device (laptop, desktop, server) that watches for suspicious behavior — not just known viruses, but anything that looks like an attack in progress. If it sees something bad, it can automatically isolate the device before the damage spreads. Significantly smarter than traditional antivirus.

EDR plus a team of actual humans watching your systems around the clock. The software detects threats; the security team investigates and responds. When something suspicious happens at 2am on a Sunday, MDR means someone is looking at it. This is what most serious small and mid-size businesses should be running.

Like EDR, but it pulls data from your entire environment — computers, servers, email, cloud apps, and network — into one unified view. Instead of separate tools that can't talk to each other, XDR correlates signals across everything to catch threats that would look innocent in isolation. Typically more relevant for mid-market and enterprise environments.

A system that collects and analyzes log data from everything on your network — firewalls, servers, applications, user logins — and looks for patterns that suggest a security incident. Where EDR watches individual devices, SIEM watches the whole environment for anomalies. Often paired with MDR for a full security operations capability. Common compliance requirement in regulated industries.

Monitors your user accounts and login activity for signs that an identity has been compromised. Things like: someone logging in from an unusual location, logins at 3am, sudden access to files a user has never touched, or signs that credentials may have been stolen. Attackers frequently target credentials rather than systems — ITDR is specifically designed to catch that.

Blocks dangerous, malicious, or inappropriate websites before your computer even connects to them. Every website visit starts with a "DNS lookup" — essentially asking the internet for the address. DNS filtering intercepts that lookup and can block the request entirely if the destination is known to be harmful. Stops a lot of malware and phishing before it ever reaches a device.

Formal training that teaches your employees to recognize phishing emails, phone scams (vishing), fake login pages, and other attacks that target people rather than systems. Usually includes simulated phishing tests where the training provider sends fake phishing emails to your staff to see who clicks. Studies consistently show it reduces successful phishing attacks by over 60%. Your employees are the most attacked surface you have.

Software that lets your IT provider monitor and manage all of your computers and servers remotely — without physically coming to your office. Installs security updates, checks system health, deploys software, runs scripts, and flags problems before they become outages. The core tool every managed IT provider uses to actually do their job. If your IT company isn't using an RMM, they're flying blind.

A system that not only backs up your data but has a tested plan to get your business running again after a major failure — ransomware, hardware crash, fire, flood, or anything else catastrophic. "Backup" means your data is copied. "Disaster recovery" means you've actually tested getting it back and know how long it takes. Most businesses have the former without the latter.

How long your business can afford to be completely offline after a disaster before it becomes a serious financial or operational problem. Your IT provider's BDR solution should be designed to meet your RTO. If your RTO is "4 hours" and your backup takes 48 hours to restore, you have a planning problem. Ask your IT provider what your RTO is — if they can't answer, that's a red flag.

How much data your business can afford to lose in a disaster, measured in time. If your backups run nightly and your RPO is "24 hours," you could lose an entire day of work. If that's unacceptable, you need more frequent backups. RPO and RTO are the two questions every business should have answered before a disaster happens — not after.

An MSP pricing model where you pay one flat monthly fee per user that covers everything: help desk support, monitoring, patching, security tools, and labor — regardless of how much you use. Predictable budgeting, no surprise invoices. Often the best fit for businesses that generate a lot of IT tickets or want a simple fixed cost.

An MSP pricing model where your monthly cost covers the security and management tooling (RMM, MDR, etc.) required to properly manage your environment, and labor is billed separately at an hourly rate only when work is actually performed. Can be significantly more cost-effective for leaner businesses that don't need constant support. Less predictable month-to-month, but you only pay for what you use.

The contract that defines what your IT provider is actually committing to: response times, resolution times, support hours, uptime guarantees, and what happens if they miss those targets. An SLA without financial penalties for missed commitments is a wish list, not a contract. Always ask to see the SLA before signing with any provider.