IT & Cybersecurity Glossary

A documented strategy defining how a business continues operating during and after a major disruption — cyberattack, natural disaster, power outage, or key staff absence. A strong BCP includes identified critical functions, alternate operating procedures, communication plans, recovery time objectives (RTOs), and regular testing protocols. For Canadian businesses, this includes scenarios such as severe weather events, supply chain disruptions, and ransomware attacks.

The delivery of computing services — servers, storage, databases, networking, software, and analytics — over the internet rather than from local hardware. Cloud computing allows businesses to access scalable IT resources on demand, pay only for what they use, enable remote work for distributed teams, and strengthen disaster recovery capabilities. Common platforms include Microsoft Azure, Microsoft 365, and Google Workspace.

The process of restoring IT systems, data, and infrastructure after a disruptive event — cyberattack, hardware failure, or natural disaster. Disaster recovery focuses specifically on technology restoration, guided by Recovery Time Objectives (RTO — how quickly systems must be restored) and Recovery Point Objectives (RPO — how much data loss is acceptable). DR is a critical component of, but distinct from, a broader Business Continuity Plan.

A cybersecurity technology that continuously monitors endpoints — computers, laptops, servers, and mobile devices — for signs of threats and automatically responds to suspicious activity. EDR uses behavioral analysis to detect zero-day attacks and ransomware that traditional antivirus software misses. A mandatory component of any serious cybersecurity program, and a key requirement under PIPEDA’s obligation to protect personal information with appropriate safeguards.

A subscription model where businesses lease IT hardware — computers, laptops, servers, and networking equipment — from a managed service provider at a fixed monthly fee, instead of purchasing it outright. HaaS converts capital expenditures (CapEx) to operating expenses (OpEx), includes maintenance and hardware refreshes, and ensures Canadian businesses always operate on current, fully supported equipment without large upfront investments.

A subscription-based model where a third-party provider — called a Managed Service Provider, or MSP — proactively manages and maintains a business’s IT infrastructure, systems, and users on their behalf. Includes 24/7 monitoring, help desk support, patch management, network management, and security — all at a predictable flat monthly rate. Ideal for Canadian businesses that need enterprise-grade IT without the cost of a full in-house IT department.

A security control requiring users to verify their identity with two or more independent factors before accessing systems: something they know (a password), something they have (a phone or hardware token), and/or something they are (a biometric like a fingerprint). MFA blocks over 99% of automated credential-based attacks and is one of the most cost-effective security controls a Canadian business can implement. Required under PIPEDA’s mandate to use appropriate security safeguards.

Canada’s federal private-sector privacy law that governs how organizations collect, use, and disclose personal information in the course of commercial activities. PIPEDA requires businesses to obtain meaningful consent before collecting personal data, protect it with appropriate security safeguards, and report data breaches to the Office of the Privacy Commissioner of Canada. Most Canadian businesses that handle customer or employee data are subject to PIPEDA — and non-compliance can result in significant fines and reputational damage.

A type of malware that encrypts a victim’s files or systems, making them completely inaccessible, then demands payment — usually in cryptocurrency — for the decryption key. Ransomware typically enters businesses through phishing emails, unpatched software vulnerabilities, or compromised remote access credentials. A single ransomware attack can cost a small Calgary business tens of thousands of dollars in downtime, recovery costs, and potential PIPEDA breach notification obligations. Prevention requires EDR tools, email filtering, MFA, regular patching, and tested off-site backups.

An auditing standard developed by the AICPA that evaluates a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. SOC 2 certification is increasingly required by enterprise clients and regulated industries — particularly financial services and healthcare — as proof that a technology vendor handles data responsibly. There are two types: SOC 2 Type I (a point-in-time assessment) and SOC 2 Type II (assessed over a period of time, and more rigorous).

An outsourced executive-level IT strategy service where a managed IT provider supplies strategic technology leadership — IT roadmapping, vendor management, technology budgeting, and alignment of IT investments with business goals — without the cost of hiring a full-time CIO. vCIO services give Canadian small and mid-sized businesses access to enterprise-level strategic IT direction at a fraction of the cost of an in-house hire.

A technology that routes telephone calls over an internet connection instead of traditional telephone lines. Business VoIP systems offer advanced features — auto-attendant, call forwarding, mobile apps, voicemail-to-email, and CRM integration — at 30–60% lower cost than legacy phone service. VoIP also enables Calgary businesses to operate with a consistent professional phone presence whether staff are in the office, working remotely, or across multiple locations.