Privacy & Security Glossary

Name: NeoGuard
Address: Romanshorn, TG, 8590, CH
Price range: Free

Key terms in data protection, cybersecurity, and Swiss compliance. Explained clearly.

Threats

Credential Stuffing: An automated attack that uses stolen username/password pairs from one data breach to attempt logins on other services, exploiting the widespread habit of password reuse.
Dark Web: A part of the internet only accessible through specialized software (like Tor), where stolen credentials, personal data, and hacking tools are frequently traded on anonymous marketplaces.
DDoS (Distributed Denial of Service): An attack that floods a website, server, or network with traffic from thousands of sources simultaneously, overwhelming it and making it unavailable to legitimate users.
Malware: An umbrella term for any malicious software designed to damage, disrupt, or gain unauthorized access to a computer system, including viruses, trojans, spyware, and ransomware.
Password Spray: An automated attack where attackers try a small number of very common passwords against many email addresses or usernames, looking for accounts with weak or predictable passwords without triggering per-account lockouts.
Phishing: A social engineering attack that tricks users into revealing credentials, clicking malicious links, or downloading malware by impersonating a trusted entity.
Ransomware: Malicious software that encrypts your files and demands payment for the decryption key, often combined with threats to publish stolen data.
Shadow AI: The unsanctioned use of generative AI services (ChatGPT, Claude, Gemini, Copilot & co.) in day-to-day work.
Social Engineering: Manipulation techniques that exploit human psychology rather than technical vulnerabilities to trick people into revealing sensitive information, granting access, or transferring money.
Zero-Day: A software vulnerability that is unknown to the vendor and has no available patch, giving defenders zero days to prepare before it can be exploited.

Network & Infrastructure

Firewall: A network security system that monitors and controls incoming and outgoing traffic based on predefined rules, acting as a barrier between trusted and untrusted networks.
Kill Switch: A VPN client feature that blocks all internet traffic the moment the encrypted VPN tunnel drops. It prevents your real IP address and DNS queries from leaking outside the protected connection.
VPN (Virtual Private Network): A technology that creates an encrypted tunnel between your device and the internet, protecting your data from interception and masking your IP address.

Authentication & Access

2FA (Two-Factor Authentication): A security method that requires two different forms of verification before granting access, typically a password plus a code from a device you own.
Passkeys: A passwordless authentication standard that uses cryptographic key pairs stored on your device, replacing traditional passwords with phishing-resistant, biometric-backed login.
Password Manager: Software that generates, stores, and auto-fills strong, unique passwords for every account, secured behind a single master password.

Encryption & Privacy

Encryption: The process of converting data into an unreadable format that can only be decoded with the correct key, protecting it from unauthorized access.
End-to-End Encryption: An encryption model where messages are encrypted on the sender's device and can only be decrypted by the intended recipient, with no intermediate party (including the service provider) able to read them in transit.
PGP: Pretty Good Privacy — an open standard for end-to-end encrypted email and file signing, using public-key cryptography to let anyone send a message only the intended recipient can read.
SSL/TLS: Cryptographic protocols that encrypt communication between your browser and a website (the padlock icon), ensuring data cannot be intercepted or tampered with in transit.
XChaCha20: A modern symmetric encryption cipher designed for high performance and resistance to timing attacks. Used by NordPass, Cloudflare, and Google as an alternative to AES.
Zero-Access Encryption: An encryption model where data is encrypted on the user's device with a key the provider never holds, so the provider cannot decrypt stored content even under legal compulsion or a server breach.

Compliance & Regulations

BACS (Federal Office for Cybersecurity): Switzerland's federal cybersecurity authority (Bundesamt für Cybersicherheit), responsible for national cyber threat monitoring, incident coordination, and the mandatory 24-hour reporting requirement for critical infrastructure.
FINMA: Switzerland's financial market supervisory authority (Eidgenössische Finanzmarktaufsicht), which sets binding cybersecurity and data protection requirements for banks, insurers, and financial intermediaries.
nFADP (revised Federal Act on Data Protection): The revised Swiss Federal Act on Data Protection (nFADP, in German nDSG), effective 1 September 2023, governs how personal data must be handled by businesses operating in or targeting Switzerland.

Endpoint Protection

Backup: A copy of your data stored separately from the original, allowing recovery after data loss from ransomware, hardware failure, accidental deletion, or natural disaster.
Endpoint Protection: Security software that protects individual devices (laptops, phones, servers) from malware, ransomware, and other threats using behavioral analysis, real-time monitoring, and automated response.
Patch Management: The process of identifying, testing, and applying software updates that fix security vulnerabilities, ensuring systems are protected against known exploits.