VANORIKA

Technologies

GLOSSARY

Cybersecurity, in Plain English

No jargon. The security terms you'll actually run into, explained for business owners.

Penetration test (pentest)

An authorised, simulated attack on your own systems to find weaknesses before a real attacker does. You get a report of what was found and how to fix it.

Vulnerability assessment

A scan that identifies known weaknesses in your systems. Broader and shallower than a pentest — it finds issues but doesn't try to exploit them.

Passive assessment

A read-only check using only public information (DNS, certificates, response headers). Nothing is logged into, scanned aggressively, or disrupted.

SPF (Sender Policy Framework)

A DNS record listing which servers are allowed to send email for your domain. Without it, anyone can forge email that looks like it's from you.

DMARC

A DNS policy that tells receiving mail servers what to do with email that fails SPF/DKIM — monitor, quarantine, or reject. It's how you stop spoofing.

DKIM

A cryptographic signature added to your outgoing email so receivers can verify it really came from your domain and wasn't tampered with.

Phishing

Fraudulent emails or messages designed to trick people into revealing passwords, payment details, or clicking malicious links.

Ransomware

Malicious software that encrypts your files and demands payment to unlock them. Good backups are the best defence.

SSL / TLS certificate

What puts the padlock in the address bar. It encrypts traffic between your visitors and your site, and proves the site is genuinely yours.

Security headers

Instructions your server sends browsers (like HSTS, CSP, X-Frame-Options) that harden your site against common attacks. Often missing.

CSP (Content Security Policy)

A security header that controls where a page is allowed to load scripts and content from — a strong defence against content injection.

HSTS

A header that forces browsers to always use HTTPS for your site, preventing downgrade attacks.

Attack surface

Everything about you that's reachable and could be attacked — your website, subdomains, exposed services, email and more.

Subdomain

A site under your main domain, like shop.yourbusiness.co.zw. Forgotten subdomains are a common, overlooked weak point.

Two-factor authentication (2FA)

A second step beyond your password (usually a code on your phone) so a stolen password alone isn't enough to log in.

Data breach

When personal or sensitive data is accessed or taken without authorisation. Under the Data Protection Act, breaches carry real obligations and penalties.

Data Protection Act (2021)

Zimbabwe's Cyber and Data Protection Act — the law governing how businesses must collect, store and protect personal data.

Zero-day

A vulnerability that's being exploited before a patch exists. Rare for small businesses — outdated software is a far bigger risk.

Get Started

Ready to Secure Your Business?

Whether you need a penetration test, a professional website, or both — we respond within 2 hours and can start your engagement in under 48 hours.

donovanmudarikwa@vanorikatechnologies.co.zw

No commitment · Free passive scan included · ZW DPA 2021 Compliant