Frequently Asked Questions
Zinia is an established IT company and Managed Services Provider (MSP) providing a range of industry-leading solutions to run, grow, or transform organisations; ensuring stable, efficient and secure running of IT operations for effortless IT delivery. Zinia has the capability, innovative technology, and operational excellence to partner with mid-sized to corporate organisations.
The common IT services include managed services, IT support, Cybersecurity as-a-service, IT Infrastructure and communications which includes Voice, PBX and telecoms services. As one of the only IT companies with an established in-house ISP, Zinia ensures all clients are supported with reliable connectivity solutions and redundancy for data and voice.
By outsourcing all or parts of your IT function, you get access to a team of experts who are specialists in their field and able to assist in all areas of your IT environment. These specialists are normally out of reach to many organisations due to their huge cost and lack of availability of scarce skills in the country.
Yes, our flexibility allows customers to pick and choose which services they will need for us to manage.
Yes, through our Access plan for partners and in house IT departments, we allow administrator access to our monitoring and management platform where thousands of routine IT tasks are automated, significantly speeding up the time and service levels when delivering remote IT support, routine maintenance, and patch management for servers, workstations, terminal users, and network devices.
No, we do offer a plan that includes on-site support where required.
We have a variety of packages to meet the needs of our clients, and we can tailor make a plan depending on your requirements. Visit (insert link to managed services page) to find out more.
The costs vary depending on your requirements whether you need remote support or on-site support, the number of users, workstations, servers and network devices.
1. No Capex expenditure, monthly OPEX fee
2. 99.95% uptime SLA
3. Security of data
4. Flexibility for remote working
5. Your business can scale faster
6. Updating of software is automatic
7. The managed provider takes care of maintenance
8. Better collaboration
We provide infrastructure-as-a-service including cloud storage, backups, hosting, managed firewall, managed network, virtual servers.
We provide IT support, Microsoft 365, managed firewalls, managed network, cybersecurity-as-a service, managed backup, email archiving, mobile device management, endpoint management, netpath and more.
We provide a range of IT products and services for organisations including:
IT monitoring and management
Microsoft 365 managed services
Endpoint Detection and Response (EDR)
Managed Detection and Response (MDR)
Cyber Awareness Risk Assessment & Training
Fibre for business
Mobile for corporate
It is a software tool that monitors employee’s time spent on their computer to increase efficiency and productivity of employees, teams and the company as a whole. It also monitors application usage, key activities such as email, online meetings, whatsapp, social media and websites visited.
If the software only tracks active screen time during working hours and has no visibility into the actual private contents it meets the requirements of PoPI to protect the private data of your employees.
A bring Your Own Device (BYOD) policy ensures that employees can use their personal devices for work activities with clear rules of how employees should and shouldn’t use their personal devices such as smartphones, laptops, and tablets.
No, the router supplied by Zinia is a managed, secure private connection and is managed by us on your behalf. The router sets up how we deliver service to you based on your package as well as for remote support.
If you are purchasing our outsourced IT network services, yes we can use your existing equipment, if it meets best practice criteria and is able to deliver the quality of service expected.
There are some important steps you can put in place to minimise the security concerns of employees using personal devices for work. The most important steps are:
1. Ensure employee off-boarding is covered in your policy, and is actioned, to ensure sensitive data is removed from their devices and that employees can no longer access the corporate network after they have left the company.
2. Implement user mobile device management (MDM) which is a strategy you can use to ensure mobile devices are used securely. Zinia provides MDM as a managed service offering to enforce security and encryption on mobile devices, immediately stop access to critical systems from devices that are lost or stolen, as well as to remotely manage and track devices.
3. Provide training on user policies, especially with the rise of cybersecurity attacks, so your employees understand the risks and can use their devices securely.
It is the practice of ensuring the confidentiality, integrity and availability of information. Cyber Security is the body of technologies, processes, and practices design to protect networks, devices, programs, and data from attack, damage, or unauthorised access.
Adversaries are increasingly taking advantage of bootleg or pirated copies of legitimate, off-the-shelf software and free, open-source tools. Typically, these tools are designed to simulate cyberattacks to improve security but can be exploited by criminals to do the opposite.
This is a kind of malware that locks the organisation out of their data or systems and only allows access once a “ransom” is paid. Ransomware is a real threat to all organisations. 66% of organisations were hit by ransomware in the last year, up from 37% in 2020. This is a 78% increase over the course of a year, demonstrating that adversaries have become considerably more capable of executing attacks at scale. to information technology security.
A phishing email is designed to use social engineering to exploit your organisation’s employees. If an attacker can get a user to click on a malicious link or open an infected attachment, they can steal login credentials and other personal data or install malware on the employee’s computer. From there, the cybercriminal can expand their access on the corporate network to steal sensitive data or perform other attacks. Over 90% of cyberattacks begin with a phishing email, and the reason for this is that phishing emails are effective. It is often much easier to convince an employee that they need to take action on their Netflix account or send a payment to a vendor than to identify and exploit a vulnerability in a company’s systems.
The rapid adoption of cloud computing has only made it easier for cybercriminals to exploit email. The growing use of cloud-based email and document sharing solutions – such as Google Drive and Microsoft 365 – have opened new attack vectors for cybercriminals. An attacker will commonly send a phishing email masquerading as a legitimate shared document. Upon clicking on the link, the target will be prompted to enter their credentials for the service to view it, which sends these credentials to the attacker. If the organisation has not configured their cloud infrastructure to provide visibility into account usage and implement access control, an attacker can use these stolen credentials to access sensitive data throughout the company’s cloud.
A zero day exploit is a cyber-attack that takes place on the same day the weakness is discovered in software. It is exploited before a fix becomes available from the Vendor. This is a risk to any computer or system that has not had the relevant patch applied, or updated in antivirus software.
Hacktivists usually take over public websites or social media accounts to raise the profile of a particular cause. This usually causes reputational damage as disrupted online services lead to the erosion of public confidence in the use of such services. They use denial of service (DDoS) by pursuing electronic attacks on a network or service to disrupt it.
Yes, attackers use information to obtain the movements, whereabouts, financial information, stock value, transport loads, places times, family schools, workplaces and more. Sometimes this goes as far as using this information to kidnap, Hijack individuals, or threaten family members associated with individuals they try to access information from.
The benefits of cyber security includes ensuring your company meets compliance needs of POPIA, enable a synchronised security policy, protect against data loss from Malware like ransomware, block modern and future threats, encrypt emails and attachments for secure communication, secure home and office laptop and desktop computers, extend protection to smartphones and tablets, keep servers and other network devices safe from threats, connect remote workers to office systems securely, block email spam, viruses, and phishing attacks, and help users work safely with security awareness training.
Installing a firewall is a requirement for any business. In today’s environment, having a next generation firewall is almost as important. Threats to personal devices and larger networks are changing every day. With the flexibility of a NGFW, it protects devices and companies from a much broader spectrum of intrusions. Although these firewalls are not the right solution for every business, security professionals should carefully consider the benefits that NGFWs can provide, as it has a very large upside.
A traditional firewall provides stateful inspection of network traffic. It allows or blocks traffic based on state, port, and protocol, and filters traffic based on administrator-defined rules. A next-generation firewall (NGFW) does this, and so much more. In addition to access control, NGFWs can block modern threats such as advanced malware and application layer attacks. According to Gartner’s definition, a next-generation firewall must include >
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Threat intelligence sources
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
Phishing is where cyber criminals attempt to retrieve sensitive information from a person by replicating electronic communication from a trusted company such as their bank. The attacker creates a fake website that looks exactly the same as the bank and sends an email to the customer of the bank to trick them into clicking on the URL. The customer is redirected to the fake website and prompted to enter confidential information. Usually it seems legitimate for example saying that there are security concerns and the bank wants to issue a new password. The criminals then use this bank information to make purchases.
Phishing emails and other malicious messages are designed to provide an attacker with initial access to an organization’s network. This can occur in a variety of ways and achieve several different purposes, these include credential theft, making fraudulent payments, installing a Trojan, deliver Ransomware, to introduce zero-day malware, tricking users into taking action through social engineering, and employee negligence.
Antivirus programs use signature-based threat detection and prevention features to keep malware, such as viruses, spyware, bots and Trojans, from gaining access to a company’s network. A signature is any type of pattern or footprint left by a malicious attack. AV tools match these signatures with out-of-the-ordinary behaviour such as unauthorised software execution, network access, directory access or the byte sequence of a file. The next step is neutralizing the attack if the signatures match. The companies that make AV tools keep updating their signature databases so their solution can provide protection against a wide range of threats. However, technological advancements have made cyberattacks signatureless and file less. This is where AV solutions fail, and endpoint protection solutions step in to save the day. An endpoint management solution essentially combines antivirus safety features along with other security functions such as sandboxing, data loss prevention, next-generation firewalls and enhanced data recovery.
EDR takes cyber security procedures a step further with its data analysis and forensic capabilities. EDR tools identify and respond to cyberthreats before they occur or while they are in progress. In addition, it can detect malware with polymorphic codes that can go undetected by traditional security tools. The goal of an EDR solution is to identify active and potential security threats that aren’t detected by traditional antivirus tools, such as zero-day attacks and file less malware attacks and respond quickly to them. EDRs also come with machine learning and built in analytics tools that can identify and neutralize a threat in the early stages of an attack. This feature powers EDR’s to study the behaviours of new and emerging threats and prepare for them in advance.
Endpoints can serve as doorways for cybercriminals to gain access to a company’s network. As companies grow and connect more devices to their network, the risk of a cyberattack also increases proportionally. That’s why businesses should monitor all their endpoints for anomalies and suspicious behaviour in order to contain threats before they snowball into a disaster and disrupt business activities.
Endpoints are devices that are connected to a corporate network and can communicate with it and other endpoints on that network. Endpoints include, but are not limited to, laptops, desktops, servers, workstations, tablets, smartphones, IOT devices, network switches, modems, routers, printers, POS systems and BYOD devices.
With remote work now more common and companies increasingly adopting hybrid work models, endpoints are no longer restricted to on-site locations. Employees are connecting to company servers using a variety of networks (Wi-Fi, 4G) and from various remote locations. Endpoints have become more vulnerable to cybercrime in recent years and cybercriminals have exploited vulnerabilities in them to execute malicious code and launch attacks. The average total cost of a data breach was over $1 million higher in remote work-related incidents as compared to incidents where remote working was not a factor.
They use them as entry and exit points to a company’s network, access information stored on the endpoints, and to launch DDoS attacks that overload the servers, causing businesses to halt for hours.
Yes, it is as important as it is for large corporations. Cybercriminals often exploit the fact that SMBs don’t consider themselves attractive cyberattack targets and hence do not implement adequate security measures, leaving their endpoints vulnerable and unprotected. According to the Verizon 2021 Data Breach Investigations report, small organizations accounted for less than half the number of breaches as compared to large organizations in 2020. However, in 2021, the gap between the two dwindled with large organizations experiencing 307 breaches compared to 263 for small organizations. In addition, where large organizations detected breaches within “days or less” in over half the cases (55%), small organizations didn’t fare as well at 47%. Any company, no matter its size or industry, should prioritize endpoint protection.
An endpoint protection tool has several advantages that are crucial for ensuring business continuity. These include unified security management, protection against key threat vectors, simplified security management, and better business resilience. Cyberattacks are unavoidable. The right endpoint protection tools can help protect your data, and digital forensics incident response capabilities can also help you retrieve affected data quickly.
Zero trust is a framework to secure infrastructure and data in the digital world. It ensures that all users – in and outside the organisation’s network – are authorised, authenticated and validated on a continual basis before being allowed to access company data and applications.
Threat hunting is the iterative and proactive process of searching through endpoint and network telemetry to identify malicious activity, done so with the assumption that adversaries have already evaded defences. We label it as iterative as the practice needs to adapt constantly to ensure it remains an effective method to seek and neutralize today’s equally evolving cyber threats. During a threat hunt, teams will analyse the tools, techniques, and procedures (TTPs) used by threat actors to determine the attack’s stage and build intel. Once they have established this, they will take an appropriate action to neutralise the threat if necessary.
A human firewall is when an organisation and its IT department ensure that employees are following cybersecurity processes, policies and training to ensure they stop phishing attacks and other risky activities. Because they are the first line of defence against Phishing and Ransomware attacks they need to be trained well enough to be able to help secure the company, and report any data compromises or suspicious activity to the IT department.
95% of threats have been caused by human error (Global Risks Report, WEF). That is why employee awareness training and continual assessment of your people is critical.