Security is not a feature of what we deliver — it is the foundation. This page summarises the controls, processes, and operational practices MyIT Cyber applies across our own systems and within the services we operate for clients.
01Identity & Access Control
Multi-Factor Authentication (MFA)
MFA is enforced on every employee account, every administrative console, and every privileged production system. Clients onboarded into MyIT Cyber-managed environments are required to operate with MFA on all admin tiers.
Access Control Policies
- Role-based access control (RBAC) with least-privilege defaults
- Just-in-time elevation for sensitive administrative tasks
- Quarterly access reviews on critical systems
- Automated deprovisioning on employee or contractor offboarding
02Endpoint Protection
Every endpoint we manage runs an enterprise-grade EDR/XDR agent with continuous behavioural analytics, automated containment of confirmed threats, and centralised telemetry forwarded to our monitoring stack.
- Disk encryption enforced on all managed laptops and workstations
- Application allow-listing on high-sensitivity endpoints
- USB and removable-media policies aligned with client risk profile
03Encryption
In Transit
All client-facing services are served exclusively over TLS 1.2+ with modern cipher suites. Management traffic between our platforms and managed environments is encrypted end-to-end.
At Rest
Customer data stored within MyIT Cyber-operated infrastructure is encrypted at rest using AES-256 or platform-equivalent. Encryption keys are managed through hardware-backed key vaults with access logging.
04Security Monitoring
Managed environments are monitored continuously. Telemetry from endpoints, network appliances, identity providers, cloud workloads, and SaaS platforms is correlated in our SIEM and reviewed by our analysts.
- 24×7 detection on Critical-severity incidents
- Curated detection rules tuned per client environment
- Threat-intelligence feeds integrated into the detection layer
05Vulnerability Management
We operate a continuous vulnerability management programme covering infrastructure, applications, and third-party dependencies.
- Regular authenticated scans on managed endpoints and servers
- Risk-based prioritisation aligned with CVSS and exploit context
- Patch SLAs defined per severity, tracked through to verification
- Coordinated remediation windows with client change management
06Backup & Disaster Recovery
Backup strategies are designed per client environment and validated through periodic restore tests — backups that have never been tested are not backups.
- Immutable / air-gapped copies on critical workloads
- Backup health and freshness monitored continuously
- Documented recovery objectives (RPO / RTO) per service tier
- Restore-test reports retained for audit purposes
07Incident Response
Our incident response process follows a defined lifecycle:
- Detect — telemetry surfaces an anomaly through monitoring or client report
- Triage — severity assigned, response time committed per our SLA Overview
- Contain — affected systems isolated, lateral movement blocked
- Eradicate & Recover — root cause removed, services restored from clean state
- Post-incident review — written report with timeline, root cause, and remediation actions
08People & Operations
- Background checks where legally permitted before access is granted
- Mandatory security awareness training for all staff
- Confidentiality obligations under our standard NDA framework
- Documented change-management process for production systems
09Third-Party Risk
Vendors and platforms that touch client data are evaluated against security and compliance criteria before integration, and reviewed on a recurring basis. We prefer providers with recognised attestations (SOC 2, ISO 27001, or equivalent) and clear data residency commitments.
10Reporting a Security Concern
If you believe you have discovered a vulnerability or security issue affecting MyIT Cyber or a client environment we operate, please contact us at security@myit.co.il. We treat all reports confidentially and will respond in line with our incident-response process.