myosh ensures your information and data are protected

    ISO 27001

    Our ISO/IEC 27001 standard provides guidance for establishing, implementing, maintaining and continually improving an information security management system. Security is our highest priority

    type type typeby Christin Hume
    two women sitting at a table in front of a window

    Security

    Our platform has been designed from the ground up to exceed industry security requirements.

    myosh uses the world’s most comprehensive and broadly adopted cloud platform – Amazon Web Services (AWS). The AWS infrastructure puts strong safeguards in place to help protect customer privacy, and all data is stored in highly secure AWS data centres. Find out more about AWS here.

    Access control

    As a myosh customer you have the flexibility to invite users into your account to collaborate on your data, and the person that holds the subscription has control over who has access and what they are able to do.

    Please view the myosh privacy policy for further information.

    User authentication

    We provide standard access to the myosh software using a unique username and password. Additionally, we support integration with Single Sign On (SSO) systems that allow organisations to apply their own Multi-Factor Authentication (MFA) and other authentication controls.

    Data encryption

    We encrypt all data that goes between you and myosh using the industry-standard SSL/TLS, protecting your personal, confidential and safety data. Your data is also encrypted at rest when it is stored on our servers, and encrypted when we transfer it between data centres for backup and replication.

    Network and System protection

    myosh takes a defence-in-depth and breadth approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. myosh’s security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.

    Cloud platform

    Our virtualised infrastructure is located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. myosh maintains multiple geographically separated data replicas and hosting environments to minimise the risk of data loss or outages.

    Security monitoring

    myosh’s cybersecurity team continually monitors for threats to the system, including event logs, notifications and alerts. Also, myosh’s Information Security Management System is certified against the ISO 27001:2013.
    AWS environments are continually monitored and audited, with certifications from accreditation bodies across geographies and verticals as part of AWS ongoing compliance with SOC, PCI DSS, ISO 27001:2013 and FedRAMP.

    Penetration Testing

    Penetration tests are performed by independent, CREST-certified providers.

    Tests that are performed include TOP 10 OWASP, Most Critical Web Application Security Risks, OWASP Testing Guide v4, CWE/SANS TOP 25 Most Dangerous Software Errors.

    Availability

    We use highly fault tolerant and redundant services wherever possible to achieve a high level of availability. These ensure that if any component fails, myosh will keep on running – with little or no disruption to your service.

    Built to perform at scale

    myosh has been designed to grow with your business. Our highly scalable infrastructure ensures we can deliver a quality and responsive service to you and our global users.

    Disaster recovery and readiness

    myosh performs real-time data replication between our geographically diverse, protected facilities, to ensure your data is available and safely stored. This means that should even an unlikely event occur, such as an entire hosting facility failure, we can switch over quickly to a backup site to keep myosh and your business running.

    Constant updates and innovation

    We’re constantly enhancing myosh, delivering new features and performance improvements. Updates are delivered frequently, with the majority of them being delivered without interrupting our service and disrupting users.

    Phishing and malicious emails

    A phishing email is a favoured way for cyber criminals to get access to your sensitive information, such as your usernames and passwords, credit card details, bank account numbers, etc. This kind of email may look as if it has come from a trustworthy source, but will attempt to trick you into:

    • clicking on a link that will infect your computer with malicious software
    • following a link to a fake (but convincing looking) website that will steal your login details
    • opening an attachment that will infect your computer.

    Once you are hooked, the cyber criminal may be able to steal or extort money from you, or gather sensitive personal or business information that they can use for other attacks. However, you can protect yourself and your business by being aware of these scams, and by knowing what to look for that may help you identify a malicious email:

    • Incorrect spelling or grammar: legitimate organisations don’t always get it 100% right, but be suspicious of emails with basic errors.
    • The actual linked URL is different from the one displayed – hover your mouse over any links in an email (DON’T CLICK) to see if the actual URL is different.
    • The email asks for personal information that they should already have, or information that isn’t relevant to your business with them.
    • The email calls for urgent action. For example, “Your bank account will be closed if you don’t respond right away”. If you are not sure and want to check, then go directly to the bank’s website via the URL you would normally use, or phone them. Don’t click on the link in the email.
    • The email says you’ve won a competition you didn’t enter, have a parcel waiting that you didn’t order, or promises huge rewards for your help. On the internet, if it sounds too good to be true then it probably isn’t true.
    • There are changes to how information is usually presented, for example an email is addressed to “Dear Sirs” or “Hello” instead of to you by name, the sending email address looks different or complex, or the content is not what you would usually expect.

    These are just a few of the things to watch out for. There’s a lot more information and tips available on the web. But even if there’s nothing specific you can point to, the email may just not “feel” right. Trust your instincts, and don’t get hooked.
    If you suspect you’ve received a phishing or malicious email, and it says it’s from myosh or uses myosh’s logo, do not click on anything in the email – please report it by forwarding the email to phishing@myosh.com.
    Try to avoid a phishing attack by following these rules

    If you receive a suspicious email make sure you:

    1. DO NOT CLICK on any link or attachment contained in the email.
    2. DO NOT REPLY to the email.
    3. Report the email by forwarding it to phishing@myosh.com if it is myosh-branded.
    4. Delete the email.Update your anti-malware (anti-virus, anti-spyware) and run a full scan on your computer.
    Learn more about Implementation and Integration. Or if you would like more information, please contact us.