Protect Your Data (and Your Firm) from Security Threats

Following our recent client alert, re: Protect Against Anticipated Rise in Cyber Attacks with RubyShield, security has come into renewed focus. The situation in Eastern Europe requires increased vigilance, as per the “Shields Up” guidance provided by the U.S. Cybersecurity & Infrastructure Security Agency.

Be assured, though, that RubyShield—Legalweek’s 2021 Winner for Data & Cybersecurity—is protecting your firm. RubyShield delivers:
—A dynamically-updated, best-practices configuration for the Web Application Firewall (WAF) security configuration
—Single Sign-On (SSO) and Multi-factor Authentication (MFA), as well as restricted administrative access to organization office and remote locations
—Physical security and operational standards of HIPAA, PCI DSS, SSAE 18, SOC 2 and ISAE 3402 certification
—Optional firewall configuration to lock down access to the RubyLaw administrative interface to selected IP addresses and/or regions; for more details, please see Protect Against Anticipated Rise in Cyber Attacks with RubyShield
—HTTPS (SSL/TLS) certificate registration and automated renewal management for encryption certificates, as well as client-defined TLS version requirements
—An intuitive security dashboard, allowing RubyLaw users to monitor their instance of RubyLaw for potential vulnerabilities

Beyond the above, our team of experts conducts monthly security scans and quarterly audits, notifying key client contacts of urgent issues if/as they arise. We also perform periodic penetration tests of the RubyLaw software to ensure that our systems are performing optimally and not falling subject to new vulnerabilities. 

If you have concerns, what can you do right now?

While much of the above is happening on your behalf in the background, there are measures that you can take immediately. You can:
—Consider the options above to restrict access to RubyLaw to your firm’s offices and/or block access to RubyLaw and/or your website to selected regions
—Review your RubyLaw users to determine if any are no longer employed and/or actively working on firm content, and therefore should not longer have access
—Review your usage logs (and API logs) to ensure nothing suspicious is occurring; we suggest doing this periodically
—Consider your users’ privileges and roles; only give the requisite privileges to each user

—Rotate your API key secrets, particularly if they haven't been updated in the past year
—Switch to key-based authentication, which is much more secure than password-based authentication, if you utilize RubyLaw SFTP services
Contact us with any questions or concerns

If you’d like to learn more about RubyShield and the entirety of our security posture, please contact your RubyLaw representative. You can also attend an upcoming session of RubyLaw Live.

Related Insights

Experience Matters...
Experience Matters...
Spotlight on RubyLaw: Firm experience: It matters. Really.
Are You Ready for (RubyLaw) 22?
Are You Ready for (RubyLaw) 22?
Spotlight on RubyLaw: The upcoming release of RubyLaw 22
An Ordinary Year for RubyLaw
An Ordinary Year for RubyLaw
Spotlight on RubyLaw: 2021, an "ordinary" year for RubyLaw
Introducing RubyLaw Express!
Introducing RubyLaw Express!
Spotlight on RubyLaw: Introducing RubyLaw Express, our solution for growth-minded firms!
RubyLaw 22 is coming!
RubyLaw 22 is coming!
Spotlight on RubyLaw: RubyLaw 22, coming soon!
Art, Science, and the Power of Platforms
Art, Science, and the Power of Platforms
Spotlight on RubyLaw: A look at the power of platforms
RubyShield
RubyShield
Spotlight on RubyLaw: RubyShield, our award-winning, secure hosting offering
RubyLaw Client Information Hub
RubyLaw Client Information Hub
Spotlight on RubyLaw; The RubyLaw Client Information Hub
A Special Edition!
A Special Edition!
Spotlight on RubyLaw: Recordings of two sessions from our annual summit
RubyLaw C.P.R. Kit
RubyLaw C.P.R. Kit
Spotlight on RubyLaw: The RubyLaw C.P.R. Kit
RubyLaw Content Locking
RubyLaw Content Locking
Spotlight on RubyLaw: Content Locking
RubyLaw Drafts
RubyLaw Drafts
Spotlight on RubyLaw: Drafts