Protect Your Data (and Your Firm) from Security Threats

Following our recent client alert, re: Protect Against Anticipated Rise in Cyber Attacks with RubyShield, security has come into renewed focus. The situation in Eastern Europe requires increased vigilance, as per the “Shields Up” guidance provided by the U.S. Cybersecurity & Infrastructure Security Agency.

Be assured, though, that RubyShield—Legalweek’s 2021 Winner for Data & Cybersecurity—is protecting your firm. RubyShield delivers:
—A dynamically-updated, best-practices configuration for the Web Application Firewall (WAF) security configuration
—Single Sign-On (SSO) and Multi-factor Authentication (MFA), as well as restricted administrative access to organization office and remote locations
—Physical security and operational standards of HIPAA, PCI DSS, SSAE 18, SOC 2 and ISAE 3402 certification
—Optional firewall configuration to lock down access to the RubyLaw administrative interface to selected IP addresses and/or regions; for more details, please see Protect Against Anticipated Rise in Cyber Attacks with RubyShield
—HTTPS (SSL/TLS) certificate registration and automated renewal management for encryption certificates, as well as client-defined TLS version requirements
—An intuitive security dashboard, allowing RubyLaw users to monitor their instance of RubyLaw for potential vulnerabilities

Beyond the above, our team of experts conducts monthly security scans and quarterly audits, notifying key client contacts of urgent issues if/as they arise. We also perform periodic penetration tests of the RubyLaw software to ensure that our systems are performing optimally and not falling subject to new vulnerabilities. 

If you have concerns, what can you do right now?

While much of the above is happening on your behalf in the background, there are measures that you can take immediately. You can:
—Consider the options above to restrict access to RubyLaw to your firm’s offices and/or block access to RubyLaw and/or your website to selected regions
—Review your RubyLaw users to determine if any are no longer employed and/or actively working on firm content, and therefore should not longer have access
—Review your usage logs (and API logs) to ensure nothing suspicious is occurring; we suggest doing this periodically
—Consider your users’ privileges and roles; only give the requisite privileges to each user
—Rotate your API key secrets, particularly if they haven't been updated in the past year
—Switch to key-based authentication, which is much more secure than password-based authentication, if you utilize RubyLaw SFTP services
—Contact us with any questions or concerns

If you’d like to learn more about RubyShield and the entirety of our security posture, please contact your RubyLaw representative. You can also attend an upcoming session of RubyLaw Live.