Security Tips for a Remote Work Environment

If your organization recently made the urgent switch to a remote workforce, don’t treat any security or business continuity efforts as a one-and-done endeavor. Ongoing risk management, specifically risk reduction and awareness, will be vital for continued success.

Fortunately, for most organizations, this doesn’t need to be anything elaborate or time-intensive…but you need to do something.

In just a few hours you can help reduce known security risks and set your remote workforce up for ongoing success.

Here are a few tips to get you on your way:

Create backup plans for critical services

Your business likely relies on new digital tools and functions that you may not have had a few weeks ago. As noted in the image below, the internet as a whole has seen a drop in performance over the past weeks. While the U.S. internet shouldn’t have any issues maintaining a high level of service, you should still have backup plans in place for functions like your online conferencing system.

Identify and document core functions 

If you only have a couple of individuals that can access and manage critical systems such as payroll, accounts payable, billing, CRM, or essential IT functions, it’s important that you cross-train to avoid gaps. This will ensure that the business can continue operating in the unfortunate event that employees become sick.

Train your staff about COVID-19 scams 

Cybercriminals thrive on chaos. Train your staff to recognize these cyber scams. The Cybersecurity and Infrastructure Security Agency (CISA) recommends you:

  • Avoid clicking on links or opening attachments in unsolicited emails
  • Only visit trusted sources for COVID-19 news, like government websites
  • Refrain from sharing personal and financial information over email
  • Verify all charities prior to donating money

Enhance home/ remote cyber defenses

There is a ton of online resources on how to secure home-based networks and systems properly. A few essential items to implement quickly:

  • Change your router’s default password.
  • Check that your router and other systems are up to date on all security patches.
  • Ensure you are using WPA2 if using WiFi. You can quickly find this out by going to your WiFi properties or settings. If you are using a Mac, simply hold down the option key and click the WiFi icon simultaneously.
  • If possible, segment your work PC from the rest of your WiFi/network; insecure systems and IoT devices are not your friends here.
  • If employees have resorted to using personal devices due to the overnight change to remote work, consider procuring and mailing company-managed laptops to them. You can also leverage virtual desktop infrastructure, such as dizzion.com, that allows employees to access their work computers from any device.

Consider Moving to the Cloud

Lastly, if your organization has been heavily reliant on on-premise systems, you’ve likely already faced work disruptions. Insecure access to already security-challenged legacy systems has also likely exposed you to even more security threats.

If you haven’t already moved to the cloud, now is a better time than any to do so as it will support your overall security risk reduction efforts. To see how Litify’s cloud-based practice management system can help you, schedule a free personalized demo. If you need a quick-to-implement remote solution, our LitifyGo product may be right for you.

Tips for Working Remotely During the Coronavirus Pandemic

COVID-19 has taken a dramatic turn in the last few days, causing every law firm and business to seriously consider remote work. 

Much of lawyers’ day-to-day work includes face-to-face interaction, like court trials, depositions, client meetings, and the like, making this crisis unchartered territory for many in the legal industry.

Above all, it’s important to keep staff and clients safe, while still doing what you can to maintain those relationships. 

In the latest episode of LitiCast, Vice President of Growth Jon Robinson spoke with Chief Revenue Officer Terry Dohrmann and Chief Information and Security Officer Travis Howe about what law firms and organizations should be thinking about right now as they move to a remote work model.

Watch their conversation below.

Remote Work Checklist 

Proper Equipment

Beyond ensuring that employees have laptops, consider other equipment that will set them up for success, including headphones, monitors, and wireless keyboards.

Internet Access

While employees may relish the opportunity to work from anywhere, the local coffee shop may not be the safest or most secure place to do so. Work with your team to ensure that every person has access to fast and secure Wi-Fi while away from the office. This means avoiding public networks as much as possible.

Cloud-Based Software

Working remotely comes with its own unique communication and productivity challenges. Having the right tools can help.

More than half of Litify’s team works remotely full time. Here are the solutions that we’ve found to be particularly helpful:

  • Zoom: Video conferencing. We hold our company-wide meetings (150 employees!) on Zoom. We also use it for client meetings.
  • Slack: Internal instant messaging. Easily share files and updates with colleagues in a searchable, organized manner. You can use separate channels to discuss particular cases or clients.
  • Drift, Loom: Video voicemail. Send a video to a client with a quick update. Much more personal than an email.
  • AssureSign, DocuSign: E-signature. Send and receive signed agreements virtually.
  • LastPass: Password protection. Securely store and share login information for shared accounts.
  • Concur: Expense tracking. Upload e-receipts and get expenses approved, without having to print a thing.

Educate Your Staff About Security

There will sadly always be a few bad actors that try to profit off of crises. Make sure your staff knows what to look out for.

  • Phishing emails: With most companies working remotely, fake emails from executives will be on the rise. Tell your staff to confirm over the phone if they are asked to wire money or email sensitive records. And always double-check the sender’s email address.
  • Scam coronavirus domains: Everyone is searching for answers and resources during this unprecedented time. Make sure you visit reliable and trustworthy sources.
  • Unsecure Wi-Fi: Again, ensure staff has access to secure Wi-Fi. Avoid public Wi-Fi and use a WPA (WiFi-Protected Access) network.

What Should You Do Now?

If you have some time: Do a stress test. Have employees work from home and see where your technology gaps are. 

If employees need to work from home today: Still take the time to properly set up remote access. While these are stressful times, having a breach will only exacerbate problems for your business.

Think about the future: The only better time than yesterday to move to the cloud is today. There will be other crises after COVID-19, like natural disasters. Cloud-based platforms like Litify can help you keep your business stable during any emergency.

Lean on technology experts: Companies like Litify think about virtual work every day. Feel free to ask us for recommendations on tools you can leverage and best practices we’ve seen from other law firms. Let’s talk.

How Secure Are Law Firm Management Platforms?

Every day, more law firms are transitioning to practice management platforms in an effort to become more efficient with their time, while best optimizing their organizational workflows. Unfortunately, one of the biggest hesitations firms still have regarding the technology is, “how safe is it?”

Of course, security should be a top priority for law firms, especially in today’s digital climate where data breaches appear in news headlines almost daily. However, the fear of new technology shouldn’t act as a roadblock to progressive behavior toward better firm capabilities and enhanced client relations. Law firms that are slower to adopt management platforms are running the risk of opening potential gaps in their security measures. Today, unencrypted email communication is one of the biggest threats to sensitive information being illegally accessed. Furthermore, with lawyers becoming more mobile in their professional and personal lives, work is being conducted via various public and private internet connections, as well as across multiple devices. This potentially puts law firm and client information in the crosshairs.

Cloud-based law firm software has changed the legal landscape. By utilizing new security measures through powerful platforms like Salesforce, law firm management platforms are able to usher in a new era of security.

Safer Physical Storage

Sensitive information stored on personal devices or internal servers might seem safer due to its close proximity, however, cloud storage provides better company privacy and security. Cloud servers provide physical separation from an on-site breach by housing information in geographically dispersed data centers This significantly reduces the likelihood of your data being accessed by unauthorized users. In addition, top-cloud service providers like Salesforce safeguard their servers with items such as fences, guards, biometric devices, cameras, and more.

Secondly, a cloud-based law firm management server provides protection against natural disaster outages and localized equipment failures. By storing firm information in multiple data centers across the world, vital company information is always accessible and able to be recovered regardless of environmental factors that may affect your company and employees. This storage method also allows for easier recovery in the case of potential information loss or compromise.

High-Grade Encryption

To best safeguard against potential threats like hackers and malware, cloud-technology takes several encryption steps to minimize risk. Litify’s Salesforce-based legal platform employs TLS encryption for data in transit between end users, the platform, and any integrations. Our Docrio product for document management and generation is encrypted at rest by default as well as optional field-level encryption at the platform level. Data encrypted at rest and transit by 128 or 256-bit Advanced Encryption Standard (AES), protects data from unwanted internal or external access.

Improved User Protection

It is common for a company’s employees to be their biggest security risk. Poor password design and clicking links in phishing emails are all common mistakes that can open companies to potential hacking threats. Cloud-based management platforms like Litify help reduce the risk of employee error or carelessness, leading to security concerns. On a user-facing level, law firm management platforms invoke two-step authentication. This helps ensure platform users are in fact who they say they are. On Litify’s platform, in addition to a username and password, law firms and companies can choose to enforce that users verify their identity through the use of TOTP tokens, U2F protocol tokens, other time-based authenticators, as well as SAML 2.0 integrations. Added user-security features include secure portals for communicating with clients, colleagues, and other legal partners. Built on Salesforce, Litify’s platform is regularly monitored by security analysts that catalog network actions to better understand user habits and build identifiers of possible threats to data security.

Ready to Experience a Secure Platform for your Legal Practice?

Litify is the all-in-one law firm platform that can transform your practice and your client’s experience. See how Litify can revolutionize your company’s security efforts — let’s talk.

10 Cloud Security Best Practices For Attorneys and Law Firms

If you’ve been overwhelmed and frustrated by having to maintain an in-house IT solution for your law firm, you might have considered using a cloud computing platform specifically for case management.

There are many benefits for moving your files and data to the cloud, such as lower cost, increased productivity, scalability and higher client satisfaction.

Understandably, law firms are concerned about the IT security of these cloud-computing solutions.

After all, it’s not only your own data but also the sensitive information your clients have entrusted you that’s on the line.

The reality is, maintaining a secure on-premise IT solution is becoming increasingly difficult and costly. In fact, 64% of IT professionals at medium and large enterprises say that a cloud system is more secure than a legacy system.

However, moving to the cloud doesn’t mean that you’re off the hook. The files and data you store in the cloud are only as secure as the measures taken by your provider to protect them and your ability to adhere to security protocols.

In this article, you’ll learn 10 cloud security best practices that you need to ask your provider about or implement as a user:

1. Multi-Factor Authentication

Simply using username/password as login credential is no longer enough to ensure secure access by authorized personnel.

You should be able to set up additional authentication method(s) to supplement the username/password pair, such as a physical token, a password card, a digital certificate, biometry or SMS password.

Image source

2. Access Management Policy

Your cloud-computing service platform should allow you to set access rights for each individual user such that employees, contractors or clients can only access information relevant to their roles.

It’s also important to keep track of access granted on a temporary basis and remove users when their relationships with your firm end.

3. Log Management

Logs are not only for compliance. They also help monitor suspicious activities and aid in forensic investigations in case there’s a breach.

Your cloud service provider should keep track of every user that logs into the system and views any document, and be able to provide you with such information upon your request.

4. Data Backup and Recovery

A top-tier cloud service provider should have a comprehensive backup and recovery plan with multiple redundancies built in to ensure that your data is secure whether there’s a cyber attack or physical disaster – covering scenarios for either loss of location (e.g. physical disaster) or loss of Internet connectivity.

A well-designed recovery plan allows you to get up and running again with minimum downtime, which could be critical when you’re working with time-sensitive materials.

Image source

Make sure you review the recovery plan with your provider so you know exactly what to do when there’s an emergency.

5. Vulnerability Analysis and Ethical Hacking

Your cloud service provider should routinely carry out vulnerability analyses done by a credible third party to ensure the security of the system.

These analyses help the provider stay on top of their security measures and ahead of malicious hackers.

6. Compliance To Security Standards

Security standards for cloud computing are fast evolving. Besides making sure your provider is adhering to industry standards (e.g. ISO 27001,) you should also do your due diligence by making sure your platform is compliant with the standards required for your business and area of practice (e.g. HIPAA.)

Image source

7. Procedure In Case Of DDoS Attack

A DDoS (Distributed Denial-Of-Service) attack could bring down a cloud service and anything connected to it as hackers flood the system with data to prevent users from accessing the website.

Make sure your provider shares with your any pertinent procedure so you won’t be caught off guard without access to your data.

8. Data Encryption

Your data should be encrypted during transfer and storage to ensure that they’re protected from prying hackers.

9. Browser Security

Your employees will likely be accessing the cloud through their web browsers. Make sure the browsers on all the computers are properly updated to avoid browser exploits.

10. Employee Training

Your security measures are only as good as how well all your employees are adhering to the protocol.

Work with your cloud service provider to set up employee training to help your staff understand and apply the new security procedures. You also want to make sure that this training becomes part of your new employee on-boarding process.

Be a Smart Cloud User

Cloud security is fast evolving to keep up with the ever-changing technological landscape.

To safeguard your files and your clients’ data, make sure you understand your providers’ security model and stay vigilant.

Stay informed by educating yourself so you can ask pertinent questions when choosing a cloud provider to protect your information.

Here at Litify, we’re committed to providing a secure cloud-computing environment for our customers and help them streamline workflow, increase conversion rate and of course, beef up IT security. Find out how Litify makes it easy for you.

IT Security For Law Firms — Cloud-Based Solution vs. On-Premise Solution

IT security has been a hot topic in recent years. After a few high-profile data breaches, the public is now very aware and wary of the risks and challenges facing IT security.

In the past, small law firms — or any small company or business — could rely on their inconspicuousness to protect them against malicious hackers. After all, whether a hacker was looking for fame or fortune, breaching a large corporation would offer a much better payout.

However, it’s no longer the case.

In March 2017, a company called Oil and Gas International filed a bug report with the Firefox browser maker Mozilla claiming that Firefox was wrongly warning users that its website was insecure.

The company claimed, “We have our own security system, and it has never been breached in more than 15 years.”

Shortly after the report was filed, hackers who breached into their system deleted their entire database.

The 15 years of security was an illusion — one that caused the company to let down their guard, become lax in their IT security, and ultimately cost them dearly.

It’s no longer safe to rely on security through obscurity. Your company is exposed to potential breaches every single minute in this age of IoT (Internet of Things.)

Think about all the devices (including routers, cable boxes, game consoles, refrigerators, cameras, TVs, and home security systems) that are now connected to the Internet. Hackers can easily find a vulnerability in a device or software to breach a system.

Not to mention, the “bring your own device” trend that’s becoming very common in many workplaces means any personal device connected to your system can potentially be breached, giving hackers a way to get their hands on your confidential data.

In 2016, ransomware attacks grew at a blistering pace. In total, SonicWall reported 638 million cases.

Meanwhile, the advent of cryptocurrencies like Bitcoin allows for anonymity that has made it easier than ever for a hacker to extract a ransom from compromised victims.

Instead of targeting large corporations that have much tighter security, more and more hackers are attacking smaller businesses because they can breach those systems much faster and easier.

Small or mid-sized businesses can no longer ignore IT security and hide behind obscurity. You have to make sure that your information and data are safe.

For law firms, it’s not only your own data that is on the line.

Your clients trust you with their confidential information, and a data breach will not only cost you financially but also your reputation and your clients’ trust and relationships.

The question is — what’s the most secure way to host your applications, files, and data?

There are two options: hosted or on-premise (known as “on-prem” in the tech industry.)

The prevailing assumption in the legal industry seems to regard on-premise solutions as more secure. Unfortunately, this idea is a relic from the early years of the Internet and is now dangerously inaccurate.

On-prem solutions come with a very high cost of ownership.

Not only does your organization have to implement the technical solution but also become responsible for the maintenance of proper security, which often takes a tremendous amount of knowledge, effort, and money.

Your IT team needs to keep every piece of hardware and software up to date, ensure security settings are correctly applied and audited regularly and have a backup system in case of a failure or attack.

Data loss can be devastating to businesses — did you know that60% of companies that lose their data shut down within 6 months of the disaster?

It’s critical that you have a system in place to back up your system and all the changes in real-time. The back up should be stored in a remote location and set up for quick and easy recovery to minimize downtime.

If all the IT logistics is making your head spin, and getting you to wonder how you can have the personnel and resources to ensure security — here’s the good news:

Most companies are now moving to cloud-based, or hosted, solutions.

Top-tier hosted solutions are much safer than on-prem solutions because they make providing customers with a secure IT environment their business.

They have entire teams of experts dedicated to ensuring that their system is up-to-the-minute. Many of them take the initiative to incentivize security researchers to report vulnerabilities before hackers find and exploit them.

If you’re still hosting your IT system on premise, it’s time to evaluate how well protected your data is, and if it’s time to switch to a hosted solution.

Contact Litify to Learn More About Our Secure Cloud-Based Case Management Solution

Litify understands the importance of attorney-client confidentiality to your firm’s success, which is why we use security tools that exceed all industry requirements.

To learn more about cloud computing solutions and how we can protect the privacy of your data, please contact us for a free demo.

Email Security: How Law Firms and Attorneys Can Protect Sensitive Client Information

Email hacking has become quite a hot topic lately, and the American Bar Association (ABA) recently responded by releasing a publication on “Securing Communication of Protected Client Information.”

In row 138, the document stated that it’s “not always reasonable to rely on the use of unencrypted email.”

In row 202, the publication devoted a section on determining “how electronic communications about clients matters should be protected.”

In row 212, the document indicated that “Alternatively, lawyers can consider the use of a well-vetted and secure third-party cloud-based file storage system to exchange documents normally attached to emails.”

So what do all these mean for your law firm?

As a law practice, your clients are entrusting you with their private and confidential information. It’s your responsibility to ensure the safety of such information both during transit and in storage.

A security breach will not only have legal and financial ramifications but also impact the trust and relationships you’ve built with your clients.

As such, it’s critical that law firms and attorneys take precautions to ensure the security of all client information.

With the advent of the digital age, an increasing amount of confidential information is being shared and communicated electronically.

Many attorneys are sending files with sensitive information via emails. Even though this helps expedite many procedures, the often insecure transfer of data also open up opportunities for malicious hackers to profit from exploiting such private information.

Emailing Confidential Client Information Exposes Your Practice To Cyber Criminals

60% of companies in this study said they’ve experienced more than one data breach in the span of two years’ time.

Image source

No email platform is fully protected from security breaches. Email communications involve a large number of moving parts and offer too many “entry points” for hackers to exploit, many of which are not under your control no matter how diligent you are.

For example, if someone you trust got hacked, they could unknowing send you malicious files or links that could give hackers access to your system. The same goes for your employees and clients.

In Q3 2016, 18 million new malware samples were captured.

All it takes is for one piece of malicious code to sneak into one of your employee’s inbox to put your entire company’s data and your clients’ private information at risk.

Not to mention, when a breach happens and an email account got hacked, not only the documents you’re currently working on are at risk but every single document you’ve ever emailed could also get compromised!

Creating a secure IT environment for information transfer using emails with an on-premise server is costly and very challenging.

Even if you manage to set up a secure server environment, you have to ensure that all your employees are following the security protocols at all times.

With the increasingly popular “bring your own device” trend in the workplace, implementing endpoint security can be a huge undertaking if you were to do it on your own.

Not to mention, no matter how secure your IT environment is, you don’t have control over that of your clients’. It takes only one client to make one mistake to create a domino effect of irreparable damage.

A More Secure Way For Document Transfer and Collaboration

As a response to the insecure nature of email communication, ABA recommends lawyers to “consider the use of a well-vetted and secure third-party cloud-based file storage system to exchange documents normally attached to emails.”

What does that mean, and what can you do?

To prevent important data from being hacked via emails or stolen from hardware, more and more companies are relying on cloud services — Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) or Infrastructure-as-a-Service (IaaS) — to handle sensitive information.

In 2016, more than 94% of companies use SaaS vendors to provide secure environments for keeping their data and information safe when transferring and sharing documents.

Using cloud-based platforms to handle file transfer both internally and with clients is the best way to ensure that your information is secure from the prying eyes of malicious hackers, and here’s why:

  • Your information is protected by endpoint security protocols, such as multi-factor authentication to ensure that only authorized clients and personnel can access the designated files and data.
  • You can rest assured that your data is safeguarded in a secure environment by a professional team of IT experts, 24/7/365.
  • Even if hackers manage to breach your email system, they won’t be able to obtain your sensitive client information because these files aren’t stored on your email server.
  • You don’t have to worry about upgrading your hardware or software to comply with fast-evolving industry standards.
  • You can be sure that your files and data are backed up with a comprehensive recovery plan.
  • Your data and files are encrypted during transit and storage for extra security.
  • You’re protected against ransomware – even if hackers can get into your server, there’s no file for them to hold hostage because your information isn’t stored locally.

Not All Cloud Platforms Are Created Equal

The security of a cloud service is only as good as the company that’s hosting it.

That’s why Litify chooses to build our applications – a suite of tools customized for attorneys and law firms – on the Salesforce platform.

Salesforce’s cloud service is the world’s largest CRM platform trusted by numerous government agencies and global corporations including ADP, Amazon Web Service, America Express, Cisco, Comcast, GE, KLM, L’Oreal, NBC, Philips, P&G, Spotify, T-Mobile, Toyota, Western Union, and many more.

Besides the many benefits offered by cloud-based computing, Litify’s customers can take advantage of the robust security available through the Salesforce platform.

For added protection, our team doesn’t have access to your files and data, which live on the Salesforce cloud and are only accessible by those authorized by your company.

Our team at Litify is ready to help you meet the standard of today’s IT security best practices and protect your firm’s and your clients’ sensitive information from prying hackers. Schedule a live demo to see our software in action.