The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/854572
7 WWW.ILTANET.ORG BEST PRACTICES Preparing for the Future of Law Firm Security resistant to this kind of behavior and frequently stops it, pending approval. The priority is stopping risky behaviors before they can encrypt, relocate and delete critical files. Encryption Encryption is now a commonplace requirement. Assets in transit over wireless or untrusted connections commonly employ encryption mechanisms such as Secure File Transfer Protocol (SFTP), Secure Sockets Layer (SSL) or Transport Layer Security (TLS). To ensure that the versions being used are the most current to address known security vulnerabilities, SSL and TLS should use a minimum of 128-bit key strength, with 256- bit key strength preferred. Each web server involved in SSL or TLS communication should have a valid digital certificate from a trusted certificate authority (e.g., Comodo or VeriSign). Data at rest should be encrypted with at least a 256-bit key strength. Centralized management of encryption keys is critical. This includes developing a scheduled rotation and a defined process for the immediate rotation of encryption keys should a suspected or confirmed compromise occur. Secure File Transfers Data transferred between law firms and their clients or vendors must be accomplished through a centralized secure infrastructure. This can be enabled utilizing third-party tools if they are provided as an extension of the firm's existing enterprise. Many well-known data transfer tools that are not specific to securing client data are, in fact, not secure. Data Leak Prevention The leakage of intellectual property is a critical concern to law firm clients. Data leak prevention (DLP) solutions review email body and aachment content to identify and control personally identifiable information, code names and other sensitive data. Emails found to contain critical data are routed to a designated administrator for review prior to sending. Frequently, DLP tools also will employ or add encryption to outbound emails not already secured. Two-Factor Authentication Securing account access is, in many ways, the simplest solution to locking down an environment. Numerous vendors provide cloud-based authentication solutions that utilize mobile device applications to provide secondary authentication to an Active Directory domain login. An end user connects to the network, and, aer a login aempt, the mobile application prompts with a validation request. This confirmation is logged in conjunction with the login event. The idea here is not only to secure the environment from intrusion but also to match login times with other events. This could include file transfers, data exports, confidential email forwards and even malicious behavior. Nevertheless, utilizing two-factor authentication does not alleviate the need to protect, change and use complex passwords. Directory Management, Auditing and Notification Default operating system configurations around auditing and notification generally are insufficient. Firms should employ soware and processes that produce an audit trail and notify appropriate personnel of critical events. Examples include the creation of new accounts with administrator access, large data exports or identification of Active Directory accounts not accessed within a maximum period. Operating System and Application Patching This might sound obvious, but it bears repeating. Applying current operating system and application patches is critical. Soware vendors remediate known vulnerabilities within update periods. Missing even one critical update can expose law firms to known security risks. Endpoint Protection By now you undoubtedly have heard a story around ransomware infection. Traditional antivirus platforms that depend solely on virus signatures are no longer sufficient. Paerns of behavior must be monitored and logged, with unknown aempts blocked and false positive events approved. Chat applications can create more false positive results. An example is Spotify, which uses varying ports. Endpoint protection soware is MICHAEL KEMPS Michael Kemps is the founder and Chief Executive Officer at Innovative Computing Systems. He started the company in 1989 after developing relationships with several law firms that eventually became early clients. His interest in technology began when he was 13 years old and developed bulletin board systems with friends and repaired hardware and software for family and friends. Today, Michael is involved with the International Legal Technology Association and the Association of Legal Administrators, as well as several nonprofit organizations. He also is on the advisory board of a community bank. Contact Michael at mkemps@innovativecomp.com. Each web server involved in SSL or TLS communication should have a valid digital certificate from a trusted certificate authority.