CARET Legal’s experienced security team employs state-of-the-art technology to detect, investigate, and stop threats before they can impact your firm’s operations.
Here are just a few ways we keep your practice safe 24/7/365:
External Security Audit
Automated probing services provided by external security companies scan every 24 hours for potential vulnerabilities in our applications, systems and networks. These automated scans are supplemented with human security experts that employ manual penetration strategies to identify and address latent hazards within both the application and infrastructure layers.
All documents, as well as critical data, are encrypted at rest using a multi-iteration 2048-bit process. Certain data such as passwords are also protected with a randomly generated cryptographic salt.
Secure Data Transmission
Data is transmitted from CARET Legal's servers to your devices via bank-grade TLS encryption that prevents digital eavesdropping by unauthorized parties.
- Brute Force Attack Countermeasures
A brute force attack is a trial and error method of guessing different letters and numbers and cycling through them via automated means to gain access to an account. For example, a simple brute force attack may utilize a dictionary of all words or commonly used passwords and continuously attempt to login with those terms until it successfully guesses the correct password and obtains access. CARET Legal identifies abnormal activities indicative of a brute force attack and undertakes a variety of measures, both at the firewall and application level to prevent unauthorized access to data.
Data Redundancy and Backup
CARET Legal is deployed on the Amazon Web Services (AWS) platform. Documents and data are protected by Identity and Access Management roles within an AWS Region and replicated across Availability Zones for backup on a daily basis. This means that if some servers go down, the other connecting servers will auto-rollover and your access to your data will be uninterrupted.
- Security Policies
A number of policies maintained are designed to protect the integrity and privacy of your data including options for two-factor authentication for sharing access with both internal and external users, stringent password strength requirements, and detailed logging of activities both from the infrastructure level, as well as within an account.
- Infrastructure Certifications
Our infrastructure resides at AWS facilities in the United States which have achieved compliance with an extensive list of global quality and security standards, including ISO 9001, ISO 27001, and PCI DSS. In addition, CARET Legal has achieved SOC 1/ISAE 3402 and SOC 2 Type2 compliance.