What’s New at A2J Tech: Cybersecurity Updates

Here at A2J Tech, we practice what we preach. For those of you who follow our social media accounts, you may have noticed that we have recently published a series of checklists regarding how to evaluate cybersecurity and best practices at your law firm or legal organization. (If you missed out on this, we have printable checklists in PDF format, and you can check our backlog for the accompanying blogposts explaining what these checklists are and how to use them.) 

‍

In our research, and because of our company’s growth over the past year, we’ve decided to upgrade and unify our cybersecurity practices. Like many organizations in the wake of COVID-19, we also had to address any additional complications or considerations to take into account considering we’re remotely based and are scattered all across the globe. We also allow our employees to choose what kind of operating system they prefer, whether that be Windows or macOS, so we needed to make sure our policies and our preferred software were compatible with both.  In the interest of walking the talk, we’re sharing what considerations we took into account with you below. All of that being said, we’re not perfect, and cybersecurity should never be a one-and-done situation. Just like you, we’re regularly thinking about if and when we should update our cybersecurity standards and practices as technology advances.

‍

‍

Data Loss Protection 

Like many organizations in the legal industry, we routinely have access to records, agreements, and documents that would be devastating to lose, not only for our business processes but also for our clients. Not only are our files encrypted, but we also wanted to ensure that, as we discuss in the cybersecurity checklist, we had a uniform “game plan” for data loss recovery in the event of an incident. A2J Tech holds onto any data we receive through our website for seven years, and all of our files are routinely backed up to the cloud with the ability to “rollback” any corrupted files to the last “safe” stage. 

‍

‍

Employee Training 

Cybersecurity shouldn’t just be the responsibility and the concern of one IT specialist; as the saying goes, it takes a village to keep our workplace secure. Everyone at A2J Tech receives cybersecurity training and is required to use a password manager, to have endpoint detection response and malware detection software installed on their work devices, and email encryption. Not only that, but A2J Tech employees are encouraged to routinely clean out old, weak, or repeated passwords, as well as monitor what applications, emails, and files are being flagged by our software as potential risks. With this, we’re hoping not only to educate our employees passively by giving them information about our policies and the software we use to protect our devices, but also to build strong habits when it comes to staying safe, digitally. 

‍

‍

Email Safety 

As part of working in a remote environment, it’s important to ensure that all of the methods of communication are secure and there are procedures in place to share links to files, documents, etc. Our inboxes are monitored 24/7 to remove phishing emails, with emails that are deemed suspicious in a “quarantine” that we check daily.  We also ensure we have secure alternatives – for example, if we receive an email allegedly from someone within our organization that doesn’t seem quite right, there’s always a non-email way to reach out to double-check. Our particular software uses S/MIME to verify sender signatures to make sure they’re trusted, but regardless of what software you use, we highly recommend putting similar policies in place. Better safe than sorry! 

‍

‍

For more information and guidance regarding cybersecurity best practices, you can check out our comprehensive breakdown of how to evaluate your firm’s cybersecurity standards on our site.