Legal Office Security

Backups / Disaster Recovery

  • Backups are replicated in different data centers.

  • You can also download manual backups of your live data at any time using the control panel.

  • You can contact our Helpdesk to restore any of those backups on your live database.

  • We routinely use both the daily backups and provisioning scripts for daily operations, so both parts of the disaster recovery procedure are tested all the time.

Database Security

  • Customer data is stored in a dedicated database - no sharing of data between clients.

  • Data access control rules implement complete isolation between customer databases running on the same cluster, no access is possible from one database to another.

Password Security

  • Customer passwords are protected with industry-standard PBKDF2+SHA512 encryption (salted + stretched for thousands of rounds).

  • Legal Office staff does not have access to your password, and cannot retrieve it for you, the only option if you lose it is to reset it.

  • Login credentials are always transmitted securely over HTTPS.

Staff Access

  • Legal Office helpdesk staff may sign into your account to access settings related to your support issue. For this they use their own special staff credentials, not your password (which they have no way to know).

  • This special staff access improves efficiency and security: they can immediately reproduce the problem you are seeing, you never need to share your password, and we can audit and control staff actions separately!

  • Our Helpdesk staff strives to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue.

System Security

  • All Legal Office Cloud servers are running hardened Linux distributions with up-to-date security patches.

  • Installations are ad-hoc and minimal to limit the number of services that could contain vulnerabilities (no PHP/MySQL stack for example).

  • Only a few trusted Legal Office engineers have clearance to remotely manage the servers - and access is only possible using an encrypted personal SSH keypair, from a computer with full-disk encryption.

Physical Security

Legal Office Cloud servers are hosted in trusted data centers in various regions of the world, and they must all exceed our physical security.

Credit Card Safety

  • We never store credit card information on our own systems.

  • Your credit card information is always transmitted securely directly between you and our PCI-Compliant payment acquirers.

Communications

  • All data communications to client instances are protected with state-of-the-art 256-bit SSL encryption (HTTPS).

  • All internal data communications between our servers are also protected with state-of-the-art encryption (SSH).

Network defense

  • All data center providers used by Legal Office Cloud have very large network capacities, and have designed their infrastructure to withstand the largest Distributed Denial of Service (DDoS) attacks. Their automatic and manual mitigation systems can detect and divert attack traffic at the edge of their multi-continental networks, before it gets the chance to disrupt service availability.

  • Firewalls and intrusion prevention systems on Legal Office Cloud servers help detect and block threats such as brute-force password attacks.

Reporting Security Vulnerabilities

If you need to report a security vulnerability, please contact us quickly. These reports are treated with high priority, the issue is immediately assessed and resolved by the Legal Office security team, in collaboration with the whistleblower, and then responsibly disclosed to Legal Office customers and users.