We understand that data security is foremost on every law firm or legal organization's checklist. Therefore, we prioritize security best practices in every feature and functionality we develop on an ongoing basis.
The following tiers of security and more, which you'll find more than enough, are embedded in our practice management tool:
Industry-Standard Data Encryption
For data in transition, i.e., data exchanged when interacting with the Lawcus website, whether logged into your account or not, our website is SSL-encrypted, meaning that all data exchanged is shrouded and secured from prying eyes. We use the Amazon SHA-256-bit SSL Encryption, a top-line encryption grade built for banks and other financial institutions.
As for data at rest - which concerns storing your data when you are inactive on Lawcus, we use encrypted Amazon data servers and centers to ensure that those are also securely and safely tucked away from unauthorized persons - including Amazon employees.
IP Address Restriction
Another security feature we've built to fortify our product further is the IP address restriction functionality. Against the default setup, which allows users to access Lawcus from any network, you can add several IP addresses only from which a user can be granted access. Using this functionality helps prevent the usage of unsecured networks by your team members, exposing sensitive data to security threats.
Permissioned Internal Access
Even within a legal organization, it is possible to create a Chinese wall-like barrier to several types of practice information. By assigning roles with different permission levels, you can specify which tier of access a user has. For example, junior or temporary users such as legal interns can be restricted from firm user management, accounting, report analytics, etc.
2FA, short for two-factor authentication, is a layer of security that adds another hurdle to signing into a Lawcus account. In addition to providing an email and password, two-factor authentication requires a user to provide a uniquely generated code on a connected authentication app to confirm that the user seeking access is who they say they are or have been so authorized.
We use Hellosign, a popular and recognised E-sign product, for e-signatures. You can read more about their security protocol from their website.