State-of-the-Art Security to Protect Your Practice
Your clients trust you with some of their most important matters and data. As your practice management platform, our responsibility is to keep this information secure, but our work doesn’t end there. As an end-to-end solution, complete with robust timekeeping, accounting and reporting features, we’re also protecting your bottom line.
As stewards of your data, your reputation and your financial success, we are fanatical about proactive security. Our experienced security team employs state-of-the-art technology to detect, investigate and stop threats before they can impact your firm’s operations.
Here are just a few ways we keep your practice safe 24/7/365:
External Security Audits
Our security experts employ manual penetration strategies to identify and address latent hazards within both the application and infrastructure layers. We supplement these efforts with automated probing services provided by external security companies to scan every 24 hours for potential vulnerabilities in our applications, systems and networks.
Advanced Encryption
All documents, as well as critical data, are encrypted at rest using a multi-iteration 2048-bit process. Certain data such as passwords are also protected with a randomly generated cryptographic salt.
Secure Data Transmission
All data is transmitted from CARET Legal’s servers to your devices via bank-grade TLS encryption that prevents digital eavesdropping by unauthorized parties.
Brute Force Attack Countermeasures
A brute force attack is a trial and error method of guessing different letters and numbers and cycling through them via automated means to gain access to an account. For example, a simple brute-force attack may utilize a dictionary of all words or commonly used passwords and continuously attempt to login with those terms until it successfully guesses the correct password and obtains access. CARET Legal identifies abnormal activities indicative of a brute force attack and undertakes a variety of measures, both at the firewall and application level to prevent unauthorized access to data.
Data Redundancy and Backup
CARET Legal is deployed on the Amazon Web Services (AWS) platform. Documents and data are protected by Identity and Access Management roles within an AWS Region and replicated across Availability Zones (located in different geographic locations within the US) for backup on a daily basis. This means that if some servers go down, the other connecting servers will auto-rollover and your access to your data will be uninterrupted.
Security Policies
We maintain a number of policies designed to protect the integrity and privacy of your data including two-factor authentication for sharing access with new external users, stringent password strength requirements and detailed logging of activities both from the infrastructure level as well as within an account.
Infrastructure Certifications
Our infrastructure resides at AWS facilities in the United States which have achieved compliance with an extensive list of global quality and security standards, including ISO 9001, ISO 27001 and PCI DSS. In addition, CARET Legal has achieved SOC 1/ISAE 3402 and SOC 2 compliance.