Security is a big topic to cover in just one blog; it (security) can broadly be classified into two major categories – Cyber security and Data security.
While cyber security mainly deals with protecting data within electronic environments e.g. protecting computer from malicious attacks. On the other hand, data security deals with financial and consumer’s personal data. Any sensitive data needs to be kept secure in the database while at rest and even in transit.
ABA Legal Technology Survey found 22% of law firms were hacked or experienced some kind of data breaches in 2017.
Law firms must employ rigorous methods to setup both cyber and data security to protect client data by educating staff about malicious emails or content, securing legal documents that include Personal Identifiable Information (PII) and Personal health Information (PHI) data. Systems needs to be restricted, so that the data can be accessible solely within the office.
Security needs to be added at every layer of data transmission starting from network security all the way to data response. In this whitepaper, we will focus on application and data security. Application security ensures that application code is written with secure coding standards and the database is well secure behind firewalls and follows standard encryption guidelines. Data security also includes data security in transit, when the data is transmitted over to a new location it should be transferred in the form of secured packets.
Cogent offers features that can help ensure stringent data and information security requirements involved in a law firms’ collection and litigation process. Cogent uses robust framework and can be easily installed on-premise within your firms’ own network or on a private cloud. Both installation mechanisms ensure stringent data security.
Cogent has a strong user and role management system, which is easily customizable based on law firm’s needs. User groups are restricted to work on specific screens and only do limited activities based on their role settings. These restrictions help law firms to expose only required data to their staff to perform their daily activities. Only an authorized user can have access to the consumer’s sensitive data like PII and PCI data.
Using database level encryption, a second level of security is achieved for consumer’s PII and PCIdata. Encryption key is safely stored on a separate server so even database administrators cannot access the PII and PCI data directly from the database. Cogent takes good care of data masking on the user interface. Even when the decrypted data is available on a user’s screen, only the authorized users can see full data and rest of the users will only see masked data (like last 4digits of socials or credit card numbers). With these security standards in place, Cogent keeps law firms compliant and their data safe.