Law firms have an increasing responsibility to their clients as well as their partners and employees to identify and protect sensitive and personal information. In a world where cyber threats are ever present, a law firm’s ability to implement, maintain and scale an effective security program is critical to its long term stability and overall success.
Adding to this challenge is the rapid expansion and deployment of technology to end-users (tablets, smart phones, etc.) and the need to comply with industry and government regulations. Staying in front of potential threats, managing infrastructure, and staying current with the regulatory standard can be overwhelming.
Accellis simplifies and streamlines compliance & security efforts by establishing firm-wide awareness and security guidelines while leveraging industry proven technologies.
Learn More About our Security & Compliance Services
Accellis’ Security Assessment services go well beyond conventional network vulnerability scanning. We leverage the regulatory requirements specific to the legal industry and apply them against your firm’s current processes, procedures, documentation and physical environment. Since a security program incorporates more than just a network, we identify both technical and human vulnerabilities.
Your Security Assessment includes:
- Policy reviews
- Policy awareness reviews
- Internal and external port scan
- Internal and external network vulnerability scan
- In-depth regulatory and/or best practice review
- Network topology review
- Network vulnerability review
- Security countermeasure review (antivirus, firewall, access control, etc.)
When conducted onsite, the assessment will also include:
- Physical security review
- Wireless access review
Accellis’ Risk Assessment services help limit your exposure against security risks and improve compliance with legal industry/government regulations and guidelines.
Our IT security experts work with you to review your firm’s assets, physical resources, and procedures to identify potential weaknesses, damage and threats. We measure the individual risk level of each asset and gauge the effectiveness of existing controls. Our findings identify which assets are most critical, and provide a basis for prioritization and recommend a course for remediation.
Our Risk Assessment addresses both internal and external threats, while answering the following questions:
- What threats exist and how can you be affected?
- How will the threats likely act against you?
- What are the potential business and technology implications?
- What can be done to stop it and lower your overall risk level?
Service delivery includes:
- Conduct interviews and walk-throughs with key personnel including key staff and administrators
- Review documentation including operations manuals, policies and general procedures
- Review practices described during the interview process
- Compare documentation and company procedures against industry regulations, best practices and government requirements
- Reporting & recommendations
- Threats / Risks
- Remediation (optional)
- Create/update firm documentation including policies and procedures
- Implement security solutions and controls
- Provide security training
An IT Security and Compliance Audit from Accellis specifically targets all aspects of your firm’s security to ensure they meet or exceed compliance and regulatory requirements and standards.
Our IT security experts work to collect and examine your firm’s processes, procedures, documentation, personnel, physical location, data controls, and any other resources that may impact your firm’s security. We then verify whether these resources adhere to best practice standards and any applicable regulatory compliance requirements.
With extensive knowledge of regulations for law firms of all sizes, Accellis will help ensure your IT network, documentation, and procedures are aligned with your business objectives.
Security and Compliance Audit services include reviews of:
- Business continuity – security
- Data security
- Security monitoring
- Authentication and access control
- Network security
- User equipment security (e.g.: workstation, laptop, handheld)
- Personnel security
- Physical security
- Application security
Continued adoption and complexity of technology has made it harder than ever to ensure you’re protected against constantly evolving security threats. A security breach can result in a direct financial loss, damaged reputation, and negative attention. Make sure your firm’s personal information is safe and secure.
A Penetration Test by Accellis is a proactive way to evaluate the security of your IT infrastructure by safely attempting to exploit system vulnerabilities such as application flaws, improper configurations, and risky end-user behavior. A Penetration Test is one of the most commonly used and trusted methods used for assessing security risks.
Our IT security experts uses both manual and automated technologies to evaluate servers, endpoints, web applications, wireless networks, mobile devices and any points of exposure. Any vulnerabilities are then aggregated and presented to your firm. We identify which assets are most critical and provide recommendations for remediation if any are required. We work with you every step of the way to keep your firm safe and secured.
Penetration tests follow documented best practices for security testing methodology including:
- Scoping and rules of engagement
- Analysis and identification of attack vectors
- Exploit testing and penetration attacking
- Immediate notification of critical risks
- Remediate any / all exposed risks (Optional)
- Verify vulnerabilities have been remedied (Optional)
Your firm’s processes and procedures are only as effective as those following them. Failure of employees to properly understand and follow your firm’s security procedures can put you at great risk.
Accellis’ security training services are designed to increase security awareness among your staff and to meet compliance regulations. Training can be designed for individuals, groups or the entire organization – onsite or remotely.
Security training topics include:
- Identity management and password safety
- Recognizing and responding to social engineering attacks
- Private information storage/disposal
- Wireless security guidelines
- Internet and web security guidelines
- Home/family security and implications to the work place
- Portable device security and loss prevention
- Media security including portable backups
- Email security and best practices
- Risk assessment best practices