Versions Compared

Version Old Version 1 New Version 2
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Users and administrators of other legal software packages may by surprised by the amount of time and effort Wise Owl Legal has put into security. However, we believe the integrity and secrecy of the data stored within Wise Owl Legal Appliances is of paramount importance. There are have been a number of high profile devices and websites compromised and sensitive data disclosed in the past few years, including personal details (with credit card numbers), passwords, public infrastructure (think power plants or heavy industry), media (US media companies have been experiencing attacks from Chinese government agencies) and the notorious WikiLeaks. We do not want Wise Owl Legal to be added to this list, nor your users legal history to be found for sale on black market.

Malicious attackers are cunning, incredibly patient and may be highly funded. They are interested in a variety of data typically stored in Wise Owl Legal Appliances such as personal contact details, personal history contained in matters and documents, passwords and financial records. This information can be traded in underground black markets, or may simply be posted publicly as a kind of trophy or badge among other hackers. Given enough time, resources and sufficient motive (which may not always be strictly financial), a malicious hacker stands a real possibility of stealing data from a Wise Owl Legal Appliance.

...

Wise Owl Legal has taken steps in all the above areas to prevent data being stolen.

We also use a layered approach, wherever possible, to mitigate the scope of data which may be stolen if one layer is broken. For example, if a user's password is guessed, the attacker will only have access to some of the data on the Appliance.

Online vs Offline Appliances

...

Poorly chosen passwords are the number one cause of accounts being compromised (with re-using passwords between multiple accounts a close second). Rather than imposing complicated rules of upper case, lower case, number, length and so forth. We maintain a large list of black listed passwords (there are several million bad passwords on the list). This list is derived from a variety of sources including dictionaries and lists of names, but most importantly, we include long lists of leaked passwords from sites such as LinkedIn and RockYou. Finally, we use the same tools password hackers do to verify passwords are not easily guessable. How to make a strong password. 

 

 

 

...

Two Factor Logins

All Online Appliances require two-factor logins to gain entry to them. This means you need to enter a code generated by a smart phone app, or emailed to you to login as well as your normal password. This means that even if an attacker can guess a password, they cannot login.

Restricted User Access

 

No SQL Access

 

Audit and Application Logs