Legal Extranet Security

When building a legal extranet system, be sure to keep the following security considerations in mind:

• Be sure the site is protected by a strong SSL certificate.


• Be sure you can control who can access different sets of data.


• Be sure you can control the type of access (enter, edit, delete) you can grant.


• Be sure grants can be role based or individual based.


• Be sure grants can vary by data type (case data, calendar data, documents, tasks, etc.)


• Be sure you enforce an ID and password.


• Be sure you delete the session cookie when one logs off the system.


• Be sure you scan all the documents added to the system for virus contamination and/or spyware.


• Be sure your services are in a hardened data center.


• Be sure your servers are appropriately patched with the latest security O.S. and database patches.


• Be sure you have an audit log in place so clients can confirm who is updated what types of data.

• Be sure you encrypt PII and other sensitive data.