Law Firm Security: 5 Major Updates You Should Know About Jaliz Maldonado

Law Firm Security: 5 Major Updates You Should Know About

Law Firm Security: 5 Major Updates You Should Know About Jaliz Maldonado

Microsoft, Adobe, Google, and Apple have released security updates this month. PracticePanther provides additional security features using your computer’s IP address. Jose Rodriquez finds a hack for iPhones XS running iOS 12 beta and iOS 12 and delivers a solution. To ensure you’re maximizing your law firm security, these updates are a must.

Law Firm Security: Microsoft

Microsoft has been busy, fixing 49 security problems within various applications, including Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server.

Microsoft’s patch for Windows fixes a problem brought up in an advisory that would elevate access privileges. Included in the patch is a fix for a vulnerability that would allow an attacker to “run malicious code remotely to take control of the user’s system,” according to Microsoft.

Yet another vulnerability that Microsoft patched was CVE-2018-8423, which would allow a hacker to remotely execute malicious code on a computer running Windows. Finally, the vulnerability CVE-2018-8497 would allow an attacker to escalate privileges and CVE-2018-8531 would allow a hacker to remotely code execution.

While they were at it, Microsoft released an update for Microsoft Office that has enhanced security defenses.

Again: for strong law firm security, install these patches as soon as possible. To install them, go to Settings > Update & Security > Windows Update > Check for updates.

Law Firm Security: Adobe

Adobe was not to be outdone by Microsoft, as the company also released its own security updates. These updates take care of 11 vulnerabilities. Adobe Digital Editions suffered from four critical vulnerabilities. According to Adobe, “successful exploitation could lead to arbitrary code execution in the context of the current user.”

Adobe released an update for Adobe Framemaker, which resolves an issue with the installer that could escalate privileges. Adobe Technical Communications Suite suffered the same woes, and Adobe released an update for this application, as well.

Law Firm Security: Google Chrome 70

Google has announced five major changes to its Chrome Web Store with the intent of meeting its dual mission to “help users tailor Chrome’s functionality to their individual needs and interests and to empower developers to build rich and useful extensions.” Most importantly, however, is that users be able to trust the extensions they install on Chrome. This can only be a positive thing for law firm security.

The first of the changes go to user controls for host permissions. While host permissions have been successful in enabling thousands of extensions to date, they also have been used to create both malicious and unintentionally harmful extensions. These sorts of extensions can read data on websites and make changes to those sites. With this new policy, the user has control over whether to allow the extension access to a website.

The second change involves the extensions review process. The more permissions an extension requests, the more closely Google will watch for compliance review. Google’s policy at this time is for developers to write Chrome extensions as narrowly defined as possible. Minimalizing permissions and tougher review processes will go a long way in ensuring law firm security.

To prevent malicious code, Google has enacted new code reliability requirements. In an effort to block 70 percent of malicious code, Google has banned extensions written in obfuscated code.

Starting in 2019, developers who write extensions will be required to enroll in 2-Step Verification. If a developer’s extension becomes popular, it is more attractive to hackers. Increasing security protects a developer’s work product.

In 2019, Google will introduce Manifest v3, which will mean more changes that both protect the end user as well as extension developers.

Law Firm Security: Apple iPhone XS

iPhone guru Jose Rodriquez discovered a nifty hack of the iPhone XS that runs iOS beta or iOS 12 operating systems. In a mere 37 steps plus very close proximity, a dubious person can pilfer photos and contact information from the iPhone. With Siri enabled, the phone can be hacked with the feature VoiceOver. You can prevent this from happening and further enhance law firm security by disabling Siri from the lock screen. Do this by going to Settings > Face ID & Passcode > disable Siri under “Allow access when locked.”

Law Firm Security: PracticePanther

Ever wonder if you can limit access to PracticePanther to only a chosen few IP addresses or routers? As security is the most critical consideration in the design of the product, it’s no surprise that the PracticePanther software enhances law firm security by allowing you to carry out this security feature.

  1. Navigate to the users page, under the “More” button.
  2. Click “Manage user access & security.” To learn more about the different uses for security roles, visit Access levels tutorial.
  3. Scroll down until you see “Access Restrictions.”
  4. Change “Restrict Access by IP” to “Yes.”
  5. Add the chosen router’s IP address in the field provided.
    Note: To add multiple IP addresses, separate them with a comma.

To find the IP address of any location, connect to the local Wi-Fi and then Google “what’s my IP.” Google will give you the IP address.

If a user tries to access PracticePanther via an IP address that hasn’t been cleared, he or she will receive the following message:

“Your firm has restricted access to PracticePanther from your location. Please contact your firm’s administrator for more information.”

Conclusion

It’s best to make it a routine to check for updates. This keeps law firm security as intact and healthy as possible. As you’ve probably heard by now, hackers are forever finding new ways to break into your systems and software companies are equally as fervent in developing fixes to these hacks.

The following two tabs change content below.
Jaliz Maldonado

Jaliz Maldonado

Operations Manager at PracticePanther
Jaliz Maldonado is an eight-year Army Veteran and is currently in graduate school at the University of Miami where she is studying for her MBA. When she's not working at PracticePanther as the Operations Manager or studying, she's hanging out with her English Bulldog named Dumbell, painting, or reading. Jaliz is also strong with the force and belongs to House Slytherin. Make sure to connect with her via Linkedin and follow her on twitter @JalizMaldonado.