RubensteinTech | Client Alert CA-2022:03 - Update TLS compliance to meet new standards

Update TLS compliance to meet new standards

Attention: RubyLaw clients seeking to adopt higher levels of TLS security compliance.

For a variety of reasons, law firms are continuing to raise their standards for cybersecurity protection and risk mitigation. One recent example is an increased number of requests to raise the minimum Transport Layer Security (TLS) level to 1.2 or higher.

Transport Layer Security is the underlying cryptographic protocol used to make HTTPS website access secure, and is a standard component of every RubyLaw installation.

In today’s environment, more firms are performing their own security scans (or receiving reports from clients that do). Third-party security assessments—including those performed by SecurityScorecard—are flagging their websites for not having a sufficiently secure minimum TLS version. They are also bringing attention to websites that are missing security headers for HTTP Strict Transport Security (HSTS), Content Security Policy (CSP), X-Content-Type-Options, and/or X-Frame-Options headers.

While all websites powered by RubyLaw 21 and newer maintain a minimum TLS level of 1.2, older sites on older versions of the platform may still be using the default TLS level of 1.0.

What your firm can do: If your firm’s security protocols have been (or will be) increasing to require a higher TLS level, our team can easily update it to 1.2 (recommended) via RubyShield, our secure hosting and support offering. The effort to make this update will require less than one hour. To better understand which TLS versions are required by older browsers, please view this chart and reach out to our Client Experience team.

Please also note that Microsoft has ended support for all versions of Microsoft Internet Explorer (11 and older), with only Microsoft Edge still supported.

If you’d like our team to test which TLS versions are supported by your firm’s web properties, we recommend the freely available Qualys SSL Server Test (and recommend checking the “Do not show the results on the boards” option when performing a test).

Regarding Content Security Policy (CSP), X-Content-Type-Options, and/or X-Frame-Options headers, the best way to address any issues with headers is to upgrade to the latest version of RubyLaw, through which you can manage them directly.

If your firm is concerned about website security, and you haven’t already committed to an upgrade to the latest RubyLaw, please reach out: RubyLaw 22 includes an abundance of new features and benefits, including the most modern security measures to insulate your firm from potential vulnerabilities.

Learn more about RubyLaw 22 here, check out our RubyLaw 22 brochure, or contact your RubyLaw representative.

Author

Date Published

Category

All Categories

Client Alert CA-2022:02 - The Switch to Google Analytics 4

Client Alert CA-2022:01 - Protect Against Anticipated Rise in Cyber Attacks with RubyShield

Client Alert CA-2021:01 - Microsoft to phase out IE11

Client Alert CA-2020:01 - Microsoft Edge & Chromium

Client Alert CA-2019:02 - Consider implementing CSP and HSTS

Client Alert CA-2019:01 - California Consumer Privacy Act (CCPA) will start being enforced on January 1, 2020.

Client Alert CA-2018:01 - New iOS versions and iPhone device sizes may affect user experience

Client Alert CA-2018:02 - Google Search to give priority rankings to pages that load faster in mobile

Client Alert CA-2018:04 - Google has updated the Google Search Console

Client Alert CA-2018:03 - The European Union Parliament has approved the General Data Protection Regulation (GDPR)

GDPR you doing this? Website Form Updates

Client Alert CA-2018:05 - Updates on the GDPR

Client Alert CA-2021:02 - Testing on Microsoft IE11 ends this Friday