Update TLS compliance to meet new standards

Attention: RubyLaw clients seeking to adopt higher levels of TLS security compliance.

For a variety of reasons, law firms are continuing to raise their standards for cybersecurity protection and risk mitigation. One recent example is an increased number of requests to raise the minimum Transport Layer Security (TLS) level to 1.2 or higher.

Transport Layer Security is the underlying cryptographic protocol used to make HTTPS website access secure, and is a standard component of every RubyLaw installation.

In today’s environment, more firms are performing their own security scans (or receiving reports from clients that do). Third-party security assessments—including those performed by SecurityScorecard—are flagging their websites for not having a sufficiently secure minimum TLS version. They are also bringing attention to websites that are missing security headers for HTTP Strict Transport Security (HSTS), Content Security Policy (CSP), X-Content-Type-Options, and/or X-Frame-Options headers.

While all websites powered by RubyLaw 21 and newer maintain a minimum TLS level of 1.2, older sites on older versions of the platform may still be using the default TLS level of 1.0.

What your firm can do: If your firm’s security protocols have been (or will be) increasing to require a higher TLS level, our team can easily update it to 1.2 (recommended) via RubyShield, our secure hosting and support offering. The effort to make this update will require less than one hour. To better understand which TLS versions are required by older browsers, please view this chart and reach out to our Client Experience team. 

Please also note that Microsoft has ended support for all versions of Microsoft Internet Explorer (11 and older), with only Microsoft Edge still supported. 

If you’d like our team to test which TLS versions are supported by your firm’s web properties, we recommend the freely available Qualys SSL Server Test (and recommend checking the “Do not show the results on the boards” option when performing a test).

Regarding Content Security Policy (CSP), X-Content-Type-Options, and/or X-Frame-Options headers, the best way to address any issues with headers is to upgrade to the latest version of RubyLaw, through which you can manage them directly.

If your firm is concerned about website security, and you haven’t already committed to an upgrade to the latest RubyLaw, please reach out: RubyLaw 22 includes an abundance of new features and benefits, including the most modern security measures to insulate your firm from potential vulnerabilities.

Learn more about RubyLaw 22 here, check out our RubyLaw 22 brochure, or contact your RubyLaw representative.