Last Updated: November 19, 2021
This Security Policy governs the processing of data provided by a Subscriber in connection with their user license agreement (“Agreement”) or through the use of the SMOKEBALL Services. By using the Software, our services, or our website, or by signing an Agreement with SMOKEBALL, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Sites or App.
Keeping your firm safe
There is a lot of legitimate concern about cyber-security with many malicious actors seeking to extract money using nefarious online methods.
Whilst it might seem as if a server in your office with local PC’s is secure, if your inhouse network is connected to the Internet, it is incredibly vulnerable to attack, and Ransomware is typically placed on on-premise servers. Trojans often get placed on PC’s used for recreational purposes when we are least alert to danger.
SMOKEBALL has an in-house Information Security officer that is dedicated to maintaining the security of client data in SMOKEBALL, SMOKEBALL itself, and of course all our internal systems that support our business.
SMOKEBALL Data on the SMOKEBALL Servers
Being a cloud solution, the software and all client data is stored on SMOKEBALL Servers, which are built on the AWS (Amazon Web Services) platform.
Amazon Web Services (AWS) is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is probably the largest and most successful cloud platform provider in the world.
AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations such as NASA, Atlassian and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.
SMOKEBALL stores data in the jurisdiction of origin. In the United States this is in North Virginia. SMOKEBALL actively works to take advantage of AWS services, following Information Security best practices.
SMOKEBALL also makes continuous backups, so your SMOKEBALL data will be up to date to the time you last connected to the Internet.
We keep your SMOKEBALL data safe by adhering to industry best practices.
AWS has an extensive and constant Cyber Security presence (its reputation depends on it) and SMOKEBALL too has its own Information Security Team. We continually monitor our AWS environment, implementing updates and patches in line with best practices prescribed by AWS.
You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide.
SMOKEBALL utilises multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but is not limited to:
- Local & Network Firewalls
- Web Application Firewalls
- Intrusion Detection Systems (IDS)
- Multi-vendor Anti-Virus
- DDoS Throttling Services
- Access Control Lists
- Security Patch Management
- Identity and Access Management
- Centralised Log Management
- Symmetric and Asymmetric Encryption systems
- Separation of Duties
- Vulnerability Assessment
- Anomaly Detection
- Remote Monitoring & Alerting
SMOKEBALL understands security is of foremost importance to law firms. These are some security measures you can implement, alongside systems SMOKEBALL has developed to strengthen security for your law firm.
Your PC Anti-Virus and Malware | Data stored on SMOKEBALL
Security on your PC is the responsibility of you and your IT provider. All information on your PC is vulnerable to attack without proper security precautions, so it is imperative to ensure every PC in your firm has the necessary anti-virus, malware and security protection.
As far as SMOKEBALL is concerned, should your PC be compromised or lost, all your data on the SMOKEBALL servers would still be safe. All you need do is buy a new PC and login to SMOKEBALL. Your data will still be there.
Email Hacking/Document Sharing | Smokeball Communicate
Email is a ubiquitous but high-risk communication method, vulnerable to infiltration and hacking.
You should never send highly confidential, private or security-related information or documents by email.
To enable SMOKEBALL clients to communicate safely and securely, we developed Smokeball Communicate for document sharing. When a document is shared through Smokeball Communicate, it is not transported. It remains in Smokeball Communicate, and anyone with the right credentials can interact with it.
An email or notification is sent to the other party to allow them to view and comment on the document in Smokeball Communicate. The document itself is not sent.
Data Encryption | SMOKEBALL Applications
Each SMOKEBALL application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.
Once client data reaches the SMOKEBALL cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption.
Service Availability | Multiple AWS Datacentres
SMOKEBALL has been designed to be a highly available, active-active solution. SMOKEBALL services are split over multiple AWS data centers within the United States. In the event of one data center going offline in a disaster scenario, the second data center continues to serve data with minimal, if any, service interruption. SMOKEBALL is not responsible for any delays resulting from AWS server availability.
Backup Policy | Frequent
SMOKEBALL servers are backed up multiple times daily, weekly and monthly.
System Monitoring | 24/7
SMOKEBALL is monitored 24 hours a day, 7 days a week, 365 days a year.
Data Breach Notification
SMOKEBALL will notify the Subscriber without undue delay and in writing on becoming aware of any Data Breach in respect to our client’s data.
If a vulnerability is identified or data is available publicly outside of the SMOKEBALL Software, please contact SMOKEBALL immediately via firstname.lastname@example.org.