For over 25 years Esquire Deposition Solutions has provided secure, global deposition and court reporting services to law firms, insurance companies, and enterprises in virtually every sector. Well-planned network integrity and data protection measures enable our securely recording over 125,000 depositions a year. To further enhance our security posture, our solutions were comprehensively redesigned in 2015. We re-architected our hybrid-cloud infrastructure, implementing strong, centralized access control and reducing the number of applications supporting deposition and court reporting operations.
All client data is encrypted end-to-end, in transmission and at rest within Esquire’s secure online delivery platform, which is PCI DSS certified and HIPAA compliant. Esquire’s flexible data protection framework made it easy to update our Privacy Policy and Security Standards to meet the new European Union General Data Protection Regulation (GDPR) privacy standards. The solutions reside within a hybrid-cloud infrastructure utilizing best-of-breed vendors who are ISO 27001 certified and undergo annual SSAE 18 SOC 2 audits for service organizations. Esquire reviews the controls detailed in these audits annually to verify data protection standards and to ensure those vendors’ controls provide secure, continuous data availability with resilient backup and recovery capability.
CORE OF A STRONG & RESILIENT SECURITY POSTURE
Following cybersecurity best practices, Esquire established a layered physical, digital, and procedural risk management framework to protect the network and safeguard all client data. At the core is centralized role-based access control (RBAC) enforced for all users. RBAC provides automatic separation of duties, least privilege by default, and complete user access audit trails. Esquire selected NetSuite as its platform for operating the business for two reasons: First, its adherence to an embedded, RBAC security model, and second, the ability to record and audit every action taken within the system. Esquire understands the value auditable processes play in protecting – and documenting – our clients’ data integrity.
Esquire also understands the critical role of consistent security training for employees. Quarterly training is automatically provided for employees (and new hires) via Proofpoint Security. Proofpoint has been named a leader in Gartner’s Magic Quadrant for Security Awareness Computer-Based Training six years in a row. To reinforce that training, Esquire runs regular phishing simulations to test the effectiveness of the training, and has a program to follow up with those who require additional security awareness remediation
We are confident in our approach to protecting your data and are willing to be transparent with our processes and controls. Esquire maintains a written Security Policy, Incident Response Plan and Business Continuity Plan. We can share these plans on two levels:
- Under our Security Policy, Incident Response Plan, & Business Continuity Plan documents are available upon request.
- If you require more detail, Esquire can do a collaborative “show and tell” session, either remotely or in person, to step through the actual controls and enforcement mechanisms outlined in our security standards.
ESQUIRE SOLUTIONS GLOBAL SECURITY MODEL
Esquire’s global security model consists of layered and interlocking physical, digital and procedural components to manage risk.
Esquire recognizes that safeguarding your data is a dynamic endeavor. We continue to invest in people, processes and best of breed network and application security solutions. Our solutions incorporate leading cloud computing partners: Amazon Simple Cloud Storage Services (AWS S3), Box.com, and Netsuite business management software. All three of these components embed world class security and data protection into our platform. Esquire further augments these services with additional security solutions configured according to industry and vendor best practices to protect client data.
WHAT’S AT RISK?
Unfortunately, a recent Law Firm Cybersecurity Scorecard found that only 37% of law firms are vetting the cybersecurity and data management policies of their third-party service providers, yet nearly 63% of law firm security breaches are linked to third parties.
What’s at risk if a court reporting firm’s systems are hacked?
- Personally identifiable information (PII) of lawyers, clients, witnesses and others can be grabbed from transcripts, scheduling and billing systems.
- Confidential documents pertaining to undisclosed settlement terms can be exposed in the media or used for blackmail.
- Private health information (PHI) can be exposed, risking a HIPAA violation.
- Deposition transcripts, exhibits, videos and more can be stolen, changed, destroyed, altered, or publicized.
ESQUIRE HAS YOU COVERED
Esquire stands ready to be your partner in safeguarding your data. Esquire has established a set of layered physical, digital and procedural risk management controls to protect all client data. Client data is encrypted end-to-end, including all endpoints and mobile devices, and is secured with system-wide, automatic threat detection and data loss prevention software.
When redesigning our infrastructure, Esquire began with the end in mind: to provide the most secure court reporting service in the industry. We believe that rebuilding our delivery solutions from the ground up with security designed into every aspect of the platform provides the most secure collection, transmission and management of transcripts, exhibits and videos in the industry.
Esquire also understands the value documented, auditable processes play in continuously improving our protection of data integrity. Esquire doubles-down on the commitment to security and compliance by regularly reviewing its written Security Policy, Incident Response and Business Continuity Plans and by making that documentation available for review with our clients. We can share these written plans or step through them in a collaborative “show and tell” session, remotely or in person.
You can be confident Esquire has the security of your depositions covered.