Collect with respect.™
Data Security & Compliance
Lippman Recupero, LLC Compliance Protocol
At Lippman Recupero, we know that our client’s most valuable asset is their data. To that end we have built our collection law firm from the ground up, to meet and exceed our clients present and future needs for assurance that when they trust us with their files, they will know that we put security and compliance at the core of our operation. Clients can rest assured that our team is at the forefront of security and compliance procedures as demonstrated below:
Lippman Recupero strives to ensure that no data breach will ever occur. But, no matter what you do, you can never have enough precautions in place. To ensure an added level of assurance for our clients, the firm has secured a 1 million dollar cybercrime policy.
Lippman Recupero uses encrypted hard drives on all servers and workstations using Bitlocker Drive Encryption to ensure:
- Better performance: Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
- Strong security based in hardware: Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system.
- Ease of use: Encryption is transparent to the user because it is on by default. There is no user interaction needed to enable encryption. Encrypted hard drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
- Lower cost of ownership: There is no need for new infrastructure to manage encryption keys, since BitLocker leverages Active Directory Domain Services infrastructure to store recovery information. Computers operate more efficiently because processor cycles do not need to be used for the encryption process.
Lippman Recupero utilizes the most advanced access management system, deploying the HID Omnikey 5325 Contactless card reader system to ensure only authorized personnel can enter and use company assets. Our proximity management systems are utilized for controlling access to all sensitive areas of the operation including:
- Door Entrances
TECH LOCK ENGAGEMENT
Lippman Recupero has engaged the services of Tech Lock, Inc. to provide us with a comprehensive audit and plan to certify that our firm has passed all security standards to add an additional layer of assurance for our clients. Through our engagement with Tech Lock, our firm will be continually audited and tested including third party offsite as well as onsite penetration assessments.
DLP (Data Loss Protection)
Lippman Recupero has deployed DLP through the use of Enterprise class deployment of Office365. Data Loss prevention ensures that sensitive data such as credit card account numbers, social security information, medical data or any other type of client directed sensitive information cannot be sent via email. Lippman Recupero DLP rules are compliant with Gramm-Leach-Bliley Act data requirements as well as HIPAA compliance standards.
Lippman Recupero utilizes Symantec’s Endpoint Protection Suite 12.1.5. We maintain the latest version of Endpoint deployment including continual live updating of definitions, which provides 5 layers of network protection, including:
- Network: Symantec’s network threat protection includes Vantage technology that analyzes incoming data and blocks threats while they travel through the network before hitting the system. Rules-based firewall and browser protection are also included to protect against web-based attacks.
- File: Signature-based antivirus looks for and eradicates malware on a system to protect against viruses, works Trojans, spyware, bots, adware, and rootkits.
- Reputation: Symantec’s unique insight correlates tens of billions of linkages between users, files, and websites to detect rapidly mutating threats. By analyzing key file attributes, Insight can accurately identify whether a file is good and assign a reputation score to each file, effectively protecting against targeted attacks while reducing scan overhead by up to 70%.
- Behavior: Sonar leverages artificial intelligence to provide zero-day protection. It effectively stops new and unknown threats by monitoring nearly 1,400 file behaviors while they execute in real-time to determine file risk.
- Repair: Power Eraser aggressively scans infected endpoints to locate Advanced Persistent Threats and remove tenacious malware. Remote support enables the administrator to trigger the Power Eraser scan and remedy the infection remotely from the Symantec Endpoint Protection management console.
SECURITY CAMERA SYSTEM
Lippman Recupero has installed security monitoring systems in all sensitive parts of our facility including all points of ingress, hallways, collection floor, all staff workstations, and server room and accounting areas. We are presently upgrading our security system to integrate with the active directory authentication using Microsoft Server 2012, based on the Windows 8.1 platform to monitor movements throughout our operation center. In addition to an active 90 day retention of all video, this system archives all video for a period of 7 years. Firm managers have second monitors on their desks dedicated to a live camera feed 24/7. This enables management to see what the staff and visitors are doing at all times. Compliance manager and partners also have a cell phone application that enables live camera feed viewing of the entire facility from any location.
ON SITE AND OFF SITE BACKUP
Lippman Recupero maintains more than 32 Terabytes of onsite redundant backup in a climate controlled, and fire protected environment. Additionally, our systems are backed up in real time off site at a remote data center to ensure next day up time in the event of a natural or man-made disaster.
In addition to our endpoint security, and data loss protection, Lippman Recupero uses the WatchGuard Security appliance to add another layer of firewall to our systems, block access to websites that aren’t deemed necessary to the work environment, and where data leaks and lost productivity can occur (Facebook, ESPN). The WatchGuard appliance adds an additional layer of Anti-Spam/Anti-Malware to our existing endpoint security preventing access to potential threats to the network.
CLEAN DESK POLICY
All Lippman Recupero staff are required to follow a clean desk policy in that at no time can a staff member leave their work area with sensitive data on their desk. All sensitive data must be placed in a locked shred bin or locked cabinet during breaks or at the end of the day.
CELL PHONE POLICY
Lippman Recupero prohibits the use or possession in the workplace of any type of camera phone, cell phone, camera, digital camera, video camera, or other form of image- or voice-recording device.
The firm utilizes an electronic visitor login software that maintains an electronic record all incoming and outgoing visitors, takes a photographic image of all visitors and requires electronic signatures on a non-disclosure agreement prior to issuing badges. All visitors are required to present picture identification, and wear visitor badge with their photo at all times. Visitors are always escorted. Visitor logs are maintained indefinitely.
NO PRINT POLICY
Access to printers and copiers is only granted to management and staff members that require the ability to print in order to complete their job duties, such as paralegals. Collectors do not have the ability to print as there is no need when collection letters can be ordered through the collection system and printed and processed by staff with appropriate security clearance.