To All Nextpoint Clients:
After the news that Epiq Global had suffered a ransomware attack, it is appropriate that many will have data security at top of mind, and may be curious about Nextpoint security provisioning. Our sincere sympathies go out to our clients who have been affected as well as to the staff of Epiq Global. It must be an incredibly difficult and stressful time.
Client data security has been Nextpoint’s highest priority, and for 17 years we have maintained our ironclad commitment to maintaining best-in-class security protocols.
All Systems Go!
I can report that currently, and at no time in the past, has Nextpoint detected any unauthorized activity within our software or internal systems. Our performance, uptime and security perimeter have not been compromised by any external cyber-threat. Nextpoint client-facing service, internal communication and productivity systems remain wholly secure.
Nextpoint is designed from the ground up to defend against cyber-threats like ransomware. While no system is inherently without risk, Nextpoint is built on a proprietary closed system that is fundamentally more secure than the Windows-based platforms that are the usual targets of ransomware attacks.
I’m grateful for the tireless efforts of our team to keep up to date with security protocols, software updates, relevant certifications and internal training to ensure our processes are rigorous and current.
That said, many of our users are justifiably curious about what we do to prevent this type of situation from happening and if we anticipate additional measures as a result of the Epiq breach.
Our Data Security Commitment
The short answer is that Nextpoint remains committed to being a fully cloud-based solution, working with Amazon Web Services in a state-of-the-art, shared security effort.
Detailed information regarding our extensive efforts to ensure Nextpoint’s reliability, security and privacy efforts is available at trust.nextpoint.com. The site is continually updated with real-time reporting on our efforts and service status updates.
Following is a high-level overview of just some of measures we take to harden our security perimeter against these sorts of threats.
- Nextpoint encrypts data both in transit and at rest. All data in Nextpoint is encrypted with the keys only available to us. A ransomware attack works by encrypting data to prevent users from accessing it. Ransomware viruses are designed to work on unencrypted data held on local computers and servers, not cloud-based servers that store encrypted data.
- Use of two-factor authentication for every device accessing Nextpoint ensures only authorized users have access to data.
- Nextpoint email and internal communications systems are all also cloud-based, utilizing sophisticated virus filters from leading technology companies including Amazon and Google.
- Nextpoint endeavors to keep all operating systems, from local machines to cloud services, up to date to benefit from critical security patches.
- Large-scale data breaches, ransomware attacks, and other cyber threats almost exclusively target legacy on-premise systems and not cloud-based software like Nextpoint. That isn’t to say it’s not possible, it’s that the likelihood of an attack succeeding is higher with on-premise software, and lower with cloud-based software.
- Nextpoint utilizes internal firewalls to filter internet traffic entering our internal systems and local data stores.
- Nextpoint monitors for Denial of Service attacks, brute force login attempts, and a host of other malicious activities.
- Nextpoint utilizes centralized logging, reporting, and analysis of logs to provide visibility and security insights.
- Full user authentication logs, user audit trails and access histories are available for all user sessions.
- Nextpoint undergoes continuous audits of our internal processes for data breach response and remediation in order to maintain it’s SOC II certification.
- If Nextpoint discovers there may have been an incident in security which has or may have resulted in unauthorized access to Nextpoint protected data, we will notify potentially affected users as soon as it’s possible to do so without compromising any investigation or remediation of the breach.
- Nextpoint will reasonably cooperate with users in the handling of the matter, including full cooperation in assisting with any investigation.
- Nextpoint maintains separate, dedicated insurance coverage for cyber-response and remediation activities.
- All data in Nextpoint is stored within the continental United States through Amazon Web Services – recognized as the best-in-class provider of data security, uptime and reliability.
- By design, our virtualized cloud-based architecture maintains a fully-redundant version of all data, updated in real-time.
- Additional backups are generated on a daily basis. Should the entire environment need to be recovered, we would anticipate it would be available within hours and not weeks.
- The durability level of Nextpoint storage corresponds to an average annual expected loss of 0.000000001% of objects. This means if a user stores 10,000,000 objects in Nextpoint, that user can anticipate on average to incur a loss of a single object once every 10,000 years.
As a founding member of the Legal Cloud Computing Association (LCCA), we have taken an industry-leading role in defining the standards of Internet-age cybersecurity.
Thank you for putting your trust in Nextpoint. Our pledge to keep your data secure, confidential, and accessible remains rock-solid, and our team remains ever-vigilant. If you have any further questions, please do not hesitate to contact me or your Client Success Director.
Rakesh Madhava, Nextpoint CEO + Founder