In the Security and Reliability Support Article we cover what security measures Clio takes as a company to ensure the safety of your data from theft and loss. Below you will find more information on how you can take advantage of the advanced security features Clio has to offer.
Two-factor authentication is a mechanism that requires users to provide two different means of identification when logging in. When you enable two-factor authentication in Clio, users will be required to log in with their Clio password and a random numeric code generated by the Google Authenticator application which is available for iPhone, Android, and BlackBerry. This essentially ensures you are who you say you are, as someone pretending to be you would need both your Clio password and access to your email account.
Two-factor authentication is a strong and highly recommended security feature for Clio customers. For more information on setting up two-factor authentication, read our Two-Factor Authenticator with Google Support Article.
Strong passwords are another great feature to enable for your Clio account, as it makes sure that the other users logging into your Clio account are using more complex passwords than something like "firm1234" or "password". Strong Passwords are further described in the Enforcing Strong Passwords Support Article. Clio supports passwords between 6 - 72 characters in length. The longer your password is, the harder it will be to crack by a brute force attack. To help you remember longer passwords, we suggest creating a passphrase that includes capitalization and punctuation.
By having more complex passwords, hackers and other individuals will have a more difficult time attempting to get access to your sensitive information. Additionally, Clio has measures in place that ensure passwords are stored safely in our system.
Password managers like Passpack and LastPass are great for helping you both create and store passwords, meaning fewer instances where the same password is used for multiple programs, thereby increasing your account security even further.
Account Administrators can enforce the use of strong passwords. For more information, read over our Enforcing Strong Passwords Support Article.
One of the stronger security practices you can implement in your firm is to ensure passwords are rotated out on regular intervals. Implementing the Password Expiry feature allows you to set if a password should expire in 365 days, 180 days, 90 days, 60 days, or even 30 days. The previous password will not be able to be re-used as the current or new password. Once this feature is activated, Users will receive an in-app banner warning when their passwords are to expire in 14 days. No email reminders will be sent. Dismissing this notice will dismiss it for good. There will be no further warnings. To access this feature, click on the gear icon at the upper right of your page, under System click on Security. At the upper left, select the sup-tab "Password Security".
It is easy to forget, but mobile devices are easy to lose or be stolen, even if it is always with you. Having a passcode that locks your device as a whole is essential, and the Clio apps for both iPhone and Android have a mobile PIN feature you can enable that requires you to enter a four digit code every time you open the app.
Additionally, having a locater service connected to your phone or other mobile device is a good way to find it should it be lost or stolen.
Account permissions are an important consideration when inviting a new user to your Clio account. Does this individual need access to Billing, Reporting, or Accounts? Should they be a full Administrator who can also manage your Clio subscription? Or should their access be limited to only what they really need to interact with, such as Matters and Contacts?
It's important to think about the roles people play in your firm and how that translates to your account with Clio.
Groups are a great feature that gives you the ability to assign types of users into designated categories. For many firms, the groups may be "Partners", "Attorneys", "Paralegals", or "Assistants".
But those aren't the only possible groups, it really is up to you! Many Clio customers also create groups based on practice area or billing type, or even location. And people can also belong to more than one group.
Groups remove access to Matters and Activity Descriptions, thereby protecting sensitive information they should not have access to, and for other firms it also acts as more of a filtering mechanism if they have a lot of data.
Clio Connect is the secure client portal connected to your Clio account that a client or co-counsel can access once you have shared a resource with them. Shareable resources include Documents, Calendar Entries, Tasks, Communications and more. More can be read about Clio Connect in our Clio Connect Resources.
Many of our customers utilize this service within their own Clio accounts, and we recommend that those doing so perform an review on a regular basis, in an interval you are comfortable with, where you go through all of the resources you have shared to determine if that is still required.
The best way to find all of the resources shared across your account is by going to Settings > Clio Connect & Sharing. Other ways to view the shared resources for a particular contact or matter can be read about in our "Viewing the Resources you've Shared via Clio Connect" Support Article.
You can also take advantage of our feature within the Security settings in Clio to check what IP addresses your users are accessing your Clio account from.
This is a great habit to develop when it comes to monitoring your account security, as it will allow you to quickly be able to determine if someone is accessing Clio from an unusual location.
Note that all users who choose to remain logged in to Clio will have their login session expire automatically after 30 days, at which time they will be required to log back in to Clio.
If you are interested in keeping tabs on what kind of activity the other users in your Clio account get up to, or potentially tracking down the source of a modified Matter or other resource, then the Firm Feed is a great place to start.
By doing a regular check of the activity in Firm and Matter feeds, you can ensure you are on top of what is going on in your account. Many firms do regular exports of their firm feed into a spreadsheet program to keep a record trail for this purpose.