CYBERSECURITY / V10.2

Fortress Practice.

Bank-grade encryption, immutable audit trails, and 2FA enforcement at the kernel level. We protect the privilege of your communications.

ENCRYPTION

AES-256 &
TLS 1.3 Protocol.

Every document in the Lawya Vault is encrypted with AES-256 at rest. Every transmission happens over TLS 1.3. For Firm Medium and Large tiers, we support full SSO (Single Sign-On) integration with your existing firm AD environment.

  • Audit Trails: Every file open, edit, or delete is logged with IP and Timestamp.
  • IP Whitelisting: Restrict system access to your office headquarters only.
  • Mandatory 2FA: SMS and Authenticator-based multi-factor authentication.
[SEC_LOG] INITIALIZING_TLS_HANDSHAKE...
- Version: TLS 1.3 (ChaCha20-Poly1305)
- Key Exchange: ECDHE (X25519)
- Status: SECURE_ESTABLISHED

[VAULT_ENCRYPTION_LAYER]
- Disk: /dev/sdc1 (Wasabi/Lagos_Node)
- Algorithm: AES-256-GCM
- Master Key: RSA-4096 (Hardware Backed)
- Rotation: Scheduled (Next: 01-Feb-2026)

[ACCESS_CONTROL]
- User: partner_ada_okeke
- 2FA_STATUS: VERIFIED (Google_Auth)
- IP: 197.210.XX.XX (Lagos, NG)
AVAILABILITY

Geo-Redundancy.

Three-way redundancy across Lagos nodes and secondary Wasabi cloud clusters to ensure zero data loss.

MONITORING

Live Logs.

Partners can view live system logs of staff activity. Monitor every document export and WhatsApp broadcast in real-time.

CONTROL

Lockdown Mode.

Immediately revoke all active sessions for a compromised account. Wipe local SQLite sync caches remotely.

SECURITY AUDITS

Quarterly Penetration Testing.

Independent security firms conduct quarterly penetration tests on our infrastructure. All findings are remediated within 48 hours. Reports available to Enterprise clients.

EXTERNAL

Network Scanning

Automated vulnerability scanning of all public-facing endpoints and APIs.

INTERNAL

Code Review

Manual code audits for authentication, authorization, and data handling logic.

SOCIAL

Phishing Tests

Simulated social engineering attacks to test team security awareness.

COMPLIANCE

7-Year Retention Policy.

All case files are retained for 7 years post-closure, exceeding NBA requirements. After 7 years, data is securely deleted with cryptographic verification.

  • Active Cases: Unlimited retention
  • Closed Cases: 7-year automatic retention
  • Deleted Cases: 90-day recovery window
  • Permanent Deletion: 3-pass cryptographic wipe
[RETENTION_DAEMON]
Scanning closed cases...

Case: IKE-2018-042
Status: Closed (2019-03-15)
Age: 6 years, 9 months
Action: Retain (3 months remaining)

Case: IKE-2017-089
Status: Closed (2018-01-10)
Age: 8 years, 0 months
Action: Scheduled for deletion

[DELETION_QUEUE]
47 cases pending deletion
Next run: 2026-02-01 00:00 WAT
Method: DoD 5220.22-M (3-pass)

# Compliance: NBA Rule 15(2)
INCIDENT RESPONSE

24/7 Security Operations.

Our Security Operations Center monitors all systems around the clock. Automated alerts for suspicious activity with human verification within 15 minutes.

Detection (< 5 min)

Automated monitoring detects anomalous behavior patterns

Analysis (< 15 min)

Security team verifies threat and assesses impact

Containment (< 30 min)

Isolate affected systems and revoke compromised credentials

Notification (< 1 hour)

Affected clients notified with detailed incident report

CERTIFICATIONS

Industry Standards.

ISO 27001

Information Security Management System certification (pending 2026)

NDPR Compliant

Full compliance with Nigeria Data Protection Regulation 2019

ETHICAL GUARDIAN

NBA Ethics Monitoring.

Lawya protects your license. Our AI scans firm communications for prohibited advertising language (e.g., "Best lawyer in Lagos") and unapproved fee-sharing arrangements, flagging them before they leave your outbox.

ETHICS_ENGINE_V1.1
[FLAG]: Prohibited term detected: "Expert".
[FLAG]: Solicitation language: "Contact me directly".
[Action]: Message blocked for Partner review.
RESPONSE SLA

Breach Response SLAs.

In the unlikely event of a security incident, our protocols are rigid. We provide 1-hour containment for P1 breaches and guarantee notification to the NDPC within 72 hours, as per legal requirements.

01 HR
CONTAINMENT
72 HR
NDPC_NOTICE