Putting Our Money Where Our Mouth Is

If you want to achieve a goal, logic tells you that the steps you take to achieve it should be directly linked to success. For example, if you have a two-a-day Starbucks habit and you’re trying to save money for a present for your girlfriend, logic might tell you that decreasing your trips to one a day or one a week might help to achieve your goal. If you want to lose weight, logic tells you that eating less and exercising more might be a great way to achieve your goal.

So, when I read a recent article in the Global Legal Post, I had a whiplash moment. (You know, when you do a double-take so hard your neck hurts?) It seems that, when it comes to law firm security, “careless employees are overwhelmingly the number one concern for IT professionals.”

The article continues: “When asked to name the greatest information security threat currently facing their organisation, 60.9% pointed the finger at the ‘careless employee’. Only 6.6% cited ‘internal bad actor threats’ (such as a deliberate leak by a disgruntled employee) as their number one concern, while 9.9% were concerned about ‘external bad actor threats’ like hackers. Malware was the second most commonly cited threat with respondents, at 11.9%, while only a miniscule 0.7% were most concerned about the rise of cloud computing.”

And yet, do you know how much of their budgets these firms were dedicating to security? Only 9% of firms even had a separate budget for information security! Further, of the majority of firms that blend information security costs into their overall IT budget, information security accounted for less than 10% of that budget at 79% of firms.

That seems illogical.

So, I started wondering why the budgets were so low… where they existed at all. And I arrived at one possible answer: the problem seems so huge that the firms believed no amount of money would help protect them… so that’s what they allotted: no (or little) amount of money.

The irony is that, for the firms’ number-one concern – careless employees – there is a relatively inexpensive solution! Training!

Cybersecurity Training for Law Firm Employees

You don’t need a fancy firewall or a giant software program or even a witch doctor, for that matter, to effectively build your first line of defense. You need a good training program. One that can provide quantifiable results and a solid ROI.

As an approved partner with KnowBe4, Savvy Training & Consulting can teach your employees to recognize malicious emails and we can help your firm to create a secure process for managing the stream of malicious emails that comes your way.

Even better: it doesn’t take much time or money. We can spoon-feed your firm’s employees any number of bite-size videos that cover the following:

  • Security Awareness Training Overview
  • Ransomware
  • Credit Card Security
  • Handling Sensitive Information Securely
  • Mobile Device Security
  • PCI Compliance

One of my favorite KnowBe4 programs enables you to use templates to create your own email phishing scams – a favorite technique of cybercriminals in identifying your weak links. Using these templates, you can create emails that seem to be from the firm’s COO, or offer bogus coupons for lunch. The sky is the limit. This system also allows you to track who clicks on these fake emails, enabling you to target the appropriate trainings to the right audiences.

And all of these efforts are cost efficient and effective. KnowBe4 reports: “After a year of helping our customers train their employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks, we decided to go back, and look at the actual numbers over those 12 months. We aggregated the numbers and the overall Phish-prone™ percentage drops from an average of 15.9% to an amazing 1.2% in just 12 months.”

If you’d like to chat further about protecting your firm from social engineering attacks, don’t hesitate to call me or email me at: 303-800-5408 or Doug@savvytraining.com.


Savvy Training & Consulting works with leading companies and technologies to deliver the most up-to-date training solutions and curricula to law firms. Savvy recently unveiled an award-winning Learning Management System (LMS) for law firms, SavvyAcademyTM, which delivers scalable training capabilities, reportable data down to the individual user and 24/7 support, all for a fraction of the cost of traditional LMS services.


Leave a Reply