“Unusual and Really Scary” — Recent Ransomcloud Chain has Security Experts Worried

Bad guys never sleep. They are constantly looking for ways to get through your security systems and their favorite method is through email. Why? Because humans are notoriously trusting (and curious like a bunch of chimpanzees) and we will click on anything.

Check out the latest warning from KnowBe4’s Chief Hacking Officer Kevin Mitnick. (He actually used to be a bad guy and now, jiu-jitsu-style, he is using his mad skills against the enemy.) I suggest you watch the 5-minute video that Kevin posts in this blog. The first few minutes are visually dull but keep watching because at 3:40, things get really scary.

The lesson here isn’t that you need to train yourself and your law firm employees to fight this particular phishing attack. You need to train them to fight all phishing attacks. And just as bad guys are constantly finding ways to infiltrate your firm, you need to constantly train your employees to recognize suspicious emails.

Studies show that a single training will help to raise awareness and vigilance among employees but their vigilance tapers off over time. The key is in maintaining consistent top-of-mind trainings and phishing tests that help keep your employees vigilant all the time.

In order to systematize your security awareness training, you need two things:

  1. A security awareness partner whose entire mission is to monitor the bad guys and create trainings and fake phishing campaigns that keep your law firm ahead of their nefarious ways.
  2. A training delivery technology that “feeds” your employees each training they need, monitors their participation and reports on their success rates. This is also called a learning management system (LMS).

As you can imagine, I have a solution for you! Let’s break it down below…

1. Security Awareness Partner

I whole-heartedly recommend KnowBe4. As evidenced by the video I linked to above, KnowBe4 is like a bloodhound stalking cybercriminals. I’ve been impressed again and again by the discoveries that KnowBe4 makes and the speed at which they release new trainings and campaigns that turn employees into a company’s first line of defense against the bad guys.

But don’t take my word for it. Gartner placed KnowBe4 in its “Magic Quadrant” for Security Awareness Computer-Based Training in 2017.

Even better for those in charge of law firm security, KnowBe4’s trainings roll out in three easy steps: 1) Train your users, 2) Phish your users, 3) Use the results to train and phish again. And the results speak for themselves: one law firm that we trained using KnowBe4’s platform went from a 20% fail rate to 4% in just four weeks.

The only problem is that every law firm trainer or security officer I know is already up to his or her eyeballs in work. This is why you need a technology to essentially handle the entire process for you.

2. Learning Management System

You need an LMS that can upload all of KnowBe4’s ongoing training updates, push them out to learners on a regular basis, monitor participation and report back on those achieving great successes and those requiring additional help.

I recommend the SavvyAcademyLMS. Why? Because it includes…

  • No annual capital expense for hardware or software licenses.
  • By-the-seat pricing. You may have 200 people in your law firm but if you only want 100 to use it, you’re only charged for 100 users.
  • The SavvySMART Content Library. (But it also works well with other content resources.)
  • Cloud hosting and 24/7/365 support provided by Savvy Training & Consulting.
  • Both a state-of-the-art, intuitive delivery system as well as rich, continuously updated content.
  • Trackable, reportable data down to each individual user.
  • Complete control and customization opportunities for trainers and administrators who need to tailor their continuing education to individual attorneys, from new hires to seasoned legal eagles.
  • Access to a social network of subscribers who continuously discuss challenges, ideas and successes that they are facing in their firms.

Also, Savvy Training & Consulting is an authorized KnowBe4 partner so we are privy to all of the advance work that the company is doing and we can serve as yet another line of defense. All of the KnowBe4 materials can automatically load into your SavvyAcademy LMS so that all you have to do is launch the phishing campaigns and read the reports that come back to you.

Can You Afford to Wait?

Imagine that your law firm is infiltrated by ransomware that locks down all your email for a day or a week. Or worse, it encrypts sensitive client data. For a small investment today in security awareness training and an LMS, you could avoid a true catastrophe in the future.

If you’d like a free demo of KnowBe4 and/or SavvyAcademy LMS, please contact me today. Doug@SavvyTraining.com , 303-800-5408


Leave a Reply