GDPR for Law Firms: Protect Your European Clients

Unless you have your head under a rock (or a pillow, in which case I’m jealous), you have heard of the European Union’s push for more identification protections for its citizens. It’s called the General Data Protection Regulation (GDPR) and it is a sweeping undertaking that applies to all European citizens, no matter where they live.

Basically, any company, organization or firm that manages and maintains information on a European citizen must be in compliance with GDPR. It doesn’t matter if you operate out of a hut in northern Alaska; you must comply with GDPR if you collect, process and maintain data on Europeans.

Sooooo, yeah. We all have to be compliant because, if you don’t have Europeans in your system now, you will one day (probably sooner rather than later) and you don’t want to find out after-the-fact that you’ve exposed a European client to identity or data theft. That will not only stink for your business and your brand, but it will put you crossways with international law. Talk about a time/resources suck.

If you are a law firm administrator, you’re probably well on your way to locking down your systems to maintain GDPR compliance. But I’m wondering if you’ve considered the entire pathway that hackers use to access your sensitive client data.

Namely, are your employees trained to recognize email phishing attempts against your network? All the firewalls and security protocols in the world won’t protect you from “Sandy” who likes to shop for boots on her lunch hour and clicks on all the offers in her inbox. One wrong click and suddenly your entire firm is locked down with ransomware or your sensitive files are spread wide for criminals to loot.

Of course, cybercriminals have always been on your mind and you know that you’re in a constant battle to sustain your fortress, but now GDPR makes that mission more imperative. Failure to comply with GDPR will be expensive. Organizations that fail to protect European citizens from data and identity theft will face significant fines – as high as four percent of your firm’s annual revenue! Furthermore, individuals may take action against any entity that improperly handles their personal data.

It’s time to educate “Sandy” about her risky shopping ways! You need to teach your employees to recognize suspicious email so that they can be your first line of defense, instead of your weakest link.

The KnowBe4 security awareness program was created by Kevin Mitnick, infamous hacker and now world-renowned security expert. The KnowBe4 platform starts with an education program that teaches your attorneys and staff how to recognize suspicious emails. Then, you can create simulated phishing emails that you send throughout your law firm. From the results, you know the types of emails that your employees need help recognizing as suspicious and the people who need extra training.

And you will get nearly instantaneous results. We have learned that people are less likely to click on a fake email after experiencing one simulation in which they fail. (ie. If they click on a fake phishing scam and discover that they were suckered, they are 20% less likely to do it again.) And that’s after just one simulation! Imagine if you had an ongoing phishing simulation/training program to help your employees keep their guard up!

As a partner with KnowBe4, I can help you create compelling, fake emails, push them out to your firm, track the people who are vulnerable, and educate everyone to be more astute when they click! We recently helped a firm drop from a 20% fail rate to a 4% fail rate using KnowBe4. Read about their success here.

Here’s how it works:

  • You become a KnowBe4 client
  • Upload your users to the system
  • Launch a baseline phishing test using any number of templates
  • Using the results from that phishing test, launch targeted trainings to help your employees be more discerning clickers
  • Every month or quarter, send out another phishing campaign
  • Track improvements down to individual users over time

This system is updated continuously with new phishing templates that you can use to phish your law firm, learning who is vulnerable to scams and who needs training.

The KnowBe4 system is simple and yet incredibly effective in helping you to build your first line of defense against cyber attackers who know that the weakest chink in your law firm security system is your employees!

Are you worried about your employees clicking on a phishing scam, exposing you to GDPR fines? Contact me for a free demo of KnowBe4 today!, 303-800-5408


Leave a Reply