October is National Cybersecurity Awareness Month. This is a big deal! In fact, this national awareness month was established by the Department of Homeland Security 15 years ago when it became increasingly apparent that our very democracy was vulnerable to attack in a brand new way – electronically.
In the not-too-distant past, Americans scarcely worried about threats to our borders, let alone to the computers sitting on our desks… and our bank accounts, our credit reports, our very identities.
Yet here we are today in 2018 when it feels like we are most vulnerable online. Can you even imagine traveling back in time and trying to explain this threat to your grandparents? “In the future, there’s this thing called the Internet…”
As you well know, cybersecurity is near-and-dear to my heart because I’m passionate about helping law firms protect their sensitive data from thieves. And if there’s one thing I’ve learned it’s that there is no electronic or digital silver bullet to stop this threat. There is no firewall or alarm system that can stop the bad guys consistently every time. Instead, the key to our security is very low-tech: We must educate ourselves and others to stop opening the front door to criminals!
Just as you tell your children never to open the door to strangers, we must educate our employees to never open the door to hackers.
And the best way I’ve found to do this is through ongoing education and testing.
Teach Your Law Firm to Keep the Doors Locked When Hackers Come Knocking
OK, first of all, what is the #1 way that hackers come knocking? Through phishing emails right into your employees’ in-boxes. Why? Because that is where you are most vulnerable. One click on a nefarious email and your front door is wide open.
While it would be nice if we could somehow block phishing emails and only allow legitimate emails to hit our networks, we’ve all learned that such hard-core tactics end up blocking real emails (in the law firm industry that means “real work”) and it creates a false sense of security for email users.
The hands-down most effective way to protect yourself and your law firm (and your clients) from phishing attacks is to educate your entire firm to recognize, isolate and report suspicious emails. In other words, you need ongoing security awareness training, and this training should include:
- Continuously updated phishing templates that mimic the very latest attacks
- Phishing templates that you can customize
- Phishing campaigns that you can release at the press of a button
- Reportable results down to individual users
- Training materials to support in-person and online (LMS) learning
I’ve studied many security awareness training companies and my hands-down favorite is KnowBe4 because I think it offers the best content for law firms, makes the trainings as easy as possible on administrators, and it works.
The KnowBe4 simulator enables you to create compelling, fake emails, push them out to your firm, track the people who are vulnerable, and educate everyone to be more astute when they click. Here’s how it works:
- Upload your users to the system
- Launch a baseline phishing test using any number of templates
- Using the results from that phishing test, launch targeted trainings to help your employees be more discerning clickers
- Every month, send out another phishing campaign
- Track improvements down to individual users over time
Are you worried about your firm’s vulnerability to phishing attacks? Then, time is of the essence. Learn more about this effective, affordable security awareness training platform by contacting me today. I can give you a free demo and answer all of your questions.
BONUS INFORMATION: Back in June, I posted a popular article listing the Top 10 Ways to Spot a Phishing Email. Feel free to print it up and post it above the coffee pot in your office.