I recently got a call from a law firm that was looking for a trainer to come in and provide a full day of classroom-based training covering phishing, ransomware and other cybersecurity threats. Of course, I was thrilled to be first on her list of vendors to call, but I also felt obligated to give her some advice. Namely: one-off, classroom-based trainings won’t deliver ongoing security awareness among employees. And classroom-based trainings are expensive!
Instead, I suggested that she adopt a training program that provides continuous education and tests (via fake phishing campaigns) so that employees develop a deeper, more lasting awareness of the many ways their law firm is under attack every day. Only through continuous, hands-on learning will employees serve as a law firm’s first line of defense.
(Side note: if you think your email filters will protect your firm, think again. Email filters have an average of 10.5-15% failure rate, meaning you need a strong HUMAN firewall as your last line of defense. This person who called me fully understood her firm’s need for training; she just didn’t know the best way to deliver it.)
My favorite (and world’s best) security awareness training company is KnowBe4. It was created by hacker-turned-protector Kevin Mitnick and now is used by Fortune 500 companies, governments, law firms and even universities worldwide. Savvy Training & Consulting is proud to be a KnowBe4 vendor.
Recently, I was studying my clients’ results using KnowBe4. It’s easy to assess the success of the KnowBe4 program because a firm takes a benchmark phishing test to discover how phish-prone they are before launching the education-and-testing program. In looking at my clients’ ongoing statistics, I can literally correlate a lower phish-prone score to the firms that launch the most phishing tests, with follow-up education campaigns.
These statistics tell me a couple of things:
- Firms that test more often reap the biggest drops in their phish-prone percentages, meaning…
- Ongoing education is key to creating a human firewall as your last line of defense.
But ongoing testing does not have to mean “more expensive.” In fact, KnowBe4 is quite affordable and priced by the seat. There are even different levels of pricing for various packages (silver, gold, platinum and diamond). Firms can pick the features that best match their needs, including:
- Unlimited phishing security tests
- Automated security awareness program
- Security “hints & tips”
- Training access level 1
- Automated training campaigns
- Phish alert button
- Phishing reply tracking
- Active directory integration
- Industry benchmarking
- Virtual Risk Officer
- Advanced reporting
- Crypto-ransom guarantee
- Training access level 2
- Monthly email exposure check
- Vishing security test
- Smart groups
- Reporting APIs
- Security roles
- Social engineering indicators
- USB drive test
- Priority level support
- Training access level 3
- AIDA Artificial Intelligence-driven Agent BETA
Would you like to see KnowBe4 in action through a free demo? Or would you like to receive a quote for your firm? Give me a call (303-800-4568) or shoot me an email (Jay@SavvyTraining.com) today!