On May 5, 60 Minutes ran an entire segment on ransomware and, if you’re looking for ways to convince your partners to invest in security awareness training, you should make them sit down and watch this video!
In it, your firm’s leaders will learn what you’ve probably known for a while:
- Ransomware is on the rise: 26% of cities and counties fend off an attack every hour
- Dozens of hospitals have been held hostage
- “Everyone should expect to be attacked.” The FBI
- “Once it happens, you can’t afford NOT to pay.” A Security Professional
Think Your Firm is Too Small for Criminals to Care About You? Think Again.
Another myth that the segment busted was the commonly held view by many small to mid-size firms that their organization is too small to draw a criminal’s attention. This viewpoint imagines that crooks are out there, hunkered over computers, looking for big, rich targets. But they aren’t.
As reporter Scott Pelley put it: These are automated attacks using programs that scan hundreds of thousands of networks while the crooks “sit back and drink coffee until they get results.”
When they get a hit, within 5 minutes, the automated programs can lock up every file in your network. And not only do the criminals demand money, but they threaten to release sensitive information if you don’t comply within a certain time period.
Ask your managers to imagine calling their biggest clients to explain that their most sensitive financial transactions or personal information is now available for everyone to see.
Your Own Employees Are Your Biggest Vulnerability
In one of the 60 Minutes Overtime segments, an FBI representative explained some of the technological tactics that organizations can do to protect themselves. But then this slide flipped up on the screen:
In fact, the gist of the story was that there is literally no way to block attacks using technology alone. You need to make PEOPLE your first line of defense through awareness training. Watch the Overtime segment titled, “Protect Your Computer From Ransomware,” starting at the 1:19 mark.
Then, Tell Your Manager You Know How to Train Employees to Protect Your Firm
The hands-down most effective way to protect yourself and your law firm (and your clients) from phishing attacks is to educate your entire firm to recognize, isolate and report suspicious emails. In other words, you need ongoing security awareness training, and this training should include:
- Continuously updated phishing templates that mimic the very latest attacks
- Phishing templates that you can customize
- Phishing campaigns that you can release at the press of a button
- Reportable results down to individual users
- Training materials to support in-person and online (LMS) learning
I’ve studied many security awareness training companies and my hands-down favorite is KnowBe4 because I think it offers the best content for law firms, makes the trainings as easy as possible on administrators, and it works.
The KnowBe4 simulator enables you to create compelling, fake emails, push them out to your firm, track the people who are vulnerable, and educate everyone to be more astute when they click. Here’s how it works:
- Upload your users to the system
- Launch a baseline phishing test using any number of templates
- Using the results from that phishing test, launch targeted trainings to help your employees be more discerning clickers
- Every month, send out another phishing campaign
- Track improvements down to individual users over time
Are you worried about your firm’s vulnerability to phishing attacks? Then, time is of the essence. Learn more about this effective, affordable security awareness training platform by contacting me today. I can give you a free demo and answer all of your questions.