Survey Says! Employees Worse Than Hackers When it Comes to Putting Firms at Risk

A recent study shows that cybersecurity breaches aren’t caused by issues with your firm’s hardware or software; it’s your people. But, come on, I’ve been saying this for years. Still, it’s nice to have (yet another) study to prove my point.

In this case, SolarWinds reported that human error is by far the leading case of security breaches. I mean, seriously, humans are WAY outpacing the machines and other tools in terms of mistakes. reported on the study, saying: “Internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organization’s network or systems (31%).”

Put another way, unwitting employees are actually doing more than twice as much harm to corporate America than hackers!

Here are some additional stats from the study…

Cyber security threats leading to security incidents within the past 12 months:

  • 15% – Malicious employees stealing assets &/or IP
  • 31% – External threat actors infiltrating organization network &/or systems
  • 36% – Exposures caused by poor network system &/or application security
  • 3% – Other
  • 80% – Users making mistakes that put organization at risk

Security Awareness Training: The Number-One Way to Protect Your Firm

The hands-down most effective way to protect yourself and your law firm (and your clients) from hacker attacks is to educate your entire firm to recognize, isolate and report suspicious emails. In other words, you need ongoing security awareness training, and this training should include:

  • Continuously updated phishing templates that mimic the very latest attacks
  • Phishing templates that you can customize
  • Phishing campaigns that you can release at the press of a button
  • Reportable results down to individual users
  • Training materials to support in-person and online (LMS) learning

I’ve studied many security awareness training companies and my hands-down favorite is KnowBe4 because I think it offers the best content for law firms, makes the trainings as easy as possible on administrators, and it works.

The KnowBe4 simulator enables you to create compelling, fake emails, push them out to your firm, track the people who are vulnerable, and educate everyone to be more astute when they click. Here’s how it works:

  • Upload your users to the system
  • Launch a baseline phishing test using any number of templates
  • Using the results from that phishing test, launch targeted trainings to help your employees be more discerning clickers
  • Every month, send out another phishing campaign
  • Track improvements down to individual users over time

Are you worried about your firm’s vulnerability to cyber attacks? Then, time is of the essence. Learn more about this effective, affordable security awareness training platform by contacting me today. I can give you a free demo and answer all of your questions.


Leave a Reply