2019 ILTA Tech Survey Shows Leap in Phishing as Law Firm Priority

Thanks to ILTA for continuing its very important annual survey on technology use in law firms. I always find myself reading it and re-reading it to glean my clients’ needs and goals for the coming year. Since Savvy works mostly with small- to mid-size law firms, we recognize our critical role in preparing them for changes ahead. Unlike big law firms with big resources, small- and mid-size firms lean on consultants to maintain their competitive edge while they work hard on client matters. Savvy takes this responsibility very seriously.

One interesting thing I noted in the recent ILTA Tech Survey is the fast-growing attention given to security awareness training, particularly phishing campaigns.

Percentage of responding firms that conduct phishing and social engineering tests:

  • 2016: 38%
  • 2017: 48%
  • 2018: 61%
  • 2019: 68%

In fact, the report noted: “Phish testing (68%) is almost a requirement at this point as well, and KnowBe4 has certainly become the dominant player in that area. Log retention and consolidation have become prevalent and look for that to increase dramatically as it is often a client security requirement. One would think smaller firms will be looking to outsource this as it requires a lot of expertise and time commitment to configure properly.”

Savvy Training & Consulting was one of the first certified training partners to offer KnowBe4 training to the legal industry and we have seen dramatic results in the firms with which we work.

Cybersecurity is Everyone’s Job

Did you know that the number-one way that hackers gain access to sensitive data is through email? Watch this 60 Minutes segment to see just how easy it is for criminals to gain access to your network.

Savvy Training & Consulting is proud to partner with KnowBe4, the world’s most sophisticated and effective security awareness training company. And, because Savvy knows the legal industry, we add value to the law firms who use KnowBe4, offering industry-specific advice for more impactful trainings.

KnowBe4’s Enterprise Security Awareness Training works like this:

1. Baseline Testing: First, assess your law firm’s risk and your weak points with baseline testing. KnowBe4 provides baseline testing to assess the phish-prone percentage of your users through a simulated phishing, vishing or smishing attack.

2. Train Your Users: Second, using the information from the baseline test, train your users to be more security-aware. KnowBe4 offers the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters. KnowBe4 also includes automated training campaigns with scheduled reminder emails.

3. Phish Your Users: Third, send fake phishing scams to test users’ adoption of the training information. KnowBe4 offers best-in-class, fully automated simulated phishing, vishing and smishing attacks, thousands of templates with unlimited usage, and community phishing templates.

4. See the Results: Fourth, analyze the results and train again. KnowBe4 provides enterprise-strength reporting, including both high-level and granular stats and graphs. You can even drill down to a personal timeline for each user.

If you are concerned about your law firm’s vulnerability to hackers, contact me today. I can even provide you with a couple of free tools from KnowBe4 that might help you successfully pitch this to your firm’s managers!

(PS. If the attorneys in your firm still think PDFs are “secure documents,” you might want to share this article, too.)


Leave a Reply