By now, everyone knows that they need to provide security awareness training for their law firms. We work with a lot of firms that have been providing KnowBe4 security awareness training for years. Their employees are trained to recognize and report suspicious emails, keeping their firms safer. But now, we’re learning that all this reporting is causing the IT departments to be overwhelmed by phish alerts.
There are pros and cons to this dilemma. On the pros side, employees have been trained to be proactive and they are embracing their role as the front line of defense against cyberattacks. On the cons side, some employees report absolutely everything. Also, there really are a lot more cyberattacks on law firms than there were just five years ago.
What is an IT department to do? The sheer number of reported phishing emails is enough to clog up efficiency and security.
KnowBe4, bless them, has the solution! They, too, saw what was coming and created PhishER, PhishML and PhishRIP. Here’s how it works:
- A suspicious email lands in your user’s in-box.
- This well-trained user reports the email using the Phish Alert Button (PAB).
- The email is sent into the PhishER platform.
- PhishML, or Machine Learning, takes that reported email and automatically processes it through various rules. PhishML analyzes the email and generates confidence values, which are used to tag messages.
- Based on the tags, PhishER can take one of many actions, such as:
- If it deems the email a serious threat, it will “de-fang” it and send it to the security team.
- It can search through the entire firm’s network and rip it out of everyone’s in-boxes. (PhishRIP)
- It can quarantine all emails from that sender.
- It can keep tabs on employees who over-report so that you can assign them more training.
- It can flip it using PhishFlip: Using the same email, it replaces all of the actual threats with simulated threats and puts it back in employee mailboxes as a training/reporting tool.
The PhishER Dashboard Helps IT Departments Overwhelmed by Phish Alerts
Because PhishER was designed and developed by KnowBe4, the platform is incredibly easy to use. Not only is it easy to assign rules for email actions, but the dashboard gives you glimpses into the weeds all the way up to the 50,000-foot view. Overall, how many suspicious emails were reported today? Last week? Last year? That data is easy to find. (Imagine knowing which days your holiday phishing emails hit hardest? With PhishER, you can.)
You can also drill down to individual users to see what kinds of scams hook them. Is Betty inclined to click coupons? Send her more opportunities to learn the differences between plain-old ads and scams.
You can also use data collected in PhishER to boost your security awareness training. Run a report on the subject lines that always seem to hook your users. Then, create a phishing template for training based on that intel.
Automate Your Email Security Today
With PhishER, your IT department’s load decreases exponentially while your law firm stays safe. Your IT team was never meant to be an email babysitter; set them free to do their real jobs in service to your firm.
Automate the funnel of email decisions using PhishER. Book a quick demo today using Calendly and you’ll see why this tool is so powerful!