Hacking and ransomware are center stage, people. If you aren’t paying attention now, then you shouldn’t be given an email account by anyone you work with or for.
And if you’re in IT, responsible for securing your law firm’s sensitive client data, I sure hope that you are focusing on the least-techy-yet-most-vulnerable security threat you’ve got: your people and their email.
Did you know that the attack on Colonial Pipeline was likely caused by an email phishing campaign? Forget all the cloak-and-dagger nonsense about criminals slipping malware like a Trojan horse into some software update (although that is huge, too). This crippling ransomware event started when some Colonial employee clicked on a link in a fake email.
The result? Panic at the gas pumps, airlines landing planes to fuel up in completely random places. And fear. People were scared.
Because someone clicked on a fake link in an email! This is so easy to fix! In fact, Katie Nickels, Director of Intelligence for Red Canary, said in a CNBC article:
“I think there’s a lot of fear out there and a lot of people are freaked out … but it is possible to detect these ransomware intrusions early on,” continued Nickels. “It’s very doable to detect these operators. … You can find them and stop them before it gets that bad.”
Stop Phishing Success at Your Firm
If it is your job to protect your law firm from attacks like the one that hit Colonial Pipeline, then your goal is to create a human firewall by educating your law firm staff and attorneys to recognize and report suspicious emails before they click on anything. In a nutshell: you need phishing emails to fail miserably when they hit your network.
It’s not as hard as you think. KnowBe4’s Security Awareness Training and Simulated Phishing platform combines the best technologies with the best educational practices to turn your law firm staff and attorneys into a human firewall.
Recently, KnowBe4 commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study, examining the potential ROI that enterprises might realize by implementing the KnowBe4 Security Awareness Training and Simulated Phishing and PhishER platforms. The complete report is riveting (truly!) but here are some key takeaways.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed the IT security awareness program manager at a global chemical manufacturing company with more than 10,000 computer users. Forrester used this testimony to create a three-year financial analysis.
In the year prior to implementing the KnowBe4 Security Awareness Training & Simulated Phishing platform, the organization experienced various security breaches. One breach prompted a five-day manufacturing plant shutdown, while another led to a two-day malware-caused production outage in one of its labs. Also, the organization’s accounts payable department kept receiving fraudulent invoices on behalf of vendors that have been compromised and one of the organization’s executives became the target of a phishing attack. Decision-makers wanted to tackle the problem right where they saw that most threats could be shielded off — at the user level — by instituting a cybersecurity awareness program that would sustainably improve the organization’s overall security posture.
Since investing in KnowBe4 three years ago and rolling out initial baselining and ongoing training to its global user base, the organization’s Phish-Prone Percentage (KnowBe4’s failure indicator of users who click on phishing emails) has dropped from 19.2% to 2.8%, and the organization has not experienced cybersecurity incident-related outages or plant shutdowns on the scale that it previously did.
Forrester found that this organization experienced benefits of $1,125,677 over three years versus costs of $299,505, adding up to a net present value (NPV) of $826,172 and an ROI of 276%.
There was another benefit, as well: culturally, there was more collaboration and trust across the enterprise, leading to a more proactive approach to cybersecurity.
Effective Law Firm Security Awareness Training
Savvy is a licensed KnowBe4 provider to the legal industry. We have helped law firms implement the KnowBe4 training system and deliver huge phishing reductions as a result.
KnowBe4’s easy-to-implement platform integrates baseline testing using mock attacks, engaging interactive web-based training, and continuous assessment through simulated phishing, vishing and smishing attacks to build a more resilient and secure organization.