According to a new report released by KnowBe4, the legal industry faces a higher than average phish-prone percentage. The average company, across industries, is 30% phish-prone, meaning 30% of its employees will fail when confronted with a phishing email.
Another way to think about it: 30% of their employees are likely to let cybercriminals into their network.
In law firms, that percentage is even higher – as high as 32.7 percent, depending on the size of the law firm. Meaning: law firms – in addition to being hot targets due to the amount of sensitive data they collect – are more likely to get hacked than the average American company.
That ain’t good.
However, the report also finds that sustained, meaningful security awareness training can significantly reduce that percentage. Meaning: people can be trained to protect your law firm.
The report, titled, “2020 Phishing by Industry Benchmarking Report,” finds that, after one quarter of security awareness training, a law firm’s phish-prone percentage drops to 15.6%. After 12 months of security awareness training, that percentage drops to 2.3%. That is a very meaningful difference in your firm’s battle against hackers and ransomware operators.
But, the key to winning this battle is to set up a security awareness program that actually works. You can’t offer a few 10-minute videos once a year and expect to make a difference. Instead, security awareness training for law firms must engage employees, and they must care about the outcomes.
But how do you do that? Well, join us and find out!
Savvy Hosts Security Awareness Webinar
Join us for a webinar with a co-author of the report above, Joanna Huisman, on Friday, October 30, at 11 am MDT/1 pm EST. We are hosting this event in coordination with ILTA for their monthlong education series on Cybersecurity Awareness Month.
In addition to an in-depth review of the 2020 Phishing report, our webinar with Joanna will cover:
- The knowledge-behavior gap
- Getting people to care about security awareness
- The importance of baseline testing
- Why you can’t run security tests with the same phishing templates over and over
- Rewarding positive growth
- Creating impactful consequences that keep people engaged
If you don’t have a consistent security awareness training program, and you’re trying to convince your law firm managers that you need one, invite them to this event. Click this link to register today!