Approximately one in three law firms will be targeted for a cyber attack this year, an increase of 25 percent in the past five years.
And your greatest vulnerability is not a software defect or network failure – it’s the people working in your office.
“You might have an incredibly talented, diverse group of professionals at your organization,” says this 2019 cyber threat report from Mimecast. “But cybersecurity’s dirty little secret is that no matter how skilled your employees are, they still usually represent your biggest risk. Research shows that human error ranks even higher for cyber risk than software flaws and vulnerabilities. So high, in fact, that it’s a contributing factor in more than 90 percent of breaches.”
Reducing the human risk factor starts with awareness and education. Everyone in your office – starting with the top leaders – must make cybersecurity a priority. The consequences of doing nothing could be catastrophic.
Protect your practice by attending our free CLE webinar on August 14 on “Top 10 Things to Prevent a Data Breach.” It’s just one benefit of membership in Alta Pro Lawyers RPG. Learn how to join here.
Awareness is the Starting Point
Increasingly, law firms are providing cybersecurity training to their employees. One in four offers training at least once a month – an increase of 11 percent since last year.
Simulated attacks and penetration tests are effective ways to identify vulnerabilities. If you’ve conducted a real-life test in your office, you know that the results can be eye-opening.
“Mimecast recently conducted a phishing simulation with a 6,500 employee software company that does not provide awareness training,” says this cloud-based email security source. “The results showed that more than 500 employees clicked on a phishing email link in under a second. Thankfully, there’s a flipside to this: when properly trained, alert and aware, your people can serve as an integral part of your security program and your first line of defense.”
Another key to prevention: understanding what is at stake. Of organizations (not just law firms) that experienced an email-based impersonation attack in the last 12 months, 39 percent lost data, 29 percent lost financial information, and 28 percent lost customers. This doesn’t account for reputational damage and loss of client trust.
In the wake of a significant attack, some firms have even had to close their doors.
6 Tips for Effective Cybersecurity Training
“The most widely used method (62 percent) of awareness training happens in a group session,” says Mimecast. “Following group training sessions, other popular methods include interactive videos highlighting best/worst security practices (45 percent), formal online testing (44 percent), reference lists of tips (44 percent) and one-on-one training sessions (44 percent).”
Here are 6 tips for cyber training in your firm:
- Make it a process, not an event. Training should be consistent, ongoing and constantly updated to keep up with evolving threats. Mimecast recommends supplementing your training with phishing simulations. Develop a system to identify higher-risk employees and give them additional or enhanced training.
- Make it engaging. The more lively the training, the more likely its lessons will sink in. Make it fun. Give prizes for correct answers.
- Make it relevant. Use scenarios that actually arise in the office. Discuss recurring problems and risky situations.
- Make it mandatory. Your office is only as strong as its weakest link.
- Make it happen at least quarterly. Any less than that and interest wanes, retention dips, and effectiveness falls flat.
- Make it meaningful. Bring in an outside company to do the job.
How do you approach cybersecurity awareness in your firm?
Alta Pro Lawyers RPG can help with your cybersecurity training. Our Pro Practice Playbook is full of tips and pointers. Our free webinars – like the August 14 program “Top 10 Things to Prevent a Data Breach” – keep you up to date. And for extra security, we offer comprehensive cyber-liability insurance protection. Find out more here.