Most high-profile cyber security breaches occur when hackers target an organization's weakest link – its people.
Want to see a lawyer (or IT director) sweat? Whisper the words “data breach” in their ear.
One way for law firms to keep themselves from becoming the next cyber victim is to make everyone in the firm a member of the “defense.” Security awareness training is a great place to start.
To add that extra layer of data security, 49% of firms having security awareness training programs in place – and for law firms with more than 350 attorneys, that number increases to 86%.
Why are law firms investing in security awareness training? Since 2009 the FBI has been warning that hackers are targeting law firms.
What Is Security Awareness Training?
Security awareness training is, you guessed it, a program or process that educates employees on computer security.
I’m not referring to the type of “program” where there’s an “acceptable use policy” thrown together and handed out to new and existing employees, but an actual formal program that brings awareness to employees of the security risks in their actions, with examples of how security can be compromised, and training on how to be proactive in minimizing information security risks.
However, most organizations don’t have the in-house expertise needed to create an effective security awareness training program, which is one of the factors playing a role in the trend toward more outsourcing – 79% of these programs were developed internally in 2015, compared to 86% in 2014.
Why Do You Need it?
Most high-profile cyber security breaches occur when hackers target an organization's weakest link – its people.
And to “beat” cyber-threats, it’s all about how quickly and effectively your firm responds to hackers and removes them from your systems.
Your workforce is your number one defense against attacks. Providing them with the knowledge and tools to protect your firm’s data from hackers adds a great first line of defense to your overall security plan.
Don’t neglect the human factor. Technology can only do so much to protect all of the sensitive case files you have. Those files are information-rich and, when vulnerable to attacks, can result in the loss of intellectual property, confidential client information, respect, and revenue.
A security awareness training program for your law firm will make everyone feel more secure because everyone:
- Knows they have the right technology
- Understands how to spot an attack
- Can take the next steps to handle any attacks they see
Security Tips
As you create a security awareness training program, here are a few security tips to start with.
- Information Security Policies – Set expectations of how employees should behave with their access and use of data. Employees can’t follow the rules if there aren’t clearly set rules to follow.
- Encryption – By encrypting your data (whether it’s at rest, in use, or in transit) and sensitive emails, your confidential information will remain, well, confidential.
- Secure Mobile Devices – Technology isn’t going anywhere so make sure they’re being managed and secured. Encryption will also enhance mobile security, but also use things like password protection or use a remote wipe if the device is lost or stolen.
- Avoid Open Wi-Fi – Never hop on an unsecure, public Wi-Fi and start looking at client documents. Use your firm’s VPN (Virtual Private Network) to ensure your opening and reading client information securely.
Is your firm doing everything it can to safeguard client data? Security awareness and training will help ensure that you are.
Have questions? Let’s talk – we’d love to hear from you.
