I’m writing this story about a law firm that recently signed up with Savvy for our KnowBe4 security awareness training. I’ve changed the names of the people and the firm, but the story is true and the quotes are accurate. Read on!
Benjamin Stevenson, Director of Information Technology with Joseph & Joseph, has noticed a trend: current and prospective clients are increasingly asking for proof of law firms’ security training and other prevention measures.
“One prospective client’s RFP recently asked about participation rates among our attorneys and staff in our security training program,” says Stevenson. “They wanted to know how many people – what percentage – were actively taking our security awareness courses.”
These client inquiries please Stevenson, who is constantly working to keep the firm safe from phishing scams, malware and ransomware.
“Client demands will drive a culture shift at the firm and they give me ammo when I go chasing people who don’t complete the courses by the deadline,” says Stevenson. “Our firm’s success in recruiting and keeping clients hinges on our ability to assure them that their sensitive materials are safe with us.”
Luckily, Joseph & Joseph was ahead of this client-driven curve. Nearly two years ago, Stevenson began seeking a partner who could provide effective, ongoing security awareness training. He ran into roadblocks at training companies that insisted he bundle the security training program with other products and services that they offered.
“They were using our security needs as a way to get a foot in the door to sell us more stuff,” recalls Stevenson, who closed that door and kept looking.
Ultimately, he found KnowBe4, offered through Savvy Training & Consulting.
“Doug at Savvy offered exactly what we needed at a reasonable price and didn’t try to upsell us anything,” says Stevenson. “And the results have been fantastic.”
KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. The system includes a series of trainings which are randomly followed by simulated phishing emails. The phishing templates are updated every day based on trends that KnowBe4 sees occurring in the real world. Clients use these templates to phish their own firm, learning who is vulnerable to scams and who needs training.
In August 2016, Stevenson launched KnowBe4 firm-wide by taking the following steps:
Introductory meetings: Stevenson visited all of the firm’s offices and held required meetings (people could attend in person or view a recording later) in which he explained the program and why it was critical to firm success. He gave examples of security breaches at other firms and even some internal issues that they had already faced. He also explained the cost of security failures to the firm’s bottom line. Then he explained how KnowBe4 would work.
Training modules: Then, Stevenson launched the KnowBe4 training modules. Each participant was required to watch the 45-minute training, and then had a timeframe within which they had to watch several additional 15- to 20-minute videos.
Phishing campaign: After the deadline had passed, Stevenson launched the phishing simulation campaign using templates provided by KnowBe4.
“I received lots of positive feedback on the training and the program itself,” says Stevenson. “It’s about as painless as online training can be.”
He also says it’s been effective at raising awareness around the firm.
“A lot of people were surprised; they didn’t know what they didn’t know!” he says. “The simulations opened lot of eyes. I was pleased at the number of people who reported suspected phishing. We had a 20% fail rate and now I know how to re-focus my training efforts for the next campaign.”
He also said that people are reporting more suspicious emails to him, helping to avoid potentially harmful and expensive security breaches.
“Just last week, I had someone report a phishing attempt to me,” he recalls. “It looked like a Dropbox email from a client but, because he knew what to look for in the email itself, he thought it looked suspicious. He forwarded it to me and then called the client. Turns out the client’s account had been compromised and he didn’t send that email to us. We averted a security crisis.”
The KnowBe4 program also includes marketing collateral, such as posters, for firms to use internally to keep security awareness at the top of people’s minds.
Stevenson says the security trainings will be offered on an ongoing basis and he plans to launch simulator phishing campaigns twice a year.
To learn more about KnowBe4 and to see a free demo, contact me: Doug@SavvyTraining.com