In the history of IT and cyberthreats, there has never been a more critical time for law firms to employ security awareness training than now. With attorneys, legal assistants, paralegals and everyone else working from home, the opportunity for cyberattacks to succeed are greatly improved. It may appear that, because you have the same security measures in place, you should be equally protected, but there’s one major factor that tips the scales in the favor of the cybercriminal – your users working from home.
While the shift to have employees work remotely largely focuses on empowering employees to remain productive, despite being away from the office, law firms also need to shore up their security by taking a proactive stance in leveraging security awareness training for three reasons:
Cyberattacks focus on employees as targets – Phishing attacks remain the single-most common attack vector to allow the bad guys direct access to your organization’s endpoints, credentials, applications, and data. If a phishing email is presented to one of your employees, it means your security solutions haven’t detected it as malicious, leaving the employee to be your last line of defense.
Employees aren’t thinking about organizational security – Think about it; your average remote worker is sitting at a make-shift desk, trying to balance helping their kids with distance learning assignments and attending online meetings. They’re learning new digital workplace platforms, applications, and processes before they even shower for the day. Security is the last thing on an employee’s mind.
Attacks and scams are increasingly aligning with remote working – Cybercriminals conjure up scams that seem familiar to users. The use of shipping, billing, and banking stories, as well as the use of impersonated domains, businesses, and people, all have traditionally worked in favor of the bad guy. But, new scams are being molded around the current work circumstances. For example, we’ve recently seen the massive growth in Zoom-related attacks simply because of Zoom’s increase in popularity for business use. Organizations should expect this to trend.
Security awareness training does two things very well. First it educates the user on the importance of their participation in the firm’s security. These recent times provide great perspective about how quickly a job can disappear. So, teaching the user that their security efforts make a difference in keeping the organization’s proverbial doors open is an important part of security awareness training.
Second, security awareness training keeps users current with attack trends, scams, methods, and more, so they become vigilant in their thinking and keen in their ability to identify a suspicious-looking email, text, voice mail, or phone call. Training users to err on the side of caution is a powerful asset in the war against cyberattacks.
In this alternate universe of work scenarios, organizations need to work differently from the in-office ways used just a month ago, and also keep the firm secure by putting some of the responsibility onto the user; utilize your employees as a layer of your organization’s defensive strategy against cybercriminals.
Security Awareness Training Offered by Savvy
As a leading legal-specific channel partner with KnowBe4, the world’s most popular security awareness training and simulated phishing platform, Savvy Training & Consulting can help protect your law firm from cybercriminals. Contact us today to get started.