Cybercrime is growing. And law firms are squarely in the criminal’s cross hairs. In the last year, 60% of law firms reported an information security incident – almost a 20% increase from the previous 12 months. Technical solutions are part of the answer, but increasingly your staff are being targeted by phishing emails and other scams. Therefore, educating staff to be vigilant is the greatest single cyber security improvement a firm can make.
A cyber security awareness programme should be relevant, engaging, concise and measurable. Also ensuring regular, ongoing reinforcement of basic principles helps to embed culture change.
Foundations for success
The following key components will help to make your cyber awareness programme highly successful:
- Champions: Champions in teams throughout the firm will help spread the word and maintain momentum
- Communication: Collaboration across teams is critical. HR, training, legal, compliance and many other areas will all have a role to play and a view to consider
- It’s not just about work: Helping staff improve their cyber behaviours in their personal lives is more likely to translate into better cyber behaviours in their corporate lives
- Make it fun and engaging: Use of social engagement and gamification techniques will help bring your education programme to life, make it feel less like training to ensure knowledge is more easily retained
- Track your improvement: Ethical phishing campaigns provide a great source of benchmarking and trend analysis to show how well your staff are responding to the awareness programme
- Recognise people for the right behaviours: The carrot is always better than the stick. People should be positively recognised and encouraged to report concerns, even if they may have been the cause
Where do I start?
Start by addressing a single high-risk area such as phishing which, according to the UK’s National Cyber Security Centre is currently the most significant threat to law firms . It’s a great way to effect real behavioural change. Once embedded, it can then grow to include other risk areas such as password security, social media, information handling and other relevant subject areas.
Investing time and effort into your cyber awareness programme and embedding a cyber aware culture will provide confidence in your ability to be resilient to the cyber threats your firm faces.
BLOCKPHISH provides law firms with the ability to improve their resilience against phishing attacks. We deliver simulated phishing emails and awareness learning to your staff, specifically tailored to emulate real-world cyber threats. BLOCKPHISH aims to improve recognition and understanding of these threats, and reduce the possibility that a phishing email will compromise your security or lead to a sophisticated cyber-attack.
We provide a vast and broad cyber consulting capability to ensure your firm receives the guidance and expertise it requires to strengthen its defences against cyber-attacks.
Support the creation and realisation of an appropriate cyber strategy from managed Security Operations Centres (SOCs) to the delivery of manged ethical phishing campaigns.
- We will help you to understand the cyber risks your firm faces and identify, establish and operate a robust and pragmatic governance and management system to address those risks
- Assess your people, process and technology solutions and deliver a remediation and improvement plan to mitigate any vulnerabilities
- Provide first responder capability in the event of a cyber incident to the stem the impact of an attack, restore services or data quickly and prevent repeat occurrences.
- Embed cyber aware behaviours within your firms culture to reduce your vulnerability to cyber-attacks.
- Deliver cyber simulations and incident and crisis simulations for key staff to ensure your firm is best prepared to respond effectively in the event of a cyber breach
- Provide training and professional development for your security professionals
- Assess and support you in your journey to comply with the EU’s General Data Protection Regulation (GDPR) and ensure you avoid the high penalties (4% of global revenues) for non-compliance
- Our Certified consultants deliver assessment services including Cyber Security Risk Assessment, Cyber Security Strategy & Architecture, Cyber Essentials, PCI DSS, ISO27001, UK DPA and other internationally recognised standards