By Jay Stromberg bio
A recent study shows that cybersecurity breaches aren’t caused by issues with your firm’s hardware or software; it’s your people. But, come on, I’ve been saying this for years. Still, it’s nice to have (yet another) study to prove my point.
In this case, SolarWinds reported that human error is by far the leading case of security breaches. I mean, seriously, humans are WAY outpacing the machines and other tools in terms of mistakes.
HelpNetSecurity.com reported on the study, saying: “Internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organization’s network or systems (31%).”
Put another way, unwitting employees are actually doing more than twice as much harm to corporate America than hackers are.
Here are some additional stats from the study:
Cybersecurity threats leading to security incidents within the past 12 months:
- 15% – Malicious employees stealing assets &/or IP
- 31% – External threat actors infiltrating organization network &/or systems
- 36% – Exposures caused by poor network system &/or application security
- 3% – Other
- 80% – Users making mistakes that put organization at risk
The number-one way to protect your firm
The hands-down most effective way to protect yourself and your law firm (and your clients) from hacker attacks is to educate your entire firm to recognize, isolate and report suspicious emails. In other words, you need ongoing security awareness training, and this training should include:
- Continuously updated phishing templates that mimic the very latest attacks
- Phishing templates that you can customize
- Phishing campaigns that you can release at the press of a button
- Reportable results down to individual users
- Training materials to support in-person and online (LMS) learning
I’ve studied many security awareness training companies and my favorite is KnowBe4 because I think it offers the best content for law firms, makes the trainings as easy as possible on administrators, and it works.
The KnowBe4 simulator enables you to create compelling, fake emails, push them out to your firm, track the people who are vulnerable, and educate everyone to be more astute when they click. Here’s how it works:
- Upload your users to the system
- Launch a baseline phishing test using any number of templates
- Using the results from that phishing test, launch targeted trainings to help your employees be more discerning clickers
- Every month, send out another phishing campaign
- Track improvements down to individual users over time