As the number and types of cyber-threats multiply, regularly updated security policies must be developed and additional training provided to ensure law firms' users are aware of such threats and how to avoid them. Unfortunately, there is usually a disagreement between users and IT staff about users knowledge and ability to recognize and circumvent an attack.
There is a distinct divide between what IT administrators feel about security and the impressions of a law firm’s general users. While most administrators feel users need more training to better recognize security-compromising events, i.e., email phishing attempts, many end users feel they are already able to spot when they are the victim of a sophisticated phishing attempt. It is important that the firm’s IT department and managing team are on the same page when it comes to information security and the amount of training required to support the firm’s directives and legal and ethical requirements.