As the number and types of cyber-threats multiply, regularly updated security policies must be developed and additional training provided to ensure law firms’ users are aware of such threats and how to avoid them. Unfortunately, there is usually a disagreement between users and IT staff about users knowledge and ability to recognize and circumvent an attack.

Go_Way_Trouble_NYPL.jpgThere is a distinct divide between what IT administrators feel about security and the impressions of a law firm’s general users. While most administrators feel users need more training to better recognize security-compromising events, i.e., email phishing attempts, many end users feel they are already able to spot when they are the victim of a sophisticated phishing attempt. It is important that the firm’s IT department and managing team are on the same page when it comes to information security and the amount of training required to support the firm’s directives and legal and ethical requirements.

The receptionist has as much access to the network as the top partners do. A hacker can escalate privileges and gain access using the receptionist’s account as easily as that of a top partner. So why wouldn’t the receptionist receive the same training when it comes to security? Put together a security policy for the firm and conduct training on a regular basis to support that policy. Standardize new-hire training to include the security policy adopted by the firm.

With the rise of ransomware, whaling and other forms of cyber-crime, your law firm’s most important defense is a well-trained staff.


Download our recent article for more advice on countering the “Top 5 Cybersecurity Threats Facing Law Firms.”




This is the third post in a five-post series on hardening your law firm against cybersecurity threats. The first post was on Hashcat and password security and can be found here. The second post was on cybersecurity solutions. Part four will be published next Tuesday.