Top 10 Tips: Effective Cybersecurity Awareness Training for Law Firm Employees
September 29, 2021
We can speak authoritatively about cybersecurity awareness for law firm employees because we give this training so often. Here are some of our tips to ensure you maximize the effectiveness of your training.
1. Take cybersecurity awareness training seriously and do it right.
A significant recent statistic is that human beings are involved in the success of 82% of cyber attacks. They tend to have crummy passwords, they reuse and share passwords, they click on links or attachments without thinking, they get emails which seem improbable and yet respond to them, and the list goes on and on.
We used to say that you should do training once a year but as things are moving faster and faster, we think it’s better to do it twice a year.
Employees need reiterative training. They simply forget what they were taught. Also, the threats and the defenses keep changing, so it really is hard to keep up. We would advise not to be tempted to use in-house IT to do the training for budget reasons. They’re not training professionals and they don’t carry the big bat needed to hit the lessons home. If you’re going to hire some to train, which is what most people now do, get some referrals from your friends.
Effective presenters have to be good entertainers as well as good teachers. Our own one-hour training sessions are either $500 or $1,000 depending on the customization involved. Small law firms can afford that. We recommend training be limited to one hour because after that, the attendees do tend to go numb. You can do a lot in an hour!
Training is definitely better live but it is not likely the predominant way of the future. Most law firms are now having virtual training and we see that continuing for the most part. Make sure you track the attendance and ask those who are giving the training to give you a recording to use later in case some employees can’t make it which always seems to happen.