The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA BEST PRACTICES 10 Private security firm Mandiant identified 141 organizations in the U.S. and other English-speaking countries that were allegedly hacked, including five classified as legal organizations. This is not surprising, since law firms are considered soft targets for hackers. When hackers cannot get to corporate data directly, they often try a back door like the law firm representing a corporation. Your IT department may work hard to ensure that your firm is not a "soft target," but technology alone cannot keep the firm secure: the greatest security risks are often found in people's innocent, habitual or thoughtless actions. You need to change behaviors in order to protect your firm, which is why you need a security awareness training program. PEOPLE HOLD THE POWER A successful security program comprises well-developed policies that reflect business needs weighted by known risks, individuals informed about their responsibilities and established processes for monitoring and reviewing the program. Many organizations excel at defining policies and monitoring for attacks, but often fail at adequately informing people of their responsibilities. Law firms must create security awareness programs that change user behavior to adapt to a constantly evolving threat. We often relate security with computers, but security awareness is not another technology training course where participants are trying to master technical skills, and building them might require a skill set your in-house trainers do not possess. Technical course trainers are often the subject-matter experts developing the course alone and focusing on how to accomplish certain technical tasks. Those developing security awareness programs recognize the behavioral component of the work and that the motivational factors involved differ from technology training courses. These trainers will need help from subject-matter experts since the knowledge shared in the program will likely be new to the trainers. The program will also require collaboration and cooperation from many others outside of IT, including firm leaders to explain why people need to be aware of security risks plaguing law firms; and those in marketing for branding, messaging and assistance with collateral materials. About the Authors Tami Schiller, Client Engagement Specialist at TutorPro Ltd., has focused on legal technology training for over 15 years. She possesses a strong commitment to seeing individuals achieve their potential for technical competency and is always looking for innovative ways to deliver learning opportunities to busy legal professionals. By recognizing emerging trends and willingly sharing with others, Tami supports the legal community as it navigates through the rapid changes to business practices and technology innovations. Contact her at tschiller@tutorpro.com. Change Behaviors Through Security Awareness Training On May 19, 2014, the U.S. Justice Department filed criminal charges against five members of the Chinese military, accusing them of hacking into computers in the United States. Security awareness is a behavior your firm must work on every day, and your trainer must hear this early and often.