An Information Security Awareness Program is an organized effort to make employees and customers aware of risks to personal and institutional information and information technology, and to provide them with the skills and knowledge necessary to avoid those risks. While the program can be focused on one specific group (e.g., leadership), to be effective in its maturity the program should address all stakeholders, including leadership, employees, customers (i.e., students), and partners (i.e., external service providers). As explained in the CSO article “Seven Elements of a Successful Security Awareness Program,” the program should include C-Level support, partnering with key departments, creativity, metrics, ‘how-to’ information, and multiple methods of delivery.
“Cyber insurance coverage is a valuable and practical member benefit for lawyers offered through the ABA Insurance portfolio,” ABA President Linda A. Klein said. “As the number of cyber breaches increases everywhere and throughout all industries, it is critical that lawyers and law firms that rely on vast amounts of electronic data are protected.
Sherri Davidoff presented “Cybersecurity Training for Law Office Employees,” Everyone in your office should be trained, including lawyers, support staff, first-responders (IT personnel) and clients. Client portals for law firms are popular, but portal users must be trained, sometimes on a one-on-one basis.
Governments as well as private sectors has largely missed out on that transformation of data protection due to poor management of technology investments, and taking years longer than necessary to deploy, and delivering technologies that are obsolete by the time they are completed.