OnGuard® Information Security Awareness Fosters a Strong Security Culture at Kramer Levin
Kramer Levin is a global law firm known for providing its clients proactive, creative and pragmatic solutions to challenging legal issues. The firm recognized early on the looming challenges of information governance and cybersecurity and has taken steps to protect both its clients and the firm.
Law firms are entrusted with highly confidential data, which makes them targets for cybercrime activity. State and federal regulators have increased requirements for corporations, particularly in the financial services industry, to securely manage and protect critical business data.
The Gramm-Leach-Bliley Act, FISMA, ISO, Insurers and other regulatory bodies require organizations to implement information security programs. These organizations, in turn, require detailed security audits to validate compliance by the law firms they retain.
Kramer Levin decided early on that the firm would make leadership in cybersecurity a key pillar of the firm’s strategy. By investing strategically in cybersecurity strength, the firm could provide effective protection of client data, reduce risk and build client confidence in the firm’s expertise and capabilities.
Initially, the firm conducted regular internal phishing tests to build awareness of cyber threats among employees. Over time, this testing reduced the risk of employee security errors by over 80 percent, and employees showed an interest in learning more. That’s when CIO and Managing Director Joe Palmeri knew that the firm was ready for a broader security awareness program. The goal of the new program would be to educate all 700 employees on information security and to weave security awareness into the very culture of the firm. He teamed up with Chris Brady, Associate Director - Training & Document Processing, to frame their vision and put a security awareness program together.
Joe and Chris invited the firm’s senior director of security and the information security manager to work with them on defining requirements for a new security awareness program. The cybersecurity landscape is continuously changing as hackers find new ways to access information, so creating a culture of consistent awareness of threats is important. The Kramer Levin team knew it would be essential to keep all employees up to date on the latest phishing, malware, ransomware, social engineering and other types of attacks.
They agreed on three key requirements for a security awareness program:
Dynamic, regularly updated content to keep abreast of changing cyber threats
Customizable by the firm to include firm branding and convey executive support
Easy for employees to access for self-guided training
Most important, the firm recognized that security awareness would not be accomplished with a single training event or by posting canned content on the network. This would be a living project with full endorsement and participation of the senior executive team.
Selecting a Best-in-Class Security Awareness Program
The selection team reviewed several available training programs. Some of the programs offered pre-recorded content on DVDs, but did not offer regular updates to training content. A review of the Traveling Coaches OnGuard® Information Security Awareness Program revealed that it met all of their key requirements.
OnGuard® focuses on informing employees about information security risks, communicating the business reasons for strong security practices and encouraging professionals across the firm to change their behaviors. The OnGuard program is turnkey, including online content, knowledge checks to measure learning, reference materials, marketing materials and more – all of which provide a strong foundation for a security-conscious organization.
The management team and board were impressed by the quality of the training content. They particularly liked that Traveling Coaches delivered several internal communications and training pieces, including a security awareness video “commercial” to introduce the program to employees, posters to promote the program throughout the firm, and easily customizable template communications and presentations in Word and PowerPoint.
“The program from Traveling Coaches was well-thought-out and the most complete that we found. Videos, posters, collateral and employee reinforcement messages, combined with our live town hall session, gave every employee an opportunity to learn about cybersecurity in the mode that works best for him or her.” — Chris Brady, Associate Director - Training & Document Processing
Implementing a Living Program, Not a One-Time Project
To kick off the program, Traveling Coaches provided two full days of consulting and preparation with the executive team. This helped firm management and stakeholders anticipate and deal with the challenges of getting busy attorneys and employees to appreciate the critical importance of cyber safety. In this strategy session, the management team lined up key leaders — from managing partner to security director, CIO and training director — who each played active roles in live training, program management and ongoing monthly communications.
Traveling Coaches also delivered a “boot camp” program for IT, training and help desk staff members to build on their understanding of cyber threats to law firms and to prepare them to support the program internally.
Providing Always-On, East Access
The OnGuard® program resides in the LegalMind® Learning Portal — a site managed by Traveling Coaches. LegalMind® leverages the latest technologies to provide relevant information for learners based on job role, professional development goals and learning style.
Kramer Levin chose a multi-year subscription for OnGuard®, ensuring the firm has high-quality content on emerging topics in security on a monthly basis. When new content becomes available, employee communications, posters and incentives drive up participation.
Capturing Interest, Driving Engagement
Joe and Chris described several of the key efforts that made the program a success:
The live town hall-style kickoff meeting with employees across all offices achieved a 96% attendance rate.
Meetings were informal and informative, and CLE credit was appealing to attorneys.
The first town hall meeting was captured on video and included in new employee onboarding.
A Daily Digest of security topics, provided by Traveling Coaches, allows the training team to keep the momentum and attention up with continuing news and education.
Fresh educational topics each month contain up-to-the-minute security tips and information.
The Kramer Levin team attracts employee attention and participation with opportunities to win drawing prizes.
Topical posters provided by Traveling Coaches help inform employees as they circulate in conference rooms, in the cafeteria and around the office. The training team customizes the poster to announce new training modules, live sessions and other events.
Increased Employee Engagement
The training team was delighted to report a noticeable increase in employee interest and engagement in current events and news related to cybersecurity, data breaches and related issues. “Since the introduction of OnGuard, we definitely receive more calls, questions and ad hoc comments, reflecting an active engagement by employees – a true barometer of awareness,” Joe Palmeri reported.
The program tips are relevant to employees both in their work at the firm and in their personal lives. For example, recent monthly alerts included tips on holiday scams and identity theft. Employees stay engaged with the content because it’s truly interesting, actionable and easy to understand.
The firm routinely shines in audits with clients and prospective clients. The Traveling Coaches OnGuard® program has helped the firm clearly communicate the comprehensiveness of the internal security awareness training and ongoing monitoring and evaluation of the program.
A Security Conscious Culture
“The LegalMind Learning Portal is an important part of our culture today – a culture that is far more security conscious than it was at our first town hall in the spring of 2016.” – Chris Brady, Associate Director - Training & Document Processing
Nearly two years after the initial rollout of OnGuard®, the firm plans to conduct another series of live town hall sessions for employees to reinforce the strategic importance of information security and to prepare for another active year of training.
“OnGuard Information Security Awareness is an excellent education program that has been very effective for us. We have built on the Traveling Coaches foundation, and the program is still thriving after two years. I would recommend Traveling Coaches and their OnGuard® and LegalMind® products without hesitation.” – Joe Palmeri, CIO and Managing Director