PRO Partners

Home security: managing cyber-risk for long-term remote working

Brian RogersWhen the UK first locked down almost a year ago, even law firms with a deeply rooted culture of presenteeism had no choice but to adapt quickly to remote working. Concerns that people might be less productive or ‘available’ at home were overshadowed by the unfolding events. 

No matter how well-equipped they were, firms didn’t only have to maintain continuity of service to clients but also manage cyber-risk in this highly regulated environment.

Staff-owned devices, which hadn’t undergone the usual IT checks, created vulnerabilities for some law firms, especially if they were running unsupported systems like Windows 7. Poor communication and lack of supervision could have been another issue, leading people to install unauthorised applications or find a workaround rather than asking for help.

The past year has been an opportunity for firms to take stock of their security practices and the steps they can take to limit the chances of a damaging cyber-attack and data protection breach.


According to one study[1], more than half of firms are increasing their technology spend because of the pandemic and it’s worth noting where this is being channeled. As many as 77% say their priority is ‘remote working and agile teams’ and just under half said cyber-security. The survey also revealed a clear appetite for process automation, business intelligence and client collaboration.

This is clearly good news and could be a major change of direction  for the industry. Technology empowers workforces to be more efficient, productive and compliant, whether they’re at home or in the office. It promotes greater collaboration and transparency, improving workflows rather than creating barriers. Had it not been for the pandemic, widespread remote working might have remained a distant possibility for years. Now it is a reality, what steps can firms take to make it a viable long-term option?

Moving to the cloud

Choosing a Software as a Service (SaaS) platform with strong security credentials is an obvious first step. Moving to a cloud-based case management system means fee earners can access all their case files in one place, track real-time progress and securely send, receive and digitally accept documents, all via their web browser. 

As well as being able to communicate seamlessly with clients, they have the peace-of-mind that documents are stored securely on the cloud. The system should be intuitive and enjoyable to use, so they don’t have to devise new and risky ways of working.

Another benefit of moving to the cloud is you don’t need to access on-premise servers using a potentially insecure VPN. Automatic software updates add another layer of security, removing the burden on employees to run them (and the risk they won’t).


Multi-factor authentication for business applications used by employees  is easy to implement too. All they have to do is enter a validation code received by text message to confirm who is logging on, as they might do with online banking. This can significantly reduce the likelihood of data falling into the wrong hands and provide the assurances firms need when developing remote working policies.

Human error might be the cause of most data breaches but it’s important to remember that people are your first line of defence too. Regular training instils the right competencies and behaviours across the workforce and can be delivered remotely using eLearning courses.

A National Cyber Security Centre (NCSC) accredited eLearning module on cyber awareness and resilience, for instance, can be as effective as an in-person session but with greater flexibility. Completing modules on a ‘little and often’ basis, enables people to build training into their day and apply the teachings to their work. It also means new starters, currently onboarding at home, are empowered to grow their knowledge and adhere to security policies from the moment they join. 

From a compliance perspective, a learning management system (LMS) helps firms to plan, track and evidence training, and signpost people to relevant eLearning courses.   

By now, you’ll have a good idea of what’s worked well and what hasn’t during this period of remote working. When you support professionals to do their job well, communicate and follow policies and procedures, they’re far less likely to cut corners or find risky workarounds, whether they are at home or in the office. Ultimately, this is the best way to remove barriers to home working and safeguard your firm’s data and reputation.

[1] Source: Briefing/HSBC Law firm strategy and investment survey, October 2020 (cited in Briefing, February, 2021)

Brian Rogers FCMI, Regulatory Director at Access Legal - is a client-focused regulation & compliance specialist who has helped regulated legal entities meet their regulatory, compliance and accreditation obligations for 30 years, in areas such as risk, regulation, compliance, data protection, anti-money laundering.

For more details on Access Legal visit

Copyright © 2023 Legal IT Professionals. All Rights Reserved.

Media Partnerships

We offer organizers of legal IT seminars, events and conferences a unique marketing and promotion opportunity. Legal IT Professionals has been selected official media partner for many events.

development by