Remote and hybrid working is now the norm in most UK law firms and accountancy practices. Fee earners draft from home, partners review on the move and finance teams close month-end from a mix of locations. The flexibility is no longer optional. The security risk it introduces, however, is not always fully understood.
For regulated firms, the question is not whether remote working is allowed. It is whether it is being done in a way that an insurer, regulator or client would consider appropriate.
Why hybrid working changes the risk picture
When work was confined to the office, the boundary was clear. Today, that boundary is wherever a partner has Wi-Fi. The risk shifts in several ways:
-
Personal devices may be used to read sensitive client data
-
Home networks vary in security from excellent to non-existent
-
Public Wi-Fi is used by some users in stations, hotels and cafes
-
Phishing increasingly targets remote workers who are away from colleagues
-
Documents are downloaded to local devices that are not centrally managed
-
Family members may have access to shared devices used for client work
Each of these is manageable. None of them is managed by accident.
What good hybrid working security looks like
For a managing partner or FD, the practical signals of a well-managed hybrid environment include:
-
Firm-managed devices for fee earners, with full-disk encryption and device control
-
Multi-factor authentication on every system that touches client data
-
Conditional access that blocks unexpected logins and risky locations
-
Clear policies on personal device use, with technical enforcement where possible
-
Secure remote access to case and practice management systems
-
Awareness training that reflects how your firm actually works, not generic content
These controls do not slow down good fee earners. They simply make it harder for a bad day to become a regulatory event.
Making hybrid working defensible
The most useful step for a regulated firm is to write down, clearly, how hybrid working should be done and to evidence the controls behind that policy. That makes the conversation with regulators, insurers and clients much shorter, and the firm much more resilient when something goes wrong.
EPX IT supports UK law firms and accountancy practices in designing secure, practical hybrid working environments that respect both fee-earner productivity and regulator expectations. If you would like to review where your firm stands today, our team is happy to help.
