Skip links

Secure Remote Working for Regulated Firms


Most regulated firms I speak to these days are keen to embrace the commercial benefits that remote working can deliver for their firm, allowing their fee earners to work from home or other remote locations, thus maximising their time and productivity as well as facilitating more flexible working practices.

However, given the wealth of highly confidential data that regulated firms are dealing with on a daily basis, there are naturally also concerns about the implications of providing remote access and whether this could compromise client confidentiality, SRA compliance or data protection.
There is no doubt that a myriad of risk management issues exist around cyber security, as those who read my previous blog Effective Cyber Security for regulated Firms [link to previous blog] will have seen.
However, there is much that can be done to mitigate these risks, and enjoy the best of both worlds, by deploying well designed, well managed, highly secure technologies that ensure that no data ever leaves the security of your regulated firm’s servers or data centre.

Case Study

As an example of this, I’d like to share a recent implementation we have completed for a UK regulated firm, where there was a pressing business need to provide secure remote access to all their systems for their fee earners.  In this case, the solution designed allowed nominated staff to access their full computer desktop from any internet connected laptop or computer, at any location.   As well as the normal office suite of applications and email, the system provided fee earners with full access to their practice management software, dictation software and all their files.  They key here was that all data and applications remained at all times on the regulated firm’s highly secure, tightly managed back-end servers, with the end user device effectively just providing a “window” into that system.    In this manner data remained centralised, subject to the firm’s stringent security policies, safely backed up and never being transferred to individual fee earner’s personal devices.  A number of additional layers of security were also put in place, including 2 factor authentication via SMS message, which requires a logon from outside the office to be authenticated via a text message to the individual’s mobile phone, thus providing an additional level of security over and above a password alone.
In other cases, where regulated firms are receiving emails on their personal smart phones, and thus copies of potentially confidential data has been transferred outside the secure environment of their servers, we work with their in-house IT department to implement robust mobile device management solutions.  These provide the firm with the control needed over corporate data that is on staff members’ own devices, but cleverly allow a separation of work and personal data on the smart phone so that the firm has all it needs to control data from a compliance perspective, but that control does not interfere with or extend to the user’s personal applications and data, such as photographs or personal emails.   As well as pin protecting company email, such solutions can be configured with a variety of policies that allow the network administrator to lock or wipe the corporate data from the device remotely and immediately in the event of an issue such as a device being mislaid or a staff member leaving.
So, whilst nothing in life is completely without risk, with the right advice, people, technology and structured processes in place, there are certainly effective ways that regulated firms can achieve mobility without compromising confidentiality or compliance.
Over coming blogs, I will be exploring in more depth some of the key issues around successful use of IT in regulated firms, including protecting both client confidentiality and the structural and financial stability of your regulated firm, through appropriate risk management. In the meantime, if you would like to know more about secure remote working solutions for regulated firms, please do not hesitate to contact me on 0118 920 9600 or email when I will be happy to arrange a no obligation conference call.
Established in 1994, Connexion Ltd provides IT consultancy, IT services and IT support to mid-size regulated firms, solicitors and legal services companies throughout the UK. Our focus is on delivering IT solutions that create real value to our clients' firms. Working closely with our customers’ in-house IT Managers, our structured and managed approach to delivering IT is paramount in ensuring our clients can maximise the business advantages technology can offer them, whilst minimising their risks. For more information about our services for regulated firms please visit our website

Rob Leverton

Rob has worked as an IT technician and project manager with Connexion for 14 years before moving into his current role as head of the technical services team.

Although Rob comes from a technical background he’s very much a people person and he is exceptionally good at building excellent working relationships with our customers and his technical team to deliver service excellence to our clients.

Rob Leverton

James Stratton

James is passionate about technology and how it can transform business.  Having worked with hundreds of businesses in many different sectors over the last 25 years he has a huge amount of business IT knowledge that he enjoys imparting to Connexions customers.

James is responsible for Connexions strategic development and also still enjoys a role in consulting and sales and marketing