Firms are placing clients and staff at ‘significant risk’ by failing to pay attention to the impact working from home could have on compliance, a survey of 3,500 firms has found.

According to a study by software provider Access Legal, over 40% of practices have not fully updated their cybersecurity policies since moving to remote working in March last year. Meanwhile, 49% of firms surveyed said they had not carried out a data protection impact assessment (DPIA), which is designed to identify data risks.

‘By not carrying out a DPIA, client data could be at high risk from cybercrime and data loss, especially if this data is being accessed and stored using an employee’s personal IT equipment that may not have appropriate security software installed and is accessible by other members of the family,’ Access Legal said.

Home office

Homeworking: Gaps in solicitors’ cybersecurity, data protection and AML measures have been identified

Source: iStock

The study also found that around a quarter of firms neglected to review their health and safety assessments when staff were forced to work from home during lockdown, and 40% of firms had not reviewed or updated their anti-money laundering risk assessments.

Brian Rogers, regulatory director at Access Legal, said: ‘Although most firms appear to be doing the right things, there are quite a few that are placing themselves, their staff and their clients at significant risk. We urge these firms to take urgent action to ensure they seek help to address the gaps highlighted. As well as the compliance issues, there were also evident disparities in competency and supervision arrangements, policies and procedures and business continuity plans.’

Last month, the Solicitors Regulation Authority started its promised enforcement action against firms that put off fulfilling their anti-money laundering obligations, fining six firms which took more than a year to comply with new regulations. The regulator has also warned that staff who work from home might be at increased risk of cyberattacks, urging firms to be ‘extra vigilant’.

According to Access Legal’s survey, the majority of firms intend to keep an element of remote working once the pandemic has passed, with 85% of respondents planning to offer a mix of home and office working.