Firms are placing clients and staff at ‘significant risk’ by failing to pay attention to the impact working from home could have on compliance, a survey of 3,500 firms has found.
According to a study by software provider Access Legal, over 40% of practices have not fully updated their cybersecurity policies since moving to remote working in March last year. Meanwhile, 49% of firms surveyed said they had not carried out a data protection impact assessment (DPIA), which is designed to identify data risks.
‘By not carrying out a DPIA, client data could be at high risk from cybercrime and data loss, especially if this data is being accessed and stored using an employee’s personal IT equipment that may not have appropriate security software installed and is accessible by other members of the family,’ Access Legal said.
The study also found that around a quarter of firms neglected to review their health and safety assessments when staff were forced to work from home during lockdown, and 40% of firms had not reviewed or updated their anti-money laundering risk…
