Hybrid working: how can firms manage the risks?
By Julie Norris
Julie Norris considers the problems presented by hybrid working
Hybrid working is now the new normal for many firms – and it offers significant advantages – but we should also be prepared to manage the risks. Hybrid working is revolutionising the way in which firms operate, as it is in so many other sectors. According to a survey by Thomson Reuters, nearly nine out of ten (86 per cent) of UK lawyers would prefer hybrid working, so that they can work remotely at least two days a week, while nearly two thirds (65 per cent) reported that remote working has had a positive impact on their well-being.
The pandemic and lockdown have accelerated a longstanding shift in attitudes towards working practices. Given that the benefits of hybrid working include better work-life balance, improved productivity and greater flexibility, it is likely those firms that cannot offer these new working models will struggle to attract and retain the brightest and best talent.
What are the risks?
However, this rapidly developing new trend introduces a number of challenges. For example, is client due diligence (CDD) still being undertaken as it should in accordance with the law and the firm's policies? How can firms ensure they can protect themselves against cybercrime and that their information continues to be secure? There are also questions about how to supervise and support more junior members – and how to ensure that all staff have healthy working environments, and their physical and mental health is protected.
Mitigation
There are a number of steps firms can take to minimise any potential downside of hybrid working, while realising all it has to offer. First, they should consider whether their AML policies, controls and processes are appropriate for these new working arrangements. When working remotely, just as they would in the office, staff should have ready access to CDD policies and documentation. The firm should consider refresher training, for example, on identity and verification (ID&V) in a remote world, as well as looking to adopt electronic methods of ID&V such as video calls with new clients. Third party, specialist providers can help here – and useful guidance can be found in the FATF guidance on digital identity.
Phishing
In a recent report, the SRA identifies three main IT threats: phishing, ransomware and attacks on third parties and providers that are contaminating law firms computer systems. To reduce the chances of finding themselves subject to these growing threats, firms will need to ensure IT security becomes part of the firm’s mindset – wherever its people are based. Staff should be encouraged to report security breaches in a no-blame culture, while anti-cyberattack systems should be able to cope with distance working. Anti-virus software must be configured to proactively scan devices, attachments and downloads, even if a device never comes into the office.
Copyright & permissions
.jpg&w=3840&q=60)
![Re Beth [2026] EWFC 156 (B): Family Court identifies perpetrator of non-accidental injuries in infant fact-finding proceedings](/_next/image?url=https%3A%2F%2Fimages.iicj.net%2Farticle%2Ffeature%2FSwindon_%2C_The_Law_Courts_.jpg&w=3840&q=60)
![The Local Authority v The Mother [2026] EWFC 166 (B): Resolutions assessment refused and special guardianship order made in non-accidental injury proceedings](/_next/image?url=https%3A%2F%2Fimages.iicj.net%2Farticle%2Ffeature%2FThe_Royal_Courts_of_Justice_-_geograph.org.uk_-_2952836.jpg&w=3840&q=60)
