Protecting remote access for a busy law firm
Capsticks is the leading national healthcare law firm and also has unrivalled expertise within the social care and social housing sectors. The firm has its head office in London and regional offices in Birmingham, Leeds and Winchester.
Capsticks acts for more than 200 healthcare clients, including NHS trusts, CCGs, regulatory bodies, charities and independent healthcare providers, and 150 registered housing providers. Key clients include the NHS Litigation Authority, First Wessex, The General Dental Council, Barts Health NHS Trust and Sovereign Housing association.
For a number of years, the company had had a remote access system in place – its lawyers were able to log on from home or other remote locations, which helped boost the firm’s productivity and give employees more flexibility in their work structure.
But remote access was only secured with a password. With over two thirds of security breaches being down to weak or stolen passwords, Capsticks’ IT team were hyper aware of the vulnerability of the firm’s systems. As Tim Bond, head of IT at Capsticks explains, “as a law firm, many of the cases we deal with are very sensitive, so the data we store is confidential. We were conscious that where our remote working environment was concerned, our security was only as good as the weakest password used by our employees. We needed to find a solution and quickly.”
In addition to increased security, it was vital for Capsticks and its team of busy lawyers that the solution was a user friendly one.
Multi-Factor Authentication (MFA) – The answer
The IT team’s remit was to source a simple to use, non-intrusive system that would not be an additional burden for users. From researching various solutions, Tim says, “We liked the idea of a token-free solution that would involve no additional hardware for users to carry with them.”
Tim and his team knew that token- based security would be more costly and having extra hardware to manage would take up a lot of their time. They found that MFA, which uses a number of variables to validate users and providing passcodes via employees’ phones – a piece of hardware they would rarely be without – was a much better option that would be more cost effective and easy to manage.
Capsticks selected CensorNet’s MFA solution to provide authentication for its VMWare Horizon View remote working system, in addition to Outlook Web Access and has recently added the Password Reset Module to enable users to reset passwords quickly and securely from a self-service portal. This has reduced help desk calls, which has benefited the IT team and improved user productivity for employees using the system.
Tim says, “The solution was very straightforward to implement and it went into production very quickly.”
The business benefits for Capsticks
Improved security was the most obvious benefit for Capsticks. Tim explains, “We take confidence from the additional level of user and network protection that our MFA solution provides. With the log in being such a vulnerable area of the remote working environment, it’s important to get an authentication strategy in place that makes that process much more secure.”
Ease of use was another major benefit for Capsticks. A complicated solution would have irritated busy employees trying to log on and work remotely and the risk was that it would have put them off using remote working. “We are pleased to say that user productivity has not been affected by the introduction of CensorNet’s secure user authentication. And users particularly like that they can choose from different one-time passcode dispatch options, and find the one that best suits their needs,” explains Tim.
Summarising neatly, Tim says about CensorNet’s MFA solution, “The product just works.”