How We Delivered Secure Remote Access for External Consultants
How we secured remote access for external devices used by consultants, contractors and personnel in the financial sector.
Sector – Regulated financial services (London)
Challenge – External consultants accessing sensitive company data from their own personal laptops with no oversight or control
Solution – Secure cloud-based desktops that keep all company data within the organisation. Nothing is stored on the consultant’s personal device.
Delivered by – Savva Antoniou (design and scoping) and George Ordog (technical implementation)
Quick links
- Why External Consultants Are Your Biggest Unmanaged Data Security Risk
- How We Use Secure Cloud Desktops to Eliminate the Personal Device Risk
- What Happens When a Consultant Logs In
- The Outcomes: Data Containment, Same-Day Onboarding and Clean Offboarding
- What Both Investment Firms Gained
- Is Your Organisation Exposed to the Same Risk
- About Mayfair Tech
Why External Consultants Are Your Biggest Unmanaged Data Security Risk
Most organisations in the financial services sector work with external consultants and contractors. Fund administrators, tax advisers, legal counsel and portfolio analysts regularly need access to company systems and sensitive documents without being directly employed by the business. They tend to be few in number, but they handle some of the most commercially sensitive material in the organisation.
During Quarterly Business Reviews with two separate London-based investment firms we identified the same issue. External consultants were accessing company data from their own personal laptops.
In both cases, the firms had assumed that because the consultants were using a web browser to access Microsoft 365 the data was safe. It was not.
When someone accesses documents through a browser, those files can be cached and downloaded to their personal device. That device sits entirely outside the organisation’s control. There is no encryption. There is no monitoring. There is no way to remove the data if the consultant’s engagement ends or their laptop is lost or stolen.
The organisation has no visibility over where its data is actually being stored. For firms handling investor information, deal pipelines and confidential financial data this is a significant and often invisible risk. Both firms were surprised to learn that what they had assumed was a secure arrangement was anything but. Personal devices accessing company systems through a browser may look controlled. They are not.
“This is exactly the kind of risk that a structured review is designed to surface. Both firms had taken reasonable steps to manage access, but there was a blind spot around what browser access actually permits.
Once we walked through the specifics and explained that documents could be stored locally on a personal device with no controls in place, the gravity of the situation was immediately understood.”
Case Study
How We Secured Consultant Access to Sensitive Data from Personal Devices
Two London investment firms discovered that external consultants were accessing confidential data from unmanaged personal laptops. We eliminated the risk without issuing a single company device.
3 days
per deployment
Zero
Data on personal devices
Hours
To onboard a consultant
How the solution works
How We Use Secure Cloud Desktops to Eliminate the Personal Device Risk
Rather than attempting to control the consultants’ personal devices we took a different approach. We designed and deployed secure cloud-based desktops for each consultant, hosted entirely within the organisation’s own IT environment.
The consultant logs in from any device, anywhere in the world. But everything they do happens inside the secure desktop.
Documents, emails, files and applications all remain within the organisation’s systems. The only thing that travels to their personal device is the screen image.
This is a virtual desktop infrastructure built specifically for external contractors and consultants in regulated environments. It delivers the data containment that financial services firms need, without disrupting the way consultants actually work.
What Happens When a Consultant Logs In
The solution was delivered across two different client environments. One firm used Windows laptops internally. The other used Macs. The approach worked in both cases without requiring any changes to the existing setup for permanent staff.
Each consultant receives their own secure desktop hosted in the cloud within the organisation’s IT environment.
They log in using their existing company credentials. The experience feels identical to sitting at an office computer.
Copy and paste between the secure desktop and the personal device is blocked. Files cannot be transferred out. Printing is disabled.
The secure desktop is monitored, encrypted and protected to the same standard as every company-owned device in the organisation.
If the consultant’s personal laptop is lost or stolen there is no company data on it. The risk is eliminated entirely.
Consultants using phones or tablets for email and calendar continue to do so through approved applications that keep data contained.
“These secure desktops are built and configured to the same standard as every other managed device we look after. Same security tools, same monitoring, same protection.
The difference is we can have a consultant up and running in a couple of hours instead of waiting for a laptop to arrive. And when they leave the desktop is gone. There is nothing to chase, nothing to wipe and nothing left on their personal machine.”
The Outcomes:
Data Containment, Same-Day Onboarding and Clean Offboarding
We designed and delivered a solution for both firms within three days each. The systems have been in continuous use since deployment, with no complaints and no disruption to the consultants’ day-to-day work.
What Both Investment Firms Gained
- Complete data containment – No company data is stored on any personal device. All information remains within the organisation’s own secure environment. This directly addresses the core data security risk that both firms had unknowingly carried.
- New consultants operational within hours – There is no need to source, configure or ship a company laptop. A new consultant can be given secure remote access the same day they start. For investment firms working with advisers, legal counsel or portfolio analysts at short notice, this matters.
- Clean and instant offboarding – When a consultant or contractor’s engagement ends, their access is removed immediately. No data is left behind on their personal device. No equipment to collect or wipe.
- Works from anywhere – Consultants can work from any location, including overseas. The security controls travel with them regardless of where they are or what device they use.
- Regulatory and audit confidence – The organisation can now demonstrate to investors, auditors and regulators that all access to sensitive data is controlled and confined to managed IT services. For firms regulated by and operate under the oversight of the Financial Conduct Authority (FCA) or preparing for an external audit, this is a material improvement.
- No impact on productivity – Consultants report no difference in their day-to-day experience. Video calls, document editing, email and collaboration tools all perform without issue.
“Once Mayfair Tech explained what was actually happening with our consultants’ access, we knew we had to act. We had assumed that using a browser was enough.
The solution they delivered gave us exactly what we needed. Our consultants work without any friction and we have complete confidence that our data stays within our own systems.”
Is Your Organisation Exposed to the Same Security Risk?
If your business works with external consultants, contractors or advisers who access company systems from their own devices this risk very likely applies to you. It is one of the most common blind spots we encounter during our client reviews. The individuals involved are often senior. The data they handle is often the most sensitive in the organisation. And the devices they use are entirely outside your control. A small number of unmanaged personal devices accessing confidential data represents a disproportionate risk.
The solution does not require you to purchase and ship company laptops to every external adviser. It does not matter if they are based overseas or working across multiple clients. And when their engagement ends you can be certain that no data has been left behind. Secure remote access for external consultants is a solved problem.
The question is whether your organisation has solved it yet. (Click here to learn more about our comprehensive IT support in Mayfair)
We have a lot of experience giving specialist IT services to Family Offices and bespoke IT Support to Private Equity Firms for example.
About Savva Antoniou and Mayfair Tech
Savva Antoniou founded Mayfair Tech in 2020 to provide IT and cyber security services to high net worth individuals, family offices and investment firms in London. With 25 years of experience in IT services and cyber security, Savva works directly with clients who expect professionalism, discretion and a genuine understanding of their business.
Mayfair Tech operates as an outsourced IT department for some of London’s most distinguished private client organisations. for some of London’s most distinguished private client organisations. We predominantly serve W1K, W1J, and W1S.
If you would like to discuss having a virtual desktop infrastructure for your financial services, or review your data security for your external consultants and contractors, then please feel free to call, email or book a meeting with Savva Antoniou, Founder of Mayfair Tech.
