The Rising Tide of Vishing

Written by

Amanda

15th May, 2025

Business Continuity
Uncategorized

Why Your Phone Line is the New Weak Link in Cybersecurity

In an era where organisations have poured significant resources into fortifying their digital infrastructure, a seemingly archaic technology – the telephone – has emerged as a surprisingly vulnerable chink in the armour. While firewalls, intrusion detection systems, and sophisticated endpoint protection have become commonplace, voice communication channels have often been overlooked, creating a fertile ground for the resurgence of vishing, or voice phishing. This vulnerability is particularly acute for legal, finance, and professional service firms, where trust and the rapid execution of instructions are paramount. It has been further amplified by increasing sophistication of voice fakes, and significantly exacerbated by the shift towards mobile communication over traditional landlines and switchboards.

For years, cybersecurity efforts have predominantly focused on protecting data, networks, and digital assets. Organisations have invested heavily in securing their IT infrastructure, implementing robust measures to ward off malware, ransomware, and data breaches. However, the humble phone line, often perceived as less of a threat, has inadvertently become a prime target for cybercriminals. This oversight is becoming increasingly critical as attackers exploit the inherent trust associated with voice communication and leverage new technologies to enhance their deceptive tactics. The move towards increased mobile phone usage for work communication has demonstrably amplified this vulnerability.

The shift to mobile: undermining traditional voice security – a critical concern for regulated industries

The increasing reliance on mobile phones for work communication, particularly in hybrid working models in legal, finance, and professional services, has inadvertently dismantled several layers of traditional voice security. This shift provides a plausible and increasingly evident link to the surge in vishing attacks, posing significant risks to firms that handle sensitive client information and high-value transactions. The erosion of traditional safeguards is particularly concerning due to:

• The erosion of the gatekeeper and the illusion of qualification: Traditionally, company switchboards and receptionists acted as crucial gatekeepers, screening incoming calls and often identifying suspicious or unsolicited contact. In high-stakes environments like financial firms, calls that successfully navigated this initial layer might have been implicitly regarded internally as "qualified" or "screened." The danger now is that if a vishing call, perhaps using a sophisticated voice fake, makes it directly to a broker or trader's mobile, it bypasses this crucial human vetting process. The recipient might then proceed with instructions, believing the caller to be a legitimate client whose call has already been implicitly verified by a receptionist, potentially leading to significant financial losses or unauthorised transactions.

• The misplaced trust on mobile and exploited spoofing: Professionals in these sectors, like others, may have an inherent, albeit misplaced, sense of trust associated with calls received on their personal mobile phones. This trust is dangerously exploited by attackers who can easily spoof caller IDs to mimic legitimate clients or even senior partners within the firm. For legal firms, this could lead to the release of confidential information under false pretences. For financial institutions, it could authorise fraudulent transfers. The ease of caller ID spoofing on mobiles makes this a particularly potent threat.

• The decentralisation of knowledge and the loss of centralised threat intelligence: When all external calls flowed through a central switchboard, organisations could maintain centralised logs and even blacklists of suspicious numbers or known fraudulent callers. This shared intelligence allowed for quicker identification and dissemination of potential threats. However, with the decentralisation of communication through hybrid working and the prevalence of mobile phone use, this centralised knowledge base has been fragmented. Legal, finance, and professional service firms often handle highly sensitive and confidential matters, making the lack of a centralised system to flag potentially malicious mobile calls a significant security gap. The inability to easily track and share information about suspicious mobile activity across the firm hinders proactive threat mitigation.

The neglected vulnerability: the unsecured phone line – a target for high-value attacks

The reasons behind this relative neglect of phone security are multifaceted. Historically, phone systems were often seen as separate entities from IT infrastructure. Security measures for voice communication tended to be less sophisticated and less integrated into overall cybersecurity strategies. This has created a significant disparity, where advanced security protocols protect digital domains while phone lines, especially mobile devices used for work by high-value targets within legal, finance, and professional services, remain comparatively unguarded.

It’s notable that the frontline of fraud has shifted to voice communication precisely because other avenues have become more challenging for attackers due to enhanced security measures. The relative ease with which attackers can exploit the human element over the phone, compounded by the vulnerabilities introduced by increased mobile usage, makes vishing an increasingly attractive and effective attack route, particularly for targeting firms with significant financial assets or sensitive client data.

The AI and voice fake revolution: amplifying the threat to trusted professions

The recent advancements in artificial intelligence, particularly in voice synthesis and deepfake audio, have injected a new level of sophistication into vishing attacks. Attackers can now convincingly mimic the voices of trusted individuals – senior partners, key clients, or even regulatory authorities – making their impersonations far more believable than ever before. This technological leap, combined with the direct access afforded by mobile communication, creates a potent and dangerous combination for professionals in legal, finance, and related fields, where trust in communication is paramount.

Why vishing is on the rise: exploiting the security gap in critical industries

The resurgence of vishing can be attributed to several key factors, amplified by the increased reliance on mobile communication and posing specific threats to legal, finance, and professional service firms:

High success rate: The personal nature of a direct call to a mobile device can lower an individual's defences, especially when dealing with seemingly familiar voices or urgent requests related to client matters or financial transactions.

Bypassing digital defences: Mobile calls inherently bypass traditional network security measures designed to protect digital assets.

Leveraging trust and authority: Caller ID spoofing on mobiles enhances the credibility of impersonations of clients, partners, or regulatory bodies.

The power of urgency and emotion: Attackers exploit the immediacy of a phone call, often creating scenarios involving critical deadlines or urgent client needs, to pressure mobile users into hasty actions.

The impact of AI voice fakes: AI makes mobile vishing even more convincing, potentially leading professionals to believe they are speaking to a known and trusted party.

The lack of centralised screening and knowledge: Mobile communication lacks the gatekeeping and threat intelligence benefits of traditional switchboard systems, making it harder to identify and prevent targeted attacks on specific individuals or departments within these firms.

Bridging the voice security gap: a call to action for legal, finance, and professional services

The rising tide of vishing, fuelled by the relative insecurity of voice channels, the advancements in AI voice fakes, and the vulnerabilities introduced by increased mobile phone use, demands an immediate and focused response from legal, finance, and professional service firms. The potential for significant financial loss, reputational damage, and breaches of client confidentiality necessitates a robust strategy to address this evolving threat.

Addressing this vulnerability requires a multi-pronged approach:

Enhanced, sector-specific awareness and training: Educate employees about vishing tactics, the specific risks associated with mobile calls in their professional context (e.g., client impersonation, fraudulent transaction requests), and the dangers of AI-generated voice fakes. Emphasise the critical importance of independent verification of all sensitive requests, regardless of the perceived legitimacy of the caller or the urgency of the situation.

Mandatory, multi-factor verification protocols for sensitive instructions: Implement stringent protocols requiring multi-factor authentication or independent verification through established, secure channels (e.g., secure client portals, pre-agreed contact methods) for any sensitive instructions received via phone, especially on mobile devices. This is crucial for preventing unauthorised financial transactions or the release of confidential client information.

Exploring advanced voice authentication and analysis technologies: Investigate and implement technologies that can verify caller identity and detect potential fakes, even on mobile devices. Solutions that analyse voice patterns and compare them against known legitimate voices could provide an additional layer of security.

Integrating voice security into comprehensive cybersecurity frameworks: Ensure that mobile phone security and voice communication are explicitly addressed within the firm's overall cybersecurity policies and procedures. This should include guidelines on the secure use of personal mobile devices for work purposes.

Fostering a culture of heightened scepticism and reporting: Encourage a culture where professionals feel empowered and obligated to question any unsolicited calls requesting sensitive information or urgent action, especially on their mobiles. Establish clear and confidential channels for reporting suspicious calls without fear of reprisal.

Developing enhanced strategies for decentralised threat intelligence: Implement internal systems for employees to easily report suspicious mobile calls, and establish mechanisms for quickly issuing this information across the firm to raise awareness of emerging vishing tactics and potential threats.

Securing the unsecured: a necessary evolution for trusted advisors

The advancements in cybersecurity have inadvertently pushed attackers towards less protected avenues, and the mobile phone has become a prime entry point, particularly for targeting high-value sectors like legal, finance, and professional services. The rise of sophisticated AI voice fakes, coupled with the direct and less scrutinised nature of mobile communication, has created a perfect storm for vishing. These firms must now recognise the critical need to address the voice security gap, especially concerning mobile devices used for work, and integrate robust, sector-specific measures to protect this increasingly vulnerable communication channel. Not doing so will leave them susceptible to increasingly sophisticated and potentially devastating vishing attacks with significant financial, legal, and reputational consequences.

ComXo has been trusted by top Global firms to provide secure switchboard and helpdesk services for over 35 years. We’re continually investing in our people, process and tech to ensure the highest level of security for our clients calls. If you’d like to know more, get in touch.

Strategic Resilience

Written by

Amanda

27th February, 2025

Business Continuity
Outsourcing
Productivity
The Office
Workplace Transformation

Forward thinking strategies for managing risk and ensuring business continuity.

Risk management is a constant balancing act, with firms needing to protect against evolving threats while maintaining operational efficiency. We brought together Global Transformation and Senior Risk Leads to discuss how these threats are influencing our business continuity plans, security protocols, work from home strategies, and most importantly, our people.

Here’s how leading firms are evolving their approach to business continuity and risk management:

Business Continuity Planning Must Be Integrated, Not Siloed
For too long, BCP has been viewed as an IT responsibility rather than an organisation-wide priority. We heard that this is changing. Firms are shifting from static BCP documents to dynamic, accessible plans that are regularly tested through real-world scenarios such as desktop exercises. These exercises don’t just expose vulnerabilities; they provide invaluable insights for stakeholders, helping to highlight risk and impact in a tangible way.

Communication and Crisis Management Are Critical
During a crisis, effective communication can mean the difference between swift resolution and prolonged chaos. Clients are increasingly dictating communication preferences, with platforms like WhatsApp becoming vital for real-time updates. The challenge? Balancing flexibility with security. Organisations must ensure that crisis communication plans are structured, reliable, and backed up with alternative channels in case primary systems fail. Reducing reliance on single points of failure—whether a key individual or a single communication method—is essential for resilience.

Andrew Try, CEO of ComXo urges:

“We often hear organisations confirm that they have substantial investment in I.T. and are confident in their preventative measures. However, I urge all leaders to consider what will happen when they do have that crisis. Remember that at the core of all business continuity plans are your people, and your ability to communicate effectively with them.”

Human Factors Are the Biggest Security Weakness
Technology alone won’t protect a business from cyber threats—people remain the weakest link. Security awareness training is now standard, but true resilience comes from ongoing vigilance. Employees, particularly under pressure, may overlook security red flags, making them prime targets for cyber threats. Regular physical security audits (such as checking for written-down passwords) and reinforcing remote working security measures are key steps in mitigating risk. Confidentiality policies must extend beyond the office to ensure data protection, wherever employees are working.

Legal and Professional Firms are High-Value Targets for Cyber Attacks
Law firms and professional services providers are prime targets for cybercriminals, often seen as more vulnerable than financial institutions. Ransomware is a significant concern, sparking debate on whether paying a ransom is ever the right choice. While government intervention may soon outlaw ransom payments, organisations currently weigh the cost of payment against potential reputational and financial damage. The key takeaway? Prevention is always more cost-effective than reaction.

Board-Level Buy-In for BCP and Cybersecurity Remains Challenging
All too often, business continuity and cybersecurity strategies only become a priority after an incident—or when regulatory compliance demands it. Getting board-level buy-in is a challenge, but fear-based arguments don’t always resonate. Instead, demonstrating the financial and reputational risks can be a more compelling approach. Recent figures from the Financial Times estimate that a cyber attack costs a FTSE 250 company around £4 million, highlighting the tangible impact of security failures.

Balancing Risk Management with Productivity
While risk management is critical, it must not come at the cost of business efficiency. Excessive restrictions can stifle productivity, making it crucial to strike the right balance. The most resilient organisations don’t just implement stringent security measures; they also foster a culture of adaptability and preparedness. Developing employee resilience—especially crisis leadership skills—ensures that teams can respond swiftly and effectively when incidents arise

Our guest host Steve Clarke, Co-Founder of Freeman Clarke speaks of the balance:

“People want to communicate when, how, and with whatever tool or platform they want. CIOs should not be seen as policing this; they should be the enablers.”

In the face of ever-evolving threats, true resilience comes from embedding risk management into the very fabric of the business—ensuring agility, security, and continuity at every level.

About ComXo
ComXo is a leading provider of outsourced communication and business services, helping companies navigate the complexities of the modern workplace with innovative solutions and industry-leading expertise.

If you’re interested to hear how we support some of the largest global organisations with strategic and in-built business continuity and resilience, get in touch.

The Future of Virtual Business Services

Written by

Amanda

24th October, 2024

Unlocking New Potential for Growth

Global organisations, particularly in the legal and professional services sector are no strangers to innovation, yet many organisations continue to grapple with evolving workplace needs. The global workforce is increasingly decentralised, working remotely and across varied hours, making seamless business operations more complex than ever. As firms adapt to this shifting landscape, virtual business services are rapidly gaining traction, offering agile and effective solutions to support a more flexible workforce, whilst also maximising cost efficiencies.

Outsourcing in Business Services: The Evolution So Far
Not too long ago, outsourcing tasks like switchboard operations or meeting room bookings was met with scepticism. Could an external partner truly manage these critical touchpoints without compromising quality? Fast forward to today and outsourcing these once in-house services is now the norm, delivering not just operational and cost efficiencies, but enhanced client experiences.

In fact the results from one of our clients have shown benefits on multiple levels across a 4 year partnership:

So, what’s next? The same mindset shift that occurred around switchboards is now happening with floor hosts, facilities management, and broader office support functions. What seemed unimaginable only a few years ago—outsourcing traditionally hands-on, client-facing roles like floor hosts—is fast becoming a reality. Forward-thinking organisations that embrace this trend are not only getting ahead of the curve but are also positioning themselves for future growth in an increasingly complex and hybrid work environment.

Increasingly Complex Workplaces: New Challenges, New Solutions
Today's workplaces look very different from a decade ago. Remote and hybrid work models have created new logistical challenges: employees work across different time zones, at varied hours, and often away from traditional office spaces. Navigating this complexity requires smart solutions that provide the same level of support—if not better—than the traditional in-person setup.

In the past, on-site teams such as IT support would be available to support employees, or floor hosts would be readily available to welcome and assist clients in person. Today, access to these roles need to evolve. Firms are beginning to realize the value in offering virtual solutions as a managed service that provide real-time assistance—whether it's answering questions, navigating office logistics, or ensuring clients have everything they need during their visit.
A virtual support solution also means that organisations can offer assistance 24/7, accommodating the global nature of today's workforce. Whether a team member is working late in London, or a client in New York requires help, virtual services ensure seamless, round-the-clock support without geographic limitations.

The Future: Virtual Managed Services
The future of virtual business services lies in merging traditional on-site roles with cutting-edge technology to create integrated, comprehensive solutions. One such innovation is connecting a managed service approach that can combine workplace helplines with virtual floor host services.
Imagine a quiet Friday morning, where an overseas employee walks into one of your buildings, early for a meeting. There may be no physical floor host to greet them, but with a virtual service in place, they can still receive real-time support, directing them to their meeting space. Once there, access to virtual support will help them connect with their AV set up, ready for a productive session. A virtual floor host can manage everything from greeting visitors to assisting with room bookings or AV setup—ensuring the level of service remains high, regardless of the time or location.

In the meantime, virtual systems are a strategic route to empowering and enabling front of house staff to move away from their desks and engage in more high value face-to-face interactions, fostering collaboration while ensuring business operations continue smoothly in the background. This is particularly important for legal and professional services firms, where the value of client engagement and white glove service cannot be underestimated.
By integrating managed services that combine workplace helplines with virtual floor hosts, businesses can create a streamlined, responsive support system that operates around the clock, delivering a consistent and reliable experience for both employees and clients.

Case Study: A Forward-Thinking Approach to Virtual Support
One client leading the charge in this transformation is a prominent legal firm with offices in The City and Europe. This organisation faced the challenge of maintaining high levels of support for both employees working in hybrid ways, and clients as they moved around and between office spaces during visits.
Their solution? A hybrid model that utilises a team of on-site floor hosts, strategically placed to provide high touch point, real-time assistance at any point during a visit. On site hosts are complimented with a highly personalised, tech-enabled virtual managed service, available around the clock to manage a variety of tasks, from offering directions and handling last-minute room bookings, to connecting employees with late night IT support. Clients experience a seamless journey from the moment they step through the door, and employees feel supported regardless of the time of day.

By adopting this future thinking mindset, they have been able to provide consistent, high-quality service while also reducing the need for on-site staff to be tied to their desks. Instead, the firm's employees are now free to focus on higher-value tasks, leading to better outcomes for both the business and its clients.

Why Now is the Time to Get Ahead
We have moved beyond the reactive, sticking plaster approach that allowed organisations to make it through the changes post-pandemic, with 62% of CEOs citing growth as their strategic priority for 2025.
As the workplace continues to evolve, the businesses that embrace virtual solutions early will be the ones to thrive and achieve that growth. What once seemed unthinkable—outsourcing critical, client-facing roles—is now an opportunity for firms to modernise their operations, improve efficiency, and elevate client experiences.

For facilities managers, managing partners, and workplace transformation leads in legal, financial, and professional services firms, now is the time to explore how virtual business services can drive future growth. The shift towards a global, remote workforce is not going away, and those who adapt will be well-positioned to lead in the years to come.

By integrating virtual floor hosts, workplace helplines, and other advanced managed service functions, firms can unlock new potential, offering more flexible and responsive services to both employees and clients alike. For forward-thinking firms, the question is not if but when they will adopt these new technologies and approaches to stay competitive in an increasingly global and complex work environment
The future of virtual business services is here, and it’s time to get ahead of the curve.

If you’re ready to hear more about our work in this space with clients, using our ‘Centralise, Optimise and Virtualise’ approach, get in touch at wearehere@comxo.com.

The Ultimate Guide to TUPE: What You Need To Know When Outsourcing To A UK BPO Supplier

Written by

ComXo

19th December, 2023

We asked specialist HR Consultants Kane HR to write our guest blog this month, covering everything you need to know about TUPE and the considerations when outsourcing.

Robert Burden, Managing Consultant dives in with an overview, the pros and cons, and some top tips for managing TUPE effectively.

TUPE stands for the Transfer of Undertaking (Protection of Employment) Regulations. Its purpose is to provide protection to employees who are transferring from one employer to another because of a business transfer or service provision change (SPC). It safeguards employee’s rights when there is a transfer of a business or service from one organisation to another and means that the grouping of employees concerned have a legal right to automatically transfer from one service provider to another on their existing terms and conditions of employment and with all their existing employment rights and liabilities intact, including their continuous service.

Under TUPE, both the current employer (“Transferor”) and receiving employer (“Transferee”) have a legal obligation to inform and consult with either elected employee representatives or a recognized trade union, if there is one present. Only in the event where there are fewer than 10 employees (and in the absence of elected representatives or a recognised trade union), should an organisation consider consulting directly with the individuals affected.

It’s important to remember that TUPE is a legal statute, therefore, even if it may seem that a business service provider can provide their services more efficiently, if the transfer falls within scope of the activities below, then TUPE is still likely to apply, and both organisations have a legal obligation to inform and consult. The following activities will indicate that TUPE is likely to apply.

The activities that are currently being provided by a client are to be provided by a third-party provider. This is more commonly known as outsourcing.
Activities currently provided by a contractor to a client are to be provided by a different third-party supplier to the same client, known as ‘contractor to contractor SPC’.

Options when handling TUPE

When choosing an outsourced provider, organisations are often looking for an effective and efficient solution, which can mean when TUPE applies there may be more staff currently doing the job than required if the work is to be outsourced.
In such instances, it is first important to establish which internal employees fall within the scope of the undertaking i.e. "fundamentally the same" as the activity to be carried out by the outsourced provider, it’s important to do this to prevent employees being assigned to a TUPE transfer who should not be affected.

Second is to understand your legal obligations to inform and consult regarding the transfer, it’s important to recognise that if found to have failed in fulfilling this obligation, liability could be both joint (i.e. shared between the transferee and transferor) and individual if taken to a tribunal.

Crucially, it is important to remember that any dismissal where the sole or principal reason is the transfer itself will be automatically unfair. However, there are of course practical and commercial considerations, that give options to handling structural changes during TUPE in a lawful, fair and practical way for all parties. One of these, is if the transferee envisages that there may be a potential redundancy situation by reason of economic, technical or organisational factors (ETO), and more on this is outlined further below.

In some cases, prior to TUPE it may be appropriate to offer staff members redeployment opportunities to other business areas or departments. Keep in mind that employees have a legal right to transfer, therefore, they may reject any offers.

As the current employer, there may be extenuating circumstances that result in a decision to provide individuals with an opportunity to exit from the business prior to the TUPE taking place, and generally this would form part of a settlement agreement. If considering this approach, it’s always best to seek independent employment law advice, as this wouldn’t mitigate from your obligation to inform and consult regarding the transfer.

If considering this approach, there is always the risk that the transferee could be liable for an unfair dismissal claim as they have not been privy to the agreement. In such cases, it may be an acceptable decision for all three parties (employee, transferor and transferee) that the employee does not transfer, and therefore a tripartite settlement agreement could be introduced to provide the necessary protection for all parties involved.

The commercial bits

When considering outsourcing arrangements, it's crucial to anticipate the potential impact of TUPE on the financial aspects of the agreement. One common strategy involves the inclusion of indemnification clauses in the commercial arrangement between the outsourcing organisation and the service provider.

Indemnification in the context of TUPE essentially means that the outsourcing organisation agrees to compensate the service provider for any additional costs incurred due to the transfer of employees under TUPE regulations. This can include expenses related to maintaining existing employment terms, addressing potential legal challenges, and handling administrative complexities associated with the transfer.

While the necessity of such indemnification clauses may not be immediately apparent, seasoned service providers recognise them as an essential aspect of risk management. They provide a safety net for service providers, ensuring that unexpected costs arising from TUPE do not become a financial burden that jeopardises the viability of the outsourcing arrangement.

It's important for both parties to engage in open and transparent discussions during the negotiation phase of the outsourcing agreement. Clearly defining the scope and limits of indemnification clauses, as well as detailing the specific scenarios under which indemnification would apply, lays the foundation for a successful and sustainable outsourcing relationship.

Redundancy situations?

We have covered that dismissal of an employee for the sole or principal reason of TUPE is unfair. However, certain circumstances may arise where the new service provider needs to make changes that could result in redundancies. This is where ETO reasons come into play. These changes are generally outlined within the measures of the new service provider, as part of the initial TUPE consultation process. Depending on what is agreed with the current employer, redundancy consultations could commence prior to the transfer taking place, with the view that redundancies are effective from the first day of an individual’s employment with the new service provider. Alternatively, the service provider may transfer employees, and then proceed with redundancy consultations afterwards.

ETO reasons refer to economic, technical, or organisational factors that entail changes in the workforce. These factors may necessitate alterations to the employment structure for the continued viability of the service that’s being provided. Here's a breakdown of each:

Economic Reasons: This involves situations where the employer faces financial challenges or restructuring to ensure the sustainability of the business. Cost-cutting measures, mergers, or market-driven changes fall under this category.
Technical Reasons: Changes in technology or the methods used to carry out work can trigger the need for workforce adjustments. This could include the introduction of new machinery or systems that render certain roles obsolete.
Organisational Reasons: Structural changes within the organisation, such as a shift in management or a restructuring of departments, might necessitate workforce realignment.

In addition to the above, it is very common for an employee’s place of work to change following a TUPE transfer. Where the change in location is significant this may also fall within scope of an ETO reason.
Where redundancy by reason of ETO could be a consideration, relevant legal advice should always be sought to ensure the correct consultation process is applied to avoid any potential unfair dismissal claims.

Positives of TUPE transfers for employees

• Preservation of terms - One of the key advantages for employees in a TUPE transfer is that their existing terms and conditions of employment are preserved.
• Job security -TUPE is designed to protect employees from losing their jobs because of a service transfer.
• Continuity of employment - TUPE ensures continuity of employment, meaning that the length of service with the current employer is usually carried over to the service provider.
• Protection against Unfair Dismissal - Employees transferred under TUPE are protected against unfair dismissal solely because of the transfer.

Negatives for employees in TUPE transfers

• Uncertainty and change - TUPE transfers often come with a degree of uncertainty and change. Employees may need to adapt to a new working environment, management style, and potentially different policies and procedures.
• Potential for redundancy - In certain situations, the service provider may identify ETO reasons that lead to redundancies.
• Integration challenges - Integration into a new culture and structure can be challenging. Employees may face difficulties adapting to new processes, procedures, and colleagues.
• Differences in employee benefits - While TUPE aims to preserve employment terms, there may be variations in benefit packages between the old and new employers.
• Limited control over the transfer - Employees have no direct control over the decision to transfer, and the process is often driven by the employers involved.

What if an employee doesn’t want to transfer?

Where there are employees who do not wish to transfer to the new service provider, they are entitled to refuse to do so. However, unless the individual can be redeployed, this would mean that their employment with the transferor comes to an end at the date of the transfer itself. Generally, the employee is not treated as having been dismissed, but having resigned. It is important to note that there are certain circumstances in which an employee could claim unfair dismissal, so it may be necessary to seek further advice if in this situation.

Although there is no specified manner in which an employee must refuse to transfer, it is sensible for the transferor to obtain the employee's refusal in writing, by way of the individual opting out of the transfer process.

Top Tips for managing TUPE effectively:

Understand the situation as early as possible:
Early awareness of an impending TUPE transfer is crucial for effective planning and communication. Understanding the scope, reasons, and potential impact allows for better decision-making and minimizes uncertainty among employees.
Seek HR and Legal Advice:
TUPE regulations are complex, and legal nuances can significantly impact the process. Seeking professional advice from HR and legal experts helps ensure compliance with UK Employment Law and provides guidance on best practice.
Prepare a plan:
A well-thought-out plan is essential for a smooth TUPE transfer. It helps anticipate challenges, allocate resources effectively, and ensures that key tasks are executed in a logical sequence.
Obtain / Produce ELI (Employee Liability Information):
Acquiring accurate and detailed information about the employees who will be transferring is crucial for planning and addressing potential issues. The ELI includes essential details about employment terms, contracts, and potential liabilities – legally this should be provided to the transferee no less than 28 days before the transfer date.
Ensure you have plenty of time planned for consultations:
Adequate time for consultations is vital for addressing employee concerns, providing information, and facilitating a smooth transition.

In summary, managing TUPE effectively requires a proactive and well-organised approach. By understanding the situation early, seeking professional advice, preparing a comprehensive plan, obtaining essential information, and allowing ample time for consultations, you can minimise the impact on employees and navigate the TUPE process with transparency and efficiency.

If you'd like to learn more about outsourcing your switchboard, connect with our team at wearehere@comxo.com.

This is for information and guidance only, please always seek professional HR and legal advice.

Ask Andrew: The forecast for 2023

Written by

Amanda

27th January, 2023

Agile Working
Business Continuity
Company Culture
Productivity
The Office

As we settle back into the office, we asked CEO Andrew Try to reflect on 2022 and talk us through predictions for the year ahead.

2022 can be best described as a discombobulation. So much of what we all considered normal was already out of kilter, and whilst this time last year I expected it to be a year of returning to norms, I think few predicted the rollercoaster of influences that affected work, personal, national and international sentiment.

As a business owner and manager, trying to forecast and predict in normal circumstances is hard and through 2022 it was harder still. However, sticking to key strategic anchors of creative, energetic people with a passion for being the best, challenging the status quo and building a better future' served us well at ComXo.

Here are my top 3 headwinds that we navigated as a business last year:

Staff wellbeing

With a workforce that is fully hybrid, the business focus was to support the physical and mental health of our entire team, including those we could no longer see. ComXo is a boutique specialist delivering high service levels and market leading innovation, and for this a strong culture is required. Investment went into flexible shift patterns, "come into the office" events, wellbeing packages, parties , training and development, video team culture, resident mental health practitioners, and my weekly CEO video check in.

2. Change in workforce and workplace utilisation for clients.

As a workplace service partner to some of the largest professional service firms in the world, 2022 was uniquely challenging. The WFH (Work from Home) to WFO (Work from Office) ratio was difficult to forecast as "new normal" working practices evolved rapidly throughout the year. The spring saw the rebound from Covid and lockdown and war in Ukraine. The summer had the extra Jubilee bank holiday and 40C temperatures. In Autumn we mourned the death of the Queen, whilst numerous prime ministers came and went. Finally, Christmas was marred by strikes. How could we forecast this, and what normal would look like?

3. Inflationary forces, cost of living and the focus on value delivery.

Retaining and incentivising our dedicated and experienced teams has been essential. Searching for more value for customers as prices had to go up was, and remains, our focus. We have been helped by a tight labour market making customers look to outsource as an answer to their own staff troubles, but most importantly it's our continued effort to make ComXo a great place to work. We delivered 9 new team induction groups last year compared to an average of 5 per year, and our staff turnover is around 10% less than industry average which I'm very proud of.

This year what are my predictions?

It is impossible to second guess the macro except to say that complexity, global shock, fast moving trends and fluidity will continue to dominate. The companies that have the most flexible structures and elastic outlooks will benefit; those trying to hang on to the past will not. As the saying goes "When the big waves rain down upon you, the person who's smiling is the surfer!".

From the ComXo standpoint, creating flexible workplace and workforce environments is about the ability to "Centralise, Optimise and Virtualise". Central, virtualised services sitting on digital platforms, enabling AI and delivering data driven insight saves lots of money, increases workforce productivity and transforms client experience. As a business that thrives on managing complex challenges and streamlining them for a great result, we will continue to facilitate our customers on this journey, whatever 2023 and beyond throws at us.

Andrew Try, Founder & Managing Director

Are legal chat bots ready to chat?

Written by

Amanda

18th October, 2022

With talk of "post-pandemic challenges" now feeling passé , and businesses re-focusing on the longer term future, legal firms are looking to build efficiencies into sustainable hybrid work processes, and ways to further enhance and develop their client experience for competitive advantage.

The use of "lawtech" including AI and chatbots has been hyped over recent years as the solution to all problems, with chatbots in particular seen as the "quick fix, easy to scale, friendly face of Artificial Intelligence".

Some predictions have estimated that more than 85% of customer interactions will NOT include a human being in the legal sector. But we ask the question:

"Are you ready to hand over your valued customers to a client experience which is totally hands-off?"

Are legal chatbots ready to chat e-book cover

Are you ready to hand over your valued customers to a client experience which is totally hands-off?

This insight, written by conversational intelligence expert Andrew Moorhouse, takes a look at balancing the risk of losing human interaction, alongside the reward of combining better tech and processes for a highly personalised managed service.

In this insight you'll find:

Insights from over 10,000 conversations across sectors
Analysis of call volumes and qualified leads for the legal sector
How to balance risk and reward when introducing AI technology

Ask Andrew: Recession, how real are the risks?

Written by

Andrew Try

12th July, 2022

Business Continuity
Outsourcing
Solution
The Office

Recession and the risk of ongoing uncertainty is high on the list of business challenges right now.

The last recession in 2008 saw a calamitous and sudden capitulation of capital markets; was a disaster akin to a tornado … sudden and unplanned. The aftermath saw business cut hard and fast in reaction to it. This time things feel more like a drought. We know we are already in it, and we can feel the economic cogs moving slowly but with potentially devastating consequences.

The headwinds are many: higher prices, supply problems, war, post-pandemic malaise. Businesses however will be asking the same questions: how do I cut costs, become more efficient, become less people dependent, how do I remain good value for my customers… how do I protect my stakeholders? How do I keep my job?

In 2008 ComXo experienced the first wave of office support outsourcing in professional services. We saw the demand for our technologies and managed services increase, as we pivoted to meet demand for business transformation, helping to drive down costs.

This time we expect even greater demand.

The combination of Brexit and the pandemic have changed so many contributing factors that this upcoming financial period is far harder to predict, with risks across a number of areas. The physical office is being used differently, hybrid work has evolved, data is more abundant and the balance in employee engagement has shifted. The new corporate world is driven by business service personalisation, on demand access 24/7 to integrated services, insight-driven facilities management, self-service, intelligent triage, and outcome driven KPI’s. Those that have not yet benefited from the technology dividend and business continuity benefits of support solutions, are likely to embrace it, or risk being out-manoeuvred by their competitors.

Our professional service customers such as PWC are using ComXo outsourced business services to lead the charge of reimagined client experience, cost rationalisation and new generation business continuity. Our legal and financial customers are following service roadmaps to do the same. It is clear to see from our clients’ financial results that this approach works now, and for the future of a successfully functioning enterprise.

Want to find out more? Talk to our team for insights and case studies that might help your planning.

Andrew Try, Founder & Managing Director

Hybrid Working-Making it a success for your law firm

Written by

Amanda

12th April, 2022

The change-averse legal sector has slowly been moving towards digitisation for years. However, since the global pandemic and the accompanying government-enforced lockdowns, the sector has been forced to review their working habits and embrace remote working.

As the world enters "the new normal", and Freedom Day in the UK seems a long way behind us, offices are reopening, and businesses are accommodating a blend of home and office working: the hybrid-working model.

Research has found that a large proportion of employees expect a level of "hybrid" working in the future - with just under half wanting to work from the office for 3 days or fewer each week. Additionally, results also found that over half of employees now believe the office to be unnecessary, with these numbers increasing since the first lockdown.

The legal sector needs to understand what's happening on the ground to ensure they are attracting new talent, providing a competitive working environment for staff, and proactively identifying concerns or issues amongst their employees - to provide the best experience to their teams.

Working in partnership with CBRE and CTS, we've provided a guide to help you do just that.

In this guide, we cover:

Why you should embrace hybrid working
The benefits of a hybrid working model
What employees want from hybrid working
What you should consider when developing your hybrid working strategy

Designing a successful hybrid working strategy: The best of both worlds

Complete your details below to download our free Hybrid Working e-book, with access to our ‘Finger on the pulse’ webinar on how to measure success.

Maintaining business continuity during a cyber attack

Written by

Amanda

14th March, 2022

Business Continuity
Outsourcing
Solution
The Office

CYBER ATTACKS - FIGHTING THE INVISIBLE ENEMY

When it comes to Risk and Business Continuity the traditional focus on fire, flood and theft has now been replaced with a less visible, but highly destructive threat in the form of cyber-crime, viruses and attacks on business's data and I.T. environments.

Five years ago almost every business had their traditional IT systems and programs sitting separately from their communication technologies - such as their PBX's, conference calls, outbound and inbound phone lines. Today it is more likely that these services sit within the traditional IT infrastructure. On paper this offers huge benefits but has one major flaw; when a cyber-attack hits, it's no longer just internet access, computers and servers that are compromised. All communication channels are vulnerable. In many situations the only option is to go dark and take everything off-line, resulting in no emails, no internet access, no incoming or outgoing phone calls, no conference calls with clients. A business's ability to communicate internally with its own employees, and with the outside world is significantly impacted.

BUSINESS CONTINUITY DURING CYBER ATTACK

As specialists in integrated communications and infrastructure for some of the top firms in The City, managing their global communications, we have supported firms through potentially catastrophic cyber attacks.

Here are our top ten tips on maintaining business should you be subject to cyber attacks or data breaches:

1. Protect your brand at all costs. Perception is reality.

It is unacceptable for a customer focused firm to be unavailable for any length of time.
Being able to demonstrate that regardless of the situation, you are open for business and capable of maintaining high service levels builds trust, customer loyalty and professional respect.

2. Enable your teams to focus on the crisis.

When a crisis hits, you will require total focus, concentrated effort and coordinated teamwork to survive. Create space and mitigate risk by ring-fencing the front line experience. Triaging internal services, information updates and escalation requests engenders an atmosphere of uninterrupted calm and control, and puts you back on the front foot.

3. Provide a serviced virtual meeting place for stakeholders

Continuous communication is the single most important factor during a crisis. An easy-to-use voice conference room that can be accessed at any time is key. A managed audio conferencing service can facilitate requests to ensure agility and fluidity as the situation develops.

4. Keep your staff informed. Duty of care is essential

Defined, well-rehearsed communication channels minimise confusion and insecurity amongst stakeholders and staff. It is vital to have access to up-to-date stakeholder and staff contact lists for consistent communications (e.g. text, email, voice, hotline).
These comms can be invoked through a managed service in the cloud.

5. Ensure access to your knowledge asset

Having an external switchboard provider that understands your processes could enable you to maintain access to key information and business services even during a crisis, ensuring ongoing efficiency and information flow

6. Keep your IT help desk functioning 24/7

Minimising confusion as a crisis unfolds is vital. Getting and keeping key IT capability up and working is a pivotal step to achieve this. Ensuring clear lines open to your IT help desk gives your workforce assurance that the situation is under control. Using a triage capability to answer calls and service requests; fact find, prioritise and escalate - enabling your own IT staff to focus on the higher level problems.

7. Provide your staff with the right tools for remote working

By providing alternative, company sanctioned and network independent communication tools, staff can stay productive rather than having to second guess
the company's risk, security or compliance regime. A BYOD (bring-your-own-device) technology that's simple to use and allows easy billing will encourage staff to continue communicating.

8. Think Global

For global corporates a cyber-attack could mean that all world-wide communication becomes disrupted. Do you have a global resilience plan in place for communication? Is it tested around your key risks and invoked on a regular basis?

9. Create strong supply chain relationships

When a crisis hits, relationships with key operational suppliers become even more important. Maintaining strong connections with the right people in these organisations will help ensure your problem is prioritised. Share your BCP plans with your supply chain and include them in your scenario planning.

10. Protect new business opportunities.

Industry statistics show that up to 55% of switchboard calls to professionals service firms are existing or new business calls. A crisis hits customer confidence and keeping lines open to answer questions, escalate requests or give advice will ensure your customers do not seek out new suppliers

Cyber security is now considered a vital part of any business continuity plan, helping keep the threat minimised with proactive solutions. If it's something you’re considering and would like some guidance talk to our team.

3 key points to prepare for the worst and deliver the best in business

Written by

Amanda

30th November, 2021

Agile Working
Business Continuity
Company Culture
Outsourcing
Solution

In March 2020 I returned to work from my honeymoon in Australia, well and truly still in holiday mode. Given the extent of Australian news coverage at the time I boarded my flight aware of little more than "There's a toilet roll shortage". I was fairly oblivious as to what faced me upon my return to the office.

Expecting this toilet roll emergency to blow over while I tortured everyone with holiday pictures, I was ushered into our boardroom and given a pandemic reality check. I was asked to prepare for our offices to close and get ready to support all of our clients as they faced the same challenge.

So how do you move over 1 million calls and 70 Virtual Switchboard staff to a remote working environment, and continue to achieve an industry leading service level, with 95% of calls answered in 3 rings? We were of course apprehensive, but we found that our business continuity planning had left us well prepared.

Without giving away the ComXo crown jewels, here's my 3 key recommendations to enable your organisation to prepare for the worst in order to consistently deliver the best:

Plan and TEST your BCP measures constantly.

For the past 5 years, ComXo has had a unit of remote working operators logged in ready to support calls in the event there was a crisis with the office.
This team of operators had tested our tech, software and logistics ready for a wider scale rollout of remote working.
Our disaster recovery site is regularly tested on a scheduled and unscheduled basis.

Look after your people

Rather than increase operator workload, we introduced more team huddles, 1-2-1s, training time and regular "check ins" to ensure the team were coping with the pandemic. Parents were given some extra, much needed TLC.
The business took a VERY open stance to the uncertainty of the future and the roles we would all need to play in order to ensure that ComXo and our clients prospered during this period.
Educating our staff on "The grief curve" allowed teams to meet, discuss and share experiences.
The Zoom Christmas cocktail party and online bake off/pizza making competitions kept up team spirit. These were planned sensitively, especially once it became clear that the pandemic was going to loom for a substantial period of time, and we were conscious of Zoom fatigue.

In return, our indomitable staff responded in kind with sickness and absence levels dropping to next to zero!

Our service levels actually increased to 97.7% of calls answered within 3 rings and adverse feedback dropped to an all-time low.

Understand your true capacity

If the workload demand of your team regularly exceeds 80% of their maximum work rate, it's possible you are heading for burnout and staff churn. Look to schedule at least 30% capacity for breathing room, shrinkage, creativity and sudden spikes in workload.
Diversify your workforce: working with parents, students and full time professionals to align their wants and needs with your own workload forecast is a powerful thing.
Recruit ahead of the curve - if you wait until you need the staff, you are already too late.
If you can't measure it, you can't manage it. Understand the scientific equation that predicts your working capacity. If you don't have the tech, you can do this by simply and consistently checking in with your team and asking "Hey, on a scale of 1 - 10 how busy have you been this month?"

Ultimately, we have been very lucky that our clientele have had a mostly prosperous two years and we are proud to have been able to support them on this journey. Looking back, what would I change about ComXo's approach to the pandemic? Not a lot. But on a personal note, maybe I would have invested in some more toilet roll when I landed back in England. They weren't joking about that part.

Richard Gostelow, Director of Customer Service