If your company operates out of a co-working space, you may have more to worry about than just formaldehyde-infused phone booths. Shared WiFi available in co-working spaces makes life easier for companies working there, but weak security practices can leave your critical business data, product infrastructure and intellectual property vulnerable to Peeping Toms not only in your physical environment but in the network too.
In a recent case to prove this point, Teemu Airamo, the CEO of a company working out of a WeWork in Manhattan scanned the office and accessed the financial records and bank account credentials from more than 200 companies sharing the same office as his team. Airamo’s exercise, while harmless in intent, surfaces important questions we should be asking ourselves: Are we implicitly trusting workers of co-located companies by agreeing to use the same provided network? Should malicious activity by co-located company workers be considered insider threat?
What‘s the big deal about co-working spaces, you may ask. How are they different from using the WiFi at an airport or coffee shop? The thing is, when you work in a coffee shop you are not assuming that the WiFi is secure. In fact, most public WiFi services have a disclaimer that explains in no uncertain terms that they are not responsible for any data loss when you use their network. On the other hand, companies that sign an agreement with a co-working space trust that the provider is making a reasonable attempt at providing a secure environment and network. Unfortunately, this trust is misplaced.
Even if you buy into your provider’s “space as a service” positioning, the shared responsibility model should still apply. Similar to working in the cloud, the co-working space is responsible for protecting the infrastructure, but you’re responsible for your organization’s security.
Thankfully, there are measures you can take to secure your assets even when your company is using an insecure pipe. Because you share your physical and virtual environments, it’s important to consider security in both realms:
This post is just scratching the surface of what you can do to remain secure in a co-working space. You are ultimately responsible for the security of your organization’s assets. By educating your employees on vigilance and investing in security solutions that can protect access to your assets, you can create a secure bubble even within an open network.