For the last decade, the term ‘co-working’ has become a standard phrase. The reason for this standardization is the growth that the flexible office industry has seen. In 2007, there were just 14 publicized co-working spaces. This number shot up to 436 in 2010 and surged to 14,411 in 2017. By 2022, experts predict that this number will more than double. Similar trends show up in the number of individuals who use co-working spaces. In 2015, there were 522,600 individuals who were members of co-working spaces. In 2017, this increased to 1.74 million. By 2022, co-working space membership may surpass 5 million. Security in co-working spaces presents it’s own challenges.
This type of growth in the industry is due to multiple factors. More individuals are pursuing freelance opportunities. But to a greater extent, companies are hiring employees remotely and allowing for much more freedom when it comes to where and when they work. And while this is seen as a mutually beneficial arrangement by both the employee and the business, there are some new considerations that companies must keep in mind. Arguably, the principal consideration is the security risk that comes part and parcel with working in a public space. Unprotected wi-fi, equipment theft, and intellectual property leaks are all possible. It is for this reason that companies need to begin employing certain practices for their modern workforce.
1. Login Security
Out of the tips on this list, this is the most basic. Employees need to make sure that their work devices are secure against the average person. In other words, laptops, tablets, and phones need password protection.
It is important to note that password protection, while it is security, should be considered the bare minimum. Plenty of software exists to override passwords or uncover and use them. In order to take login security to a truly secure place, it is wise to use multifactor authentication, which requires the device used to both type in a password, followed by another randomly generated question that only they know the answer to or a code that is sent to their phone (SMS based MFA is widely regarded as no-longer secure)or a key FOB.
Alternatively, a biometric lock can be used. These locks have grown in popularity due to the Apple X, but they are also available on a number of computers, laptops, and tablets. The device either comes with a fingerprint reader or a facial recognition or eye scanner.
2. Logout Security
A password, biometric lock, and multifactor authentication should not just be used first thing in the morning when an employee powers up their device and gets started for the day. On the contrary, any time an employee leaves their device, they should need to go through this process again upon return. However, few employees will go to the trouble of locking their laptop or tablet each time they get up to get a drink of water or use the restroom—either because it is a hassle or it slips their mind.
To avoid this, employees can take one of two steps. The first is an automatic lockout period. Devices can go to sleep or lockout after a short period of inactivity. If a device goes unused for anywhere from one to five minutes, it can be set to lockout. Alternatively, Bluetooth dynamic locks are also useful. The device can be connected to the employee’s phone via Bluetooth. When the Bluetooth connection goes out of range, if the employee walks to the other side of the building or out to their car, the device automatically locks.
3. USB Port Security
The USB ports are any device’s weakest link. They expose it to a long list of potential problems, including keyloggers and lockpicks like Poisontap, which has the ability to exploit locked computers. The good news is that because of Bluetooth technology and the cloud, USB ports are not necessary anymore. Due to this, companies should look at disabling the USB ports on any device used in a co-working space—after all, they offer few benefits and put the device at risk.
The company can choose to order devices that simply do not have USB ports. Alternatively, they can employ a number of methods to disable them, including using Microsoft Fix It, running a third-party freeware, changing the USB Mass Storage Devices’ registry values, uninstalling USB Mass Storage Drivers, or using the Device Manager to disable USB ports.
4. Device Security
While it takes a somewhat knowledgeable individual to hack past password protection or install a keylogger, stealing a laptop is relatively easy. This is where a laptop lock comes in handy. Many coworking spaces are built for these types of locks. They have tables bolted to the ground, so as long as a laptop lock is used, it is impossible to steal a laptop without making it unusable. These locks plug into a lock slot that comes standard with most laptops and can then be attached to a table leg—in a similar way to a bike lock.
5. Public Space Security
Working in a public space comes with a handful of risks and many of these risks are nearly invisible. The most obvious is shoulder surfing, where another individual looks onto the screen. Polarized screen shields can prevent this problem. These screen shields require an individual to be directly in front of the device’s screen in order to see its activity.
The more complicated risk comes from using public networks. In order for devices and the data that they contain to be secure, employees should only use secure public networks. This is why employers need to train employees on how to identify secure networks and differentiate them from spoofed networks. Most secure networks will either say they are secured or have a lock icon next to them, these are the optimal ones to choose. The employee should verify the security of the network with the co-working space management, though. Additionally, users should program their devices so that they do not automatically connect to wi-fi spots and instead request permission. The best method is to provide employees with their own cellular modem hotspot. This will be private and they will be the only individual who can sign onto the network.
There is the chance that a spoofed wifi connection exists. In other words, it is a wi-fi network that looks identical to the secure connection. When an employee logs onto this one, third parties can intercept information, such as usernames and passwords. A good way to prevent this is the use of a VPN. The VPN stops third parties from intercepting any information by encrypting all transmitted data.
6. Lost Or Stolen Device Policy
Finally, when something does happen to a device, whether it has been tampered with, stolen, or just misplaced, employees need to know what to do. Companies with remote workers who utilize co-working spaces should have a policy in place. Employees should know who to call and the IT department should have a rapid response plan. One good tool is Microsoft’s Mobile Device Management.
For more information about data security with a mobile workforce and actionable security tips for co-working, please contact us.