Coworking spaces are invaluable to freelancers, remote employees, and teams. They recreate the benefits of the traditional office environment, but with many of the freedoms of working from home.
With the rise of remote work during the pandemic, there has never been more opportunity for coworking spaces.
However, they also pose unique cybersecurity risks that owners must tackle to maintain a safe and efficient environment for all.
The main challenge comes from having so many different tenants and users with their own devices and requirements. The lack of top-down management makes it difficult to secure the network and address individual vulnerabilities.
Let’s explore the main cybersecurity threats to coworking spaces and some of the ways to solve them.
Since a coworking space is not a unified company working toward the same goals, internal cybersecurity policies may be lacking. The revolving door also makes it harder to implement a detailed code of conduct that everyone will follow.
You don’t know if someone has had adequate cybersecurity awareness training or any standard knowledge about phishing, viruses, device protection, and how to safely browse the internet. Posters, leaflets, and reminder emails can only go so far.
At the same time, it can be expensive to invest in cybersecurity personnel to foster a cybersecurity culture within the space.
Coworking spaces commonly provide shared resources such as computers and devices, printers and office equipment, conference facilities, and much more. All of these can be vulnerable to physical and cyber damage.
The tamper-proofing concept encompasses both risks by ensuring hardware is physically locked down and protected in enclosures, while firmware and operating systems are resilient to unauthorized modifications.
Attackers can cause havoc if all it takes is to access a shared device, stick in a USB drive, and inject network-compromising malware.
Once a coworking space is set up, it would be foolish to think it can run on autopilot. To be attractive to tenants, the hardware, systems, and facilities must evolve with industry standards and user requirements.
If not, you won’t have the necessary security features to protect against current cyber threats. Likewise, you may begin to experience compatibility issues between the network and user devices.
An old and slow system without the latest apps will only decrease productivity.
Using the cloud to deliver resources and data storage is appealing to coworking spaces because it can reduce hardware costs and allow for easier scaling. It also reduces the risk of physical access because the cloud isn’t even in the building.
However, if something goes wrong, it’s also out of your control to fix it. Furthermore, protecting data from unauthorized access and cyber threats doesn’t necessarily go away by passing responsibility to a third-party provider.
If you want to offer advanced solutions to businesses in certain fields, using the cloud can make it more difficult to adhere to regulations and standards such as HIPAA, SOC2, and GDPR.
The network is the backbone of your coworking space. It allows you to manage devices, deliver resources and apps, and provide internet access.
However, it’s also the most vulnerable aspect and is open to a plethora of threats and styles of cyberattack.
Some of these include:
In order to detect and respond to security incidents in a timely manner, coworking spaces must have proper network monitoring in place.
A key function of your coworking office is to provide access to the internet. Unfortunately, this opens the network up to outside threats from anywhere in the world. It also means many of the risks a user faces at home are now brought to the space, including malware, phishing attempts, and privacy breaches.
It’s a good idea to filter malicious websites and inappropriate content, much like in a traditional workplace. There’s nothing preventing visitors from using their own data to access non-work-related content. You can also use firewalls and real-time monitoring to stop incoming threats before damage is done.
An increasingly popular practice is to give coworkers access to a VPN when using shared devices and connecting to the internet service. This ensures the connection is encrypted and the data going to and from the web is protected from interception. In turn, this strengthens the rest of the hub's network.
Digital footprint stats show upwards of 1.2 billion people have tried using a VPN as one way of protecting their online privacy. So it's a welcomed addition to firewalls, antivirus software, and other tools at your disposal.
While offering computers and devices for people to use is an excellent policy, a hub wouldn’t last long if nobody was allowed to bring their own devices. Yet this has obvious risks to the network because such devices are out of your control.
There’s no real way of knowing if they’re properly secured, have compromised apps, or are behind in security updates.
One solution that can help prevent any single device from causing damage is a next-generation firewall.
These monitor network traffic and can authenticate users and devices before allowing them to connect to the network. They can also profile new devices and identify vulnerabilities or potential threats.
By their nature, coworking spaces are very open, making it easy for unauthorized individuals to access the building. There’s an obvious physical security threat, but it also poses cybersecurity risks.
Instead of a free-for-all, space owners should implement digital access levels. You can allocate private networks to any long-term office tenants or teams, a second level to registered individuals, and a limited guest level.
This might include temporary passwords and designated “hot desks,” so nobody can simply walk off the street and cause damage to the network. Meanwhile, long-term members can benefit from network and device authentication.
Because of segmentation, each access level is easy to monitor and users with one set of permissions are ringfenced from impeding on the other groups.
This concept can be taken a step further with ID cards to restrict access to the more private areas of the building.
Due to the high turnover of people who visit coworking spaces, impersonation is a risk. This becomes an even bigger issue, the larger and more open the space is.
Attackers may impersonate members of the staff in order to gain access to sensitive information from users. Likewise, an attacker could impersonate an individual user who staff, and other coworkers might not recognize on a personal level.
It’s not feasible to make hubs private – it goes against the concept. However, there should be some private areas for people to use when needed.
No startup team wants to feel like their groundbreaking idea could be stolen by a nosey competitor at the next workstation.
Shoulder surfing is another potential problem when workstations aren’t far enough apart.
Privacy extends to the digital realm too. Shared resources and apps are one thing, but any capacity for shared user data is a huge security flaw.
The mix of tenants also creates a mix of different data privacy requirements. Your average freelancer doesn’t have the same needs as a healthcare industry startup team. This can make it difficult to use a one-size-fits-all approach.
Hubs may have employees or other insiders who have access to sensitive information and can inadvertently or intentionally breach it. Therefore, staff must also be subject to access controls, with monitoring and regular auditing.
A common procedure is to limit your staff’s ability to both access data and approve access requests. This can be achieved through the segregation of duties, where different roles are responsible for different aspects of data access.
Although very public coworking spaces attract enthusiasts, it’s not wise to accept volunteers simply because they enjoy the environment.
Coworking spaces present unique cybersecurity challenges due to the shared nature of the facilities and the diverse range of individuals and tenants using them.
This can range from a freelancer who just needs internet access and a few apps, to teams of corporate employees that require a private network, advanced data storage, and office facilities.
To mitigate risks, there should be an investment in security technologies such as firewalls, tamper-proofing, and access control.
With the right approach, these spaces are a fun, productive, and secure aspect of modern work.
The article was written by Milos Djordjevic. Milos is a cyber security expert at VPNCentral.