COMMENT It used to be that a car could be stolen with a screwdriver. Now, committed car thieves can clone a key fob inside the owner’s home without even stepping through the front door. With each new security measure that car manufacturers introduce, car thieves adapt.
It’s the same with office and flexible workspace Wi-Fi security, except the speed of adaptation is much, much faster.
This means that staying ahead on network security is a big challenge, particularly for flexible workspace operators, which need to think about external threats as well as security between users within the space. You don’t want businesses, whether by design or accident, to be able to gain access to each other’s files and data, for example.
The risks from a network security breach are potentially much greater than having a car stolen. If the network provision is sloppily implemented, there are GDPR, security and financial risks, with significant consequences and penalties for those held to be responsible for the systems which have been compromised.
False sense of security
If tenants can access a building’s Wi-Fi as part of an overall rent or service charge, the operator is technically the internet service provider, and has a duty to ensure both the quality and security of the delivery.
A common trap that operators can fall into is relying too much on accreditation and not asking suppliers the right questions. On its own, certification such as ISO 27000, which shows that data provision is secure, is a tick-box exercise. Such accreditation relates to a point in time and can quickly become redundant as cybercriminals find new ways around security measures.
If you have a driving licence, it shows you’ve learnt to pass a test, but doesn’t necessarily mean you’ve learnt to drive. A certificate can give a false sense of security.
IT security accreditation is likely to have annual retesting, but technology and hackers move fast, and it’s impossible for any system to be 100% perfect. Just as a car thief may find a car’s vulnerable spot and capitalise on it, cybercriminals will find a route through your network and Wi-Fi security given the chance.
Many big tech companies set up hackathons, where they pay a prize for breaching virtual security systems so they can learn where the weaknesses are and learn from new tactics and perspectives of vulnerability. Penetration (“pen”) testing is similar, conducted by IT security businesses that are paid to find the holes.
It is important not to look for a perfect score – if the pen test identifies no weakness whatsoever, it is likely to mean it’s time to upgrade the test to match cybercriminals’ latest advances. The aim is to try to stay one step ahead with regular testing, which prompts tweaking of the system and maintenance of security that is a bit better than a neighbour.
Test and update
Not all flexible workspace IT providers are equal; there’s nuance behind the provision, which means looking beyond price comparison or a list of features. The key question to ask is how that technology is managed, because the “lock” is always changing.
We are generally very trusting when it comes to Wi-Fi. We buy a coffee in Starbucks or pay for a hotel room and use the “free” Wi-Fi without asking questions about how secure it is. But flexible operators should be asking how often their system is tested and updated, and who is constantly reviewing that security.
A flexible workspace operator will always want its brand to be synonymous with providing a safe and secure working environment for tenants, both physically and also virtually. Just as a car owner has to ensure the doors and windows are locked, the security system is enabled and the keys are safely stowed, flexible space operators need to make similar considerations of their network security.
Jon Seal is managing director at technologywithin
