The nature of privacy and security in shared workspaces
Privacy and security within co-located workspaces
Since the first co-working spaces opened back in 2005, businesses have seen a shift away from the traditional, fixed office space of the 20th century. Realising that professional work requires more than a desk or being online, workplaces started to decouple the idea of work from being a particular place.
With more remote work being completed than ever, companies have needed to shift their expectations of conducting business solely in one controlled location. As employees continue to return to the office over the next few months, businesses are predicted to adopt a hybrid work model. With that shift, increasing security and privacy concerns have been thrown into the spotlight.
The difficulties of securing shared facilities
Privacy is one of the greatest concerns indicated by employees using co-working spaces. 48% of workers find the lack of privacy an issue that impacts their day-to-day use of these areas.
With the transient nature of co-working spaces, there are concerns around leaving items on desks and talking freely about the business. People feel less confident in the security of confidential data than they would in a private office.
Further, surveys suggest a significant minority of workers have safety and security concerns when compelled to work in a workplace where there is a need to share facilities such as Wi-Fi networks and printers with staff of other business.
Security and safety policies in co-working spaces are vague at best, with many businesses not thinking ahead to security issues outside the scope of their own employees and data. In a shared space without centralised security, gaps in one company’s policy can easily affect another’s. For those in highly regulated industries, this isn’t only unacceptable, it can also mean a regulatory breach.
Handling sensitive data in co-working spaces
Many of the features that make co-working workspaces an important part of a hybrid work solution, make them a nightmare for businesses that handle sensitive data. The possibility of staff wandering in and out from the offices of neighbouring co-working businesses presents a real problem in maintaining security. If your staff have access to personal information, such as bank statements, medical records or legal documents, controlling potential access is almost impossible.
One of the financial benefits of co-working spaces is the lack of overheads for supplying office technology like computers. This benefit also is one of the biggest potential gaps in secure data management. Employees can feel a false sense of security in a space that feels like their own office but is filled with people from outside their own company. This is compounded by communal areas and open office spaces where passwords may be seen, and unattended laptops make data theft and malware installation possible.
It is not impossible to protect data in a shared office space, of course. Limiting shared resources, using virtual private networks (VPNs) and working with security professionals can all mitigate potential weaknesses. But there are real problems for businesses in industries that require stricter security measure to keep certifications and stay compliant with regulatory requirements.
Privacy requirements for APRA-regulated businesses
The privacy requirements for APRA-regulated businesses centre around controlling who has access to controlled data, when and how. This includes policies on authentication, identity management (such a key cards and login credentials), location of information security solutions, as well as physical and environmental controls.
Maintaining this level of regulation in a co-working environment provides a very real challenge.
While it is possible to set in place policy and procedures for your own company and employees, businesses are limited in how they can make companies sharing the co-working environment do the same. It is not impossible, however, especially if the co-working space is only shared with companies with the same level of security and privacy requirements and reporting to the same bodies. But the added layer of complexity and consideration could make the use of such spaces far less attractive or realistic a prospect to these businesses.
Security in the flexible workspaces of the future
Returning to a pre-pandemic workplace is highly unlikely. With the shift towards a combination of co-located and remote workspaces, businesses need to examine the impacts this will have on security and privacy needs. Those in highly regulated industries will need to look to other alternatives, such as serviced offices, to provide the needed flexibility while maintaining the required level of privacy and security.
An Interactive Serviced Office is the perfect intersection between a traditional office and a modern co-working space. The serviced offices are ISO 27001 and ISO 9001 certified – a key component in helping organisations demonstrate strict compliance with APRA and ASIC requirements. They are equipped with CCTV cameras and programmable card readers at all entry points, and additional security features can be implemented to meet the privacy requirements of APRA-regulated businesses.
Reproduced from: Shared Workspaces: Privacy and Security Concerns | Interactive