WiFi in flex space – With multiple users of your network, you – as the operator or landlord – along with your users will be conscious about the security of your systems – and rightly so!
Internet provision lies with the operators of the flexible workspace, consequently if there are GDPR breaches, security hacks and financial impact, the responsibility lies with whoever is charging for the service. And the consequences are vast, greater still the impact on reputation.
If tenants can access a building’s WiFi as part of an overall rent or service charge, the operator is the Internet Service Provider (ISP) and has a duty to ensure it’s secure.
Keeping on top of internet security is a big challenge for all, greater for those sharing a network; flexible space operators need to think about external threats as well as security between users within the space. You don’t want businesses, whether by design or accident, to be able to gain access to each other’s files and data.
We’ve been to spaces where operators are proud of the accreditations they’ve gained. While helpful to some degree, as technology architects we are only too aware that this can be relied on to an excessive extent.
On its own, certification such as ISO27000, which shows internet provision is secure, is a tickbox exercise. Such accreditation relates to a point in time and can quickly become redundant as cyber criminals find new ways around security measures.
Certificates can give a false sense of security.
IT security accreditation needs re-testing annually, technology and hackers move fast, and it’s impossible for any system to be 100% perfect. Cyber criminals are agile and will find a route through WiFi security given the chance.
Very big companies set up hackathons where they pay a prize for breaching virtual security systems so they can learn where the weaknesses are. Penetration (pen) testing is similar but conducted by IT security businesses.
It is important not to look for a perfect score. If the pen test doesn’t find any weakness, it simply means the test isn’t good enough. The aim is to try and stay one step ahead with regular testing and tweaking of the system and have security in place that is a bit better than your neighbours’.
Not all flex workspace IT providers are equal; there’s nuance behind the provision, which means looking beyond price comparison or even the list of features. The key question to ask is how that technology is managed because this is what makes the difference between being hacked or not.
We are very trusting when it comes to WiFi. We buy a coffee in Starbucks or pay for a hotel room and use the ‘free’ WiFi without asking questions about how secure it is. But flex operators should be asking how often their system is tested and updated and who is doing the testing.
It’s down to the operators to make sure that the people they are contracting to provide IT systems are giving them a secure and safe solution for their tenants, rather than providing a system with the kind of ‘flexibility’ that benefits those with criminal intentions.