There was a time when keycards and a good spam filter would be enough for most workplaces to avoid the bulk of mainstream security threats. But as we enter a new decade marked by high-profile examples of digital and physical security failures, you’re going to need to demonstrate that security is one of your primary focuses and that you are up to date on best practices and utilizing the latest security technology.
Maintaining your security infrastructure is key to both long-term flexible workspace strategy and risk management.
If you want to be considered by corporate clients, small teams, or freelancers in competitive industries, it’s past time to put a plan into motion and have excellent documentation ready to show anyone who walks in your doors (or these days, fills out a form online).
This is a part of our Coworking First Steps series, a collection of resources designed to help new and upcoming flexible workspaces find their footing.
Come up with a plan
Make a concrete list of goals for yourself based on your target groups. You won’t meet them all overnight, but having smaller steps will keep your tasks from becoming overly daunting and will help you budget your time and money.
- Make sure it reflects the needs of your target audience (we’ve included articles in the resource section for this very purpose).
- Prioritize and plan when and how you will roll out new phases, addressing the most critical needs first.
- Ensure that your plan is auditable. When it comes to teams and corporate clients, it’s not just what you can say, but what you can prove.
- It’s a bonus if you can integrate multiple solutions in one place to find your registries more easily, especially where they’re linked to member profiles.
Every good plan has layers of security based on overlapping concerns.
First things first: door access. Making sure that the right people have access to the right spaces at the right time doesn’t have to be a logistical nightmare; it’s all down to the system that you decide to use.
Choosing a door access provider is dependant on what details you’re looking for in your registry and what level of room-by-room access control you want. Whatever you choose should reduce your reliance on keys (any of which could be secretly replicated or lost) and offer the ability to check attendance remotely. Cobot integrates with Salto KS, Dormakaba, Kisi, Sensorberg, and Tapkey, plus there’s the option to build a unique access control system using the Cobot API.
Lockers are an easy way to offer security for personal devices, for example, laptops and other personal items of value that members may prefer to leave at your space overnight. They’re especially helpful in 24/7 access situations in which it may be difficult to ensure that common workspaces are theft-free. Some spaces charge for lockers, others offer them as part of their membership packages.
Sadly, some members in your space may end up having less-than-noble intentions, or you could be paid a visit by someone who’s not interested in what your workplace has to offer except what they can take. Internal security cameras can help you minimize these risks, or deal effectively with instances that might arise. Used poorly, these may make your members feel that you don’t trust them. Some spaces have found success by labeling certain areas as “monitored for security” and making it clear that it is for a specific purpose, not to monitor your membership. Entrances and exits are ideal candidates for this approach.
Take into account the tours and day visits that are part of your sales funnel. Keep certain areas off-limits, but don’t exclude them from the safe experience your space has to offer. It can be productive to think about how signage and area demarcation present opportunities to express your space’s character: there’s no reason that coming to learn about the security measures in place should feel like a deviation from learning there’s a bounty of great coffee available too.
Member and psychological security
Your safety plan should also address the ways in which you and your members can support one another’s psychological safety, an essential foundation for nurturing a healthy and productive community.
A Code of Conduct is a great example of something that creates common ground for your membership, and can help you take an active stance against sexual harassment, racism, ableism, and other limiting behavior that prospects are actively looking to steer clear of in what will be their future workspace. We’ve created a Code of Conduct template for coworking spaces that is free to use and adapt, and which we hope will help make the lengths you’ve gone to provide for an inclusive and diverse community visible.
Considered lighting is another simple measure that you can take to let folks work with confidence at all times of the day or night. If you haven’t already—or simply haven’t done it in a while—spend a little time in your venues after dark to identify the corridors, doors, rooms, and entrance and exit points you want to keep well lit for the benefit of your night-owls. After hours, you ideally want all space users to come and go from one place. Signage delineating what is closed after hours can help make it clear when someone isn’t where they’re supposed to be.
Having signage in multiple languages, when they are spoken by members of your community, is also a small step toward accommodating psychological safety. This is particularly true of emergency signage.
Lastly, soundproofing can also have an important impact on your members’ ability to exchange and brainstorm with confidence. A little privacy isn’t just important for trade secrets, but also for private conversations between friends.
Your members likely all rely on uninterrupted high-speed internet access. It’s inarguably essential infrastructure, but also a significant area of vulnerability if the optimal systems aren’t in place.
Analyze how you’re providing access to your networks, monitoring for abnormal activity, and maintaining the integrity of all the smart devices.
A system that manages unique logins for each member, like Radius, is the ground floor of network security. The next most important thing to consider is how many networks you want to establish. If all your coworkers send and receive data on one network, a breach could affect the privacy of them all. By using siloed networks any infringement is contained; making this a must-have feature for attracting corporates and teams. To roll this plan out in multiple phases and work within your current scope, consider establishing a separate network for guests, then day pass members, then full-time members, and so on, until you reach your network goals.
In cases where multiple people are relying on the same login details to get online, ensure that you change these passwords frequently. A deactivation timer—that will shut your network off during closing hours—is a worthwhile investment for network safety.
Be sure to take precautions with your smart devices too—or before you know it, a fish tank could spell disaster. As well as making them tamper-proof, find out if there are integrations, like Cobot and ezeep for printing, that can help you manage access, permissions, and a registry.
- Have a handle on the traffic you don't want making the rounds on your network, especially when it comes to potentially malicious websites. It's also a good idea to have a dedicated administrator who can review requests for exceptions if any arise.
- Two Factor Authentication (2FA) is an easy place to start, and while it isn’t by any means a guarantee, it could prevent you from falling for sophisticated, but preventable, phishing attempts.
- Your members can also have a big impact here, so check out the section called “Make sure your members know how they can do their part.”
- Schedule regular backups. Preventing data loss will also be a draw for small and medium businesses, who may rely on this to get up and running again quickly if there's an interruption.
Make sure members know how they can do their part
Security isn’t a one-and-done setup. It’s aided by constant vigilance on the part of everyone in your space.
- Don’t let members share devices, login keys, or wifi access. Remind them that it’s not solely about trust, but ensuring the integrity of systems that rely on accountability for everyone’s peace of mind.
- Encourage your members to regularly check that their antivirus, security software, and operating system are up to date. As well as considering VPNs, they could also think about extensions like HTTPS Everywhere, and should always regularly scan their devices.
- Don’t wait for a security failure to tell your staff and members to be aware of the threat of phishing emails, suspicious downloads etc—and never to download or open attachments they don’t recognize.
Use big updates—like those for operating systems, that will likely affect many coworkers in your space—as an opportunity to remind your membership to do a quick stock check of their personal security measures.
Make your measures explicit
Do you remember emergency preparedness drills in school? Just like you knew which teachers to check in with and where to go in case of an emergency, you want everyone in your space to have an idea of who to contact and what to do if something arises that may compromise their safety. Security awareness should provide the same peace of mind. You’ve let your members know what individual precautions they can take, but you also want them to know what peer actions are an option if something goes awry.
Do you have a protocol for members to follow to alert community managers if there’s a network breach? Once you know something has happened, how will you respond, and how will everyone in your team know what their role is? When and how will you alert other members?
- Don't take for granted that all potential users understand the differences between open networks, and private and secure connections. Education should be a part of your security plan.
- If your terms and conditions have a security section, that's a great step. It could also be worth capturing some key points on a poster, keeping them in your newsletter footer, or sending a regular reminder to do an update check and review the security policy.
It’s important to stress that a security breach isn’t something to be embarrassed about. It’s much more important to address issues quickly and that the only thing that would result in punishment is trying to hide a breach, not the breach itself. The sooner you know that a system has been compromised the sooner you can do something about it
In this highly recommended article, Chris Cooley of the Evelo Agency takes a member persona approach to planning your security needs.
If you are looking to place a particular emphasis on attracting teams and SMBs, or partners, make sure you know about KYC and AML. Haven’t got a clue what that means? In this recorded episode Jeannine van der Linden talks about the difficulties she encountered with them so you don’t have to.
Scared that security signage will cramp your style? This brilliant article goes over some of the things you can do to keep your security on-brand.
A great article to share with your members, it includes a checklist of things they can be doing and also describes options like VPNs that can add an extra layer of protection.