4 Themes to Consider on Information Security in the Hybrid Office Model
A growing number of enterprises are publicly announcing future work arrangements for their employees. Big tech companies, including Salesforce, Facebook, Google, Amazon, and Microsoft have declared to use the “hybrid” model, a combination of working from their own office and home – and also from third places. The use of the hybrid model hasn’t only been limited to tech giants, and other more traditional industries are moving into the same hybrid model space use. The finance and banking sector examples of Citigroup, Standard Chartered, and HSBC will define the new normal of information security policies for many other traditional industries.
Spacent has been on a long roadshow with our clients and partners discussing what the hybrid model actually means for them. We have since identified two main concerns that seem to recur in most of the discussions. The first one is related to community building when people are working apart, and the second one is the information security risks. In this blog, we want to focus on information security.
Information security is a broad theme altogether when it comes to the working environment. The aim here is not to tackle them all but to focus mainly on information security when using locations outside of one's own office. There is an increasing need for sub-leasing the surplus spaces and sharing them with corporate partners and clients, which comes with an information security issue as well. We are not saying that all work could be done in a third location, but a big proportion can be done, especially when the following aspects are considered by organizations and most of all, people.
1. Physical information security
Human behaviour is one of the main causes for information security failures, but these can largely be offset by the right kind of working environment. This is an area where Spacent is building extensive standards with our space providers. Visibility blocking to screens (both in layout design and furnishing), phone booths for phone calls, private offices, lockers, and soundproof meeting rooms are already typical amenities that improve the physical part of information security. Also, processes of the hosts are crucial, like lobby services that are keeping control of who is accessing the location, knowing the people that are visiting, and ensuring safe lost-property practices.
Data security has been tricky in shared offices and public places. Unprotected wifi and criminal phishing activities have, for a good reason, made working with unknown wifi connections banned in many organizations. Even when working from home, the connection security has been problematic. But even the organizations with the highest security standards have made great efforts to enable working from home possible during the pandemic, thus enabling secure working (VPN, etc.) from even unknown networks. Also, constantly growing connection speeds (e.g. 5G) will ease using your phone as the connection hotspot which enables better predictability for corporate security.
3. Corporate policies
While using third locations as part of the workplace strategy brings clear benefits for many individuals and organizations as a whole, the policies of companies need to be clarified to support hybrid working. What kind of tasks employees have to avoid using third locations? What tasks are possibly even prohibited? What equipment is needed and what kind of cybersecurity protocols to use? Most of these are at the same time relevant for working from home.
4. Sharing space with partners and clients
Lots of companies are considering ways to decrease space costs by sharing their own corporate offices with partners and clients. This will come with a reward of engaging partners better but also with an emphasis on information security. With layout and access control, security zones (e.g. public, semi-public, enclosed) are a basic way of improving security. Controlling availability to different user groups is also crucial for efficient space sharing. All previous themes (physical information security, connections, corporate policies) apply here as well.
Basic reminders for users and space providers
How Spacent can help?
Guidelines for the physical working environment and connection security with our space providers
Filters for users/organizations to search amenities that support good information security
Internal security reminders for organizations when using third locations
Tools for controlling the availability of spaces to partners
Upcoming: Dedicated project spaces for teams
For more information, you can be in touch with
+358 40 773 9083