WeWork Hack: How To Protect Your Coworking Members From Cyber Crime

• Cyber crime has skyrocketed during the pandemic and remote workers are at risk from a range of attacks.
• WeWork user accounts were reportedly hacked on its open Wi-Fi network, leaving sensitive files and emails exposed to anyone on the same network without a VPN.
• Here are 5 key security threats, which coworking spaces should consider to protect their members.

Cyber crime rates have skyrocketed over the last few months, increasing in both scale and complexity, according to stats from Interpol. This trend shows no signs of stopping. In the UK, cyberattacks were ranked as the third highest risk for businesses in relation to COVID-19, after long-term unemployment and bankruptcy.

To make matters worse, businesses could face a data privacy backlash if a range of data security issues are not addressed, with further research revealing almost half of workers did not receive adequate guidance from their IT department when they started remote working.

For coworking spaces, this threat is very real. Just last week, WeWork user accounts were reportedly hacked on its open wi-fi network, leaving sensitive files and emails exposed to anyone on the same network without a VPN.

Remote workers, both new and experienced, are particularly vulnerable with cyber criminals using a range of tactics. Ransomware attacks are also now even more pervasive – and effective – with customised phishing emails taking advantage of the surge in remote working.

Suggested Reading: 9 Strategies to Prevent Remote Workers from Being a Cybersecurity Threat

Here are five of the key security threats, which coworking spaces should consider to protect their members. These include:

#1 Network security

To protect your members, you may want to start with your wi-fi network. If your members access your public wi-fi without using a personal or company VPN, they are potentially exposing their online activity, including passwords and sensitive documents, to eavesdropping.

During these attacks, hackers exploit network vulnerabilities, including any network, web or email traffic that is not encrypted. 

To prevent these network eavesdropping attacks, your networks must be set up with security at their core. This includes using strong passwords for every network, and changing those passwords frequently. You may even want to consider setting up individual networks and access pages for specific members or businesses using your space, including a separate network for guests. 

Firewalls, VPNs, encryption and anti-malware are also essential to thwart such attacks. You may also want to consider network monitoring tools, which can scan for abnormal activity using endpoint detection software, sniffer programs, and intrusion detection systems.

#2 Device security

If your coworking space uses smart devices, these also represent another source of weakness for your network. If an individual tampers with one of these devices, they could access your wi-fi network. 

The converse is also true. If an individual tampers with your wi-fi network, they could also access your network of smart devices. To protect these devices, make sure you use firmware, password protection and the other network security measures in point #1.

#3 Best practices and awareness

To protect your members, you must educate them about the current cyber security risks and provide a set of best practices. You may want to consider the following, advising your members to:

• Not click on any links or downloads they are unfamiliar with.
• Use strong and frequently changed passwords. 
• Enable two-step authentication for business-critical applications and accounts.
• Disable automatic connections to any available wi-fi network.
• Use firewalls, network monitoring software, and other online security measures across every device.
• Regularly update their operating system, browsers, security software and other applications.
• Not leave their devices unattended.

You may also want to provide a security professional either in your coworking space or available in a remote capacity to help guide your members and provide them with a safe space to ask questions.

#4 Physical security

While the online world is fraught with danger, it’s important not to forget physical security around your space. There are plenty of touchless technologies you can use across your space, including access systems and surveillance.

An intelligent access system can also feedback data about your space in real time, allowing you to monitor attendance levels, which can help you maintain social distancing measures.

#5 Data security

Both your member and business data should be protected to comply with your region’s data privacy laws. According to the ICO, for example, those seeking GDPR compliance should put measures in place to “ensure the ‘confidentiality, integrity and availability’ of your systems and services and the personal data you process within them.”

Form password protection to encryption, many of the measures already outlined can protect your data. However, you should also schedule regular backups to protect your data and make sure you have the relevant data protection and redundancy measures in place, should your systems go down.

You should also establish procedures for reporting security breaches and dealing with any other data issues, such as how to make information for interested parties available with regards to how their data is processed, for example. This is often a specialist undertaking, where you may want to liaise with or employ a Data Protection Officer.