Whether in our offices or homes, when we think of security, we tend to focus on the physical – doors, windows, locks, deadbolts, security cameras, motion sensors. This is how we ensure that physical intrusions are reduced or slowed, if not eliminated. But more of our worklife involves the creation of digital assets – assets we store on our notebook, on a backup drive, or offsite in the cloud. Yet, when we come to securing these assets in our workspaces, we more often than not leave the doors unlocked and the windows open. By taking a holistic approach to information security, tenants can reduce the risk of theft of digital assets, introduction of malware, viruses, and trojans, and ensure only those allowed access to a network actually have it.
To provide a little perspective, let’s examine the security measures a typical manufacturing – or physical goods – company might put in place to protect its intellectual property and finished goods. The tool and die workers at a jewelry manufacturer might create their designs, and then lock away the actual die as it is being refined to match the desired quality and detail of a finished piece of jewelry. They can lock the door or at least ensure that nobody can wander off with their work in progress. Once the silver or gold – or the precious stones – are added, these physical assets acquire commercial value – and get locked up in a vault or other secure storage room.
The software engineers for an app developer creating a new productivity tool for commercial property asset managers develop the program logic and user interface on their computers. They check the code in to online tools from companies like Atlassian, test versions on a virtual private cloud at Amazon or Google Cloud. And finally, they will invite a small number of alpha or beta testers to use the product to assist in uncovering feature deficiencies, bugs, or user experience problems.
And while the engineers may derive comfort in the knowledge that nobody has gained physical access to their computers, bits have been transmitted over wireless networks that can be sniffed, and the data redirected. The journey to the cloud or SaaS provider can introduce opportunities for malicious actors to attach malware to the code or attack the computers on which the product in development resides.
We surveyed several dozen workplaces throughout the United States in the first quarter of 2018. To our surprise, we learned that WiFi networks had common passwords for all users. Access for guests was not restricted or isolated from the traffic of the employees. And of the greatest concern, a visitor could gain access to a server or switch and insert code that could then find its way to tenant computers. These examples represent real opportunities for the valuable intellectual property of a company to be disrupted, attacked, or stolen.
Many flexible office environments devote significant investment to locking the doors, but then invite bad behavior in the digital domain. It is not a question of if such an event will occur, but when. At a recent CRETech conference in Boston, an audience member asked the assembled commercial real estate executives to address cybersecurity – the lack of any specificity of a plan should have raised red flags. Commercial[kfm1] buildings are rolling out sophisticated IoT systems to simplify and improve building operations. What steps are they taking to ensure that external – or internal – actors cannot cause harm to vital building systems by accessing these systems. These are critical subjects that deserve attention from executives at all levels. Join has built its platform to eliminate external threats and by careful and meticulous management and tracking of internal users, mitigating the potential for internal actors to cause harm.