Fresh Thoughts #122: Our Office is a Destination
- Newsletter
Recently, I was offered a role at one of the largest cybersecurity underwriters.
I politely declined.
But one thing that struck me about the offer...
You must work from the central London office 3 days a week.
The expectation of restricting creative work to a pre-determined physical location surprised me.
I suspect it has more to do with $1,500B of commercial real estate debt that is due to be refinanced and the end of the "extend and pretend" mentality - rather than how effective the workforce is in an office.
The Role of Offices
I started my career working in high-security offices.
All work happened in the office, and you couldn't even talk about work outside.
But, more recently, I have worked remotely.
In solution expert roles, I travelled internationally to conferences and customer sites so often that I referred to Heathrow Terminal 5 as my second home.
As a Product Manager, I worked with a development team in Boston (USA) while living in the UK.
Working remotely during COVID-19 was business as usual.
At Fresh Security, we are a remote-first company.
There are processes and restrictions around this, but we believe staff should generally work where they are most creative and effective.
This is not to say we are anti-office...
But more to say, when we meet in person, it is for a specific, well-considered reason.
The effort imposed on each person to come to a central place must create a return individually and collectively.
This is not as high a hurdle as it may first appear...
It just takes some thought and respect for co-workers' time.
For us, "the office" becomes a destination - like a favourite cafe or venue.
Somewhere worth making an effort to attend.
While business owners may argue about the benefits of in-office vs. remote work, IT has already decided.
IT infrastructure has moved mainly to the cloud for all but the most isolated and niche environments.
This results in new corporate networks looking more like internet cafes and co-working spaces - simply providing an internet connection - rather than traditional IT networks with local server rooms.
As a result, cybersecurity must also take a remote-first approach... even when in the office.
Physical Security: An Overlooked Area of Remote Working
Cybersecurity fundamentals - multi-factor authentication, backups, Conditional Access, antivirus/EDR, etc. - are essential to securing remote workers.
And, I've written about how device tracking, hard-drive encryption, and remote wipes are vital tools when devices are stolen.
But there remains one overlooked area... physical security.
Cybersecurity isn't just about data stored on laptops and mobile devices.
It also covers printed documents, what's displayed on screens, and what can be overheard on calls.
This is something we take for granted when working within an office.
But it's something novel and new for unwary remote workers.
When addressing physical security, there is one crucial question to ask...
Who has access to the workspace?
Offices have strict visitor management processes and access control systems.
This allows robust restrictions over who can access sensitive and proprietary information.
Working from home provides less robust but often sufficient security.
Visitors may be limited to friends, relatives, and the occasional maintenance contractor, but the range of people with access remains limited.
In contrast, working while travelling, in a co-working space, or in a cafe is very different.
Documents, screens and calls are effectively public.
There is no control over visitors or who can see the work.
At Fresh Security, we employ 4 techniques to allow location flexibility while maintaining security:
- We ban some tasks from travel and co-working spaces. They are too sensitive and must be completed in a private location that cannot be overlooked.
- By default, we don't use printers. Electronic copies of information are more straightforward to track and protect than paper copies. There are exceptions, but we are mainly paperless.
- Screen privacy protectors are a valuable tool to prevent shoulder-surfing. If there isn't a chair which backs a wall, privacy protectors help avoid unwanted glances and screen viewing.
- Screen locks and session timeouts. In the unlikely event that staff step away from their device without locking it, this automatic safeguard minimises the vulnerability time.
Final Thoughts
Over the coming months, I anticipate significant upheaval in the use of offices. However, for many businesses, the exact location of staff has become less significant for IT teams.
Cybersecurity must adapt to the emerging remote-first approach, even when working from the office. But offices will continue to provide benefits - especially around physical security.
June 11, 20244 Minutes Read
