Hot-desking remains an important strategy for businesses across the globe. Sitting down at a different desk each day (or perhaps several times a day) might reduce an employer's costs by up to 30%, but it also brings some particular security risks.
The reality is that hot-desking presents a risk of data loss in companies with multiple sites or shared premises. Once hot-desking is implemented, data security suddenly demands greater attention.
Start with the basics. Are office doors kept open during the day? While centralised organisations use passcards for access, this is less common for distributed working, especially if contractors are used regularly or local "hubs" are used by team members as pseudo offices. Discouraging this sort of practice is advisable, because the security risks are considerable and beyond the reach of a security administrator.
A centrally administered passcard system across all sites should at least offer the means to trace an intruder, if not prevent their entry. Until such a system is introduced, ensure that doors are locked or secured when not in use.
Employees need to appreciate the importance of locking their computer, whether crossing the office to the printer or attending meetings. For those working on sensitive projects and documents, the use of privacy screens is recommended. With the monitor's viewing angle reduced, only the person sat at the computer can see the display.
As important as hot-desking might be, certain staff may require a static, regular desk or even office. If sensitive data is handled regularly, then at the very least a security-focused hot-desking strategy is advised.
Offer employees training to underline the importance of locking computers and maintaining a secure password.
Read more about hot-desking
- Hot-desking and BYOD are two of the hottest trends that are driving innovation forward.
- With the help of hot-desking and other virtualisation technologies, Basildon Council was able to centralise its security administration.
- Life assurance company Standard Life is using VMware to support hot-desking in the IT department.
Hot-desking in an environment with cross-departmental integration and the presence of part-time contractors is an active security issue; enabling staff to work dynamically at external hubs and spaces is a security nightmare.
Agreement to distributed working patterns requires a secure wireless network (or a strong 4G mobile internet signal), otherwise you will need to dedicate resources to set up a VPN, especially if cloud or network storage is required. Sending documents to public printers should be ruled out.
Recommend resources for VPN management and ban printing to unapproved devices by restricting the ability to add new hardware.
The risks and benefits of USB flash sticks and SD cards have been widely discussed. Sophisticated industrial malware can be hidden on these devices and, worse still, they are easily misplaced or stolen.
Consider USB flash sticks as hardware assets, managed in the same way as other hardware. Maintain secure partitions and distribute only to staff whose role requires data to be transported on portable, physical storage.
Laptops, smartphones and tablets can walk. In a hot-desking environment, secure lockers are a good way to keep these devices safe, accessible only to the keyholder. There may be reasons to leave a laptop on a desk at short notice, so it makes sense to provide a secure space.
Printers and monitors should be secured to deter potential thieves.
If your organisation demands hot-desking and you are concerned about its impact, use these tips to apply a more rigorous approach to data security.