Security in the Open OfficeSecurity in the Open Office

Open office security can be improved with employee training and the creation of good business procedures -- but you must understand the risks first.

Moving to an open office plan is aimed at saving office real estate and associated costs. Gone are the doors, walls, and cubicles. The No Jitter blog, "Communications in the Open Office" has some interesting comments about open offices, and it reminded me of my own experiences.

I do not like open offices. I don't want to see other people working. Besides, there are no walls to mount pictures, posters, announcements, calendars, and other information. Whenever I've wanted to collaborate, I get up and go to that person's office or cubicle.

A study by design firm Gensler on designing better office spaces found that workers in open offices had a 6% drop in workplace performance when focus and collaboration were measured. Fifty-three percent of survey respondents indicated they were distracted by coworkers. It's clear that open office designs do present problems.

What I do at my desk is my business and my manager's, not anyone else's. The open office increases the employee density by reducing the space occupied by an employee. This makes it easier to hear other people's conversations, which becomes especially important in a contact center, healthcare, and emergency call center environment.

If the conversation is to be confidential, then the closer the employees are together, the harder it is to preserve confidentially. If the confidentiality requirement is occasional, it would be better to have phones in another location that creates a confidential environment so that the employee could simply transfer the call.

I think those advocating the open office have savings/cost reduction in mind. Some offices will be cheaper with an open plan and also work well if the workers are performing the same task. But even a contact center needs some form of noise reduction, so some walls or partitions are needed to reduce background noise.

But when creativity and individual efforts are involved, then I think the open office will make this class of individuals want to block collaborations except on their terms so they can focus on their tasks. When I worked in military intelligence, it was a good idea to not have an open office because we each worked on different projects. One of the ways to preserve security was to NOT have a visual view of everyone else's work.

Consider this statement from the Visual Privacy Council: "Somebody sneaks a peek at something they shouldn't be seeing, and you've been visually hacked. It's that easy. Organizations spend millions on IT security but do little to prevent the display of sensitive, proprietary, and confidential data in plain sight. Failing to address this vulnerability can put any organization at risk."

Enterprises budget time and resources ensuring applications and servers are secure. However, employees are the biggest security threat (see Security Mistakes: Technology or Behavior?). The visual hacker, whether premediated or just passing by, does not have to be standing in a user's office to view the information on the screen. They could be looking through a window or from a hallway, or glance at a user's laptop screen while working at a library, restaurant, or coffee shop. Privacy filters for the screen can reduce this security problem.

A poor practice is for employees to write their passwords on Post-it notes. This is not as common today as it was in the past, but storing passwords under a keyboard or mouse pad, or in a desk draw or on the bottom of a laptop or tablet isn't any better. A person standing near the keyboard could also observe password entry. Employees should look for others nearby when entering passwords -- this needs to become a habit in an open office environment.