An entrepreneur’s testimony has raised major concerns about information security practices at a popular company. In May 2015, Teemu Airamo moved its digital media company to the Manhattan Financial District, placing it in a building shared with more than 200 companies and managed by WeWork, a shared workspaces providing company.
Once installed in his new offices, and concerned about the kind of information his company operates, Airamo began to wonder if the building’s WiFi security was good enough to ensure the integrity of the networks used by all the companies working there. After performing some security analysis, Airamo discovered, horrified, that he could access hundreds of devices and files stored on the other companies’ systems with relative ease.
Four years later, Airamo shares his experience with CNET, an information security specialized platform, stating that nothing has changed since then. “We keep performing security analysis periodically on the building’s WiFi networks; we’ve found everything from business emails to databases and financial records of thousands of customers from dozens of companies,” says the entrepreneur. More than 600 security scans have been performed on the WiFi networks in question, discovering thousands of exposed devices and sensitive data leaking.
It’s widely known that unsecured WiFi networks, such as public connections in parks, shopping malls and other places, expose users’ information in a considerable way, although this case is much more serious. Because these unsecured connections provide Internet services to hundreds of companies, highly sensitive information is at risk of cyberattack, information security experts say.
The company doesn’t seem really concerned about this problem. On the WeWork website, the company claims that its workspaces have the fastest possible Internet connection, although they fail to detail their WiFi network security measures, as this is really one of the company’s biggest weaknesses. “Even the same password is used for WeWork WiFi networks in different locations,” Airamo says.
The company is in the middle of a complex financial process (Initial Public Offering), so through a representative has mentioned that it is not possible to make statements about it at this time. However, reviewing the company’s security policies experts found that, although WeWork offers important network security measures, these must be hired additionally from $90 in addition to regular monthly service. Other deployments, such as private networks, cost an additional $190 to $200 USD per month.
To protect the information operated by his company, Airamo resorted to the use of a VPN, although this reduced the speed of his connection, so the entrepreneur mentions that he will continue to look for other alternatives. According to information security specialists at the International Institute of Cyber Security (IICS), companies that lease spaces with WeWork can implement some security measures while the company solves the problem completely. The less complex measure involves the implementation of firewalls, which would prevent any WiFi networks scanning activity. Setting a unique password for each company in the shared environment is also an easily applicable measure.