Why IT’s driving the innovative office space

It’s no secret that companies like Google and Facebook have cool offices. Tech startups initially challenged the status quo, throwing out traditional office designs for concepts like open floor plans, lounge areas, game rooms, and even sliding boards. The idea was to turn work spaces into playgrounds where ideas would flourish. Office culture innovation meant thinking “outside of the (cubicle) box,” and it worked.

Like technology, these once cutting-edge office designs are constantly evolving and changing. Sales of ping-pong tables are down 50 percent, according to the Wall Street Journal. Economists believe that this could signal trouble as the once-popular tables are becoming passé. Office design is in a constant state of reinvention, with tech companies asking, “What’s new?” and “What’s next?”

Apple’s new headquarters in Cupertino—still under wraps—is expected to be highly innovative in its design. Matching the Pentagon in size, the four-story building will resemble the doughnut shape of an iPod dial. With an investment of $5B, The Economist reported that it will be the most expensive corporate headquarters ever constructed.

Salesforce is building a new tower in San Francisco, with plans to put on a light show every night that’s visible from up to 30 miles away. Meanwhile, Uber’s new headquarters is designed to be entirely transparent—perhaps in an effort to escape its reputation for secrecy and start fresh?

The truth is, architectural design says more about your office culture innovation than you think. It also reflects your company’s values and internal processes. Technology has changed how people work (consider how tools like Slack transform how you collaborate with coworkers). This positions IT as the champion of innovation, office design, and functionality. With technology, we can envision what physical spaces could look like and how they could help meet company objectives.

You know you want to work here

Forty percent of companies report a talent shortage, according to a study by Manpower. This creates fierce competition for the best talent. Working in a cool office space might be what drives someone to choose your company’s space over your competitor’s.

For example, Instagram’s corporate “Gravity Room” encourages employees to take and post photos that look like they’re floating. LinkedIn’s “Silent Disco” inspires workers to rock out and dance while wearing headphones. These unique office features are making headlines, positioning particular companies as awesome places to work, and becoming unexpected recruiting tools.

Is a gravity room or silent disco directly related to effectively doing your job? It depends on who you ask; however, productivity improves when workers enjoy coming into the office, and they probably won’t be job hopping anytime soon.

“Out of the office” has a new meaning

Design also controls how people across the office work, whether independently or collaboratively. Tech companies are removing cubicles and corner offices in favor of wide, open areas with communal tables and lots of shared space.

One idea being championed by the tech industry is providing employees with many spots to work instead of confining each person to a fixed workstation. Standing desks give people a break from sitting, which makes them feel more alert. Work nooks are useful when privacy or quiet time is needed. Open tables allow for impromptu meetings or a chance to work among coworkers, which younger employees find reminiscent of study sessions in college.

A fluid work environment also allows for chance encounters with other employees, which could lead to new ideas and unexpected collaboration. Mobile desks offer the greatest versatility. Wireless technology, including printing, means that no one is tethered to one spot. According to The Economist, embracing open spaces has resulted in tech companies using about a quarter less physical space than any other industry.

Take the time to consider work space innovation, as it’s a good reminder that work is more than just a job to employees—it’s a way of life. Companies that continue to evolve send messages to employees and customers about their mission and values like, “We care about your office environment, and that means we care about you.” What does your office space say about your company?

Security breaches from human error: Why you can’t patch people

Snapchat. Home Depot. The City of Calgary. What do these three entities (and countless other organizations) have in common? Data security breaches from human error, unfortunately. Each one of them faced expensive incidents as the result of simple employee mistakes.

Information security studies, based on massive open-source information (OSINT) data sets, continually demonstrate that about 62 percent of security breaches today stem from employee error. Organizations tend to worry about the bad guys. But what about the occasional disgruntled employee? The one who might deliberately commit sabotage.

These security incidents do happen. They’re not necessarily your biggest risk—if you want to get statistical about it—and it may seem like controlling against employee mistakes would be one of the easiest aspects of contemporary information security. But that’s not even close to being accurate. If people are anything, they’re unpredictable. When you put technology in their hands, they’re just one click away from disaster.

Human error in 2017: Same old story

One very recent and massive report on information security, the annual Verizon Data Breach Investigations Report (DBIR), revealed that in the last year, human error-attributed incidents involved familiar mistakes: emailing or delivering sensitive data to the wrong person, publishing errors, data disposal, programming errors, malfunctions, gaffes, data entry, etc. Here’s the really embarrassing part: In 76 percent of the cases cited in the Verizon report, a customer pointed out the error.

In nearly any breach, there’s a human failure somewhere in the chain. An incident categorized as malware, for instance, could be due to an employee breaking policy or failing to update a patch. When you look at security incidents as a product of human failure instead of the direct result, this issue is even more mind-boggling. Nearly every security incident ever results from some employee doing something careless.

If you’ve got a seriously disgruntled employee who’s out to steal secrets, a data security incident might be their fault, and the incident would be categorized as malicious insider action. But isn’t it also the fault of the employee who failed to remove the sensitive document from the printer tray in the first place?

Predicting the unpredictable

Your organization can’t run patch updates on your employees. As an IT pro, you’ve heard the credo that “security awareness training” is important countless times. Chances are, you’re required to run training to comply for regulatory reasons. But honestly, does security awareness training actually work?

Unless all of the thousands of organizations getting fixed are out of compliance, maybe training isn’t enough. One study revealed near-total improvement in human response to phishing simulation after five exercises. However, you’re still dealing with complex and unpredictable humans. Training can’t account for when employees are in a hurry, exhausted, or hangry because they’re late for lunch.

The smartest approach is likely to combine human with technical safeguards—smarter software plus lots and lots of training. The potential for people to make mistakes should be a security focus when you’re shopping for new apps, configuring new software, and designing homegrown software applications. By making it as hard as possible for people to misdeliver or publish sensitive data with your technology, you could shrink your attack surface significantly.

1. Don’t expose sensitive data

One of the basic principles of information security involves granting every individual in your organization the least amount of access they need to do their job. While your apps might not let users log in and view sensitive data, understanding other areas of possible exposure is important. Take printed hard copies of sensitive information, for example. How often do people let print jobs just sit in the tray? Using secure print technology that requires at-printer employee authentication via badge or PIN is one smart way to protect your sensitive data from internal mistakes.

2. Take policy-based administration and run with it

Implementing policy-based administration everywhere possible can safeguard against the misdelivery trend in human error and other raging risks. By forcing employees to confirm they’re indeed trying to send an attachment to an external party, or turning off external auto populate for email addresses, you can reduce the chances that someone gets recipients mixed up. Using the data from industry-wide reports and your own internal security incidents can be a powerful tool for revealing where you need to shop for smarter software or update your policy-based administration.

3. Use humans to protect against humans

Your marketing department runs on tight deadlines. But that doesn’t mean your intern needs full publishing power to your external CMS. The same goes for your developers: You’re short on QA testers and skilled devs, but should someone have full execution control over your code? Today’s IT pros need to gain executive buy-in and collaborate with HR to establish smarter workflows and processes that reduce risks.

Make it easy to do the right thing

The human risks of information security aren’t necessarily shrinking, especially as hackers continue to study organizations and people to identify areas of vulnerability. As an IT pro, your job is to make it as hard as possible for mistakes to happen. With a combination of smarter training and simulation, better applications and printers, and really great policy-based administration you’ll make it much easier for your people to do the right (and secure) thing.