Co-working spaces have become a defining feature of the modern British business landscape. From converted warehouses in Shoreditch to serviced offices in Manchester's Northern Quarter, shared workspaces offer growing businesses an attractive combination of flexibility, community, and cost savings. The appeal is obvious: no long-term lease commitments, no responsibility for building maintenance, and a professional environment that can scale as your team grows.
However, the transition from a traditional office — or from working at home — to a co-working environment introduces a specific set of IT challenges that many businesses fail to anticipate. The shared infrastructure, the lack of control over the network, the security implications of working alongside other companies, and the need to maintain business continuity during the move all require careful planning. This guide covers everything you need to consider from an IT perspective when moving your business into a co-working space.
Understanding What the Co-Working Space Provides (and What It Does Not)
The first step is to understand exactly what IT infrastructure your co-working space includes and, more importantly, what it does not. Most co-working spaces provide shared Wi-Fi, communal printers, and basic meeting room technology such as a screen or projector. Some higher-end providers offer dedicated Ethernet ports, private network segments, and even server room space. However, the level of service varies enormously between providers.
Before signing a contract, you need clear answers to several critical questions. What is the internet bandwidth and is it shared across all tenants? Is there a dedicated VLAN or network segment for your business? What is the Wi-Fi security protocol — WPA2-Enterprise or basic WPA2-Personal with a shared password? Is there a service level agreement (SLA) for internet uptime? What happens during an outage — is there a backup connection? Who manages the network hardware and how quickly are issues resolved?
Conducting a Technical Site Survey
Before committing to any co-working space, it is worth conducting a basic technical site survey — or having your IT provider do so on your behalf. Bring a laptop and test the Wi-Fi performance at different times of day, measuring download and upload speeds, latency, and packet loss. Run a speed test during the morning rush between nine and ten o'clock and again during the afternoon when the space is typically fullest. The results may differ dramatically from the headline figures quoted by the co-working provider in their marketing materials.
Pay attention to the physical infrastructure as well. Check whether Ethernet ports are available at the desks you would occupy and whether they provide genuine wired connectivity or simply feed back into the same shared network. Examine the location and density of wireless access points — a well-managed space will have enterprise-grade hardware from manufacturers such as Cisco Meraki, Aruba, or Ubiquiti, whilst a poorly managed one might rely on consumer-grade routers that struggle under load. Ask whether the network is actively managed and monitored, and whether there is on-site or remote technical support available during business hours.
Also investigate the power infrastructure. Modern businesses depend on multiple devices — laptops, monitors, phone chargers, and desk accessories — and insufficient power outlets or circuits that trip under load are genuine concerns in older converted buildings common across UK city centres. Check whether there is UPS (uninterruptible power supply) protection for the networking equipment, which determines whether you will lose connectivity during brief power fluctuations that are common in buildings with ageing electrical systems.
Before committing to a space, request written answers to these questions: What is the guaranteed internet speed per user? Is network traffic segregated between tenants? What physical security controls exist for server or comms rooms? Is there 4G/5G failover if the main broadband connection fails? Who is the ISP and what is the uptime SLA? Can you install your own networking equipment if needed?
Network Security: Your Biggest Concern
The most significant IT risk in a co-working environment is network security. When you share a network with other businesses and individuals, you are inherently more exposed than in a private office. Even if the co-working space provides separate VLANs, the underlying infrastructure is shared, and you have no control over how it is configured or maintained.
At a minimum, every device your team uses in a co-working space should connect to the internet through a business-grade VPN. This encrypts all traffic between your devices and your cloud services, preventing anyone on the shared network from intercepting sensitive data. A split-tunnel VPN configuration allows you to route business traffic through the encrypted tunnel whilst allowing general internet traffic to flow directly, balancing security with performance.
Risky Co-Working IT Setup
- Connecting directly to shared Wi-Fi with no VPN
- Using the communal printer for confidential documents
- Leaving laptops unlocked on shared desks
- No mobile device management (MDM) on company devices
- Sharing passwords for co-working space services
- No endpoint protection beyond basic antivirus
Secure Co-Working IT Setup
- Always-on business VPN encrypting all traffic
- Private cloud printing or personal portable printer
- Automatic screen lock and full disk encryption
- MDM with remote wipe capability on all devices
- Individual credentials with MFA for all services
- Advanced endpoint detection and response (EDR)
Beyond VPN, consider deploying a portable firewall appliance if you have a dedicated room or fixed desks. Devices like a Cisco Meraki MX or a small Ubiquiti gateway can sit between the co-working space's network and your devices, giving you control over firewall rules, content filtering, and intrusion detection. This is particularly important if your business handles sensitive data or operates under regulatory requirements such as UK GDPR or PCI DSS.
Implementing Zero Trust Principles
The traditional perimeter-based security model — where everything inside the office network is trusted — fundamentally does not work in a co-working environment. Instead, adopting a zero trust approach, where no device or user is trusted by default regardless of their network location, provides a far more robust security posture. This means requiring authentication and authorisation for every access request, whether the user is sitting in your co-working space in Shoreditch or working from a coffee shop in Bristol.
In practical terms, zero trust for a co-working business means implementing conditional access policies in Microsoft Entra ID (formerly Azure AD) that evaluate device compliance, user location, and risk level before granting access to company resources. A device that is not enrolled in your MDM system, not running current security patches, or connecting from an unusual location can be automatically blocked or required to complete additional authentication steps. This ensures that even if someone gains physical access to a company device in the shared space, they cannot access sensitive data without meeting all the required security conditions.
Network segmentation should extend to your own devices as well. If you have the option of installing your own networking equipment, create separate VLANs for different device categories — corporate laptops on one segment, guest devices on another, and IoT devices such as printers or smart displays on a third. This limits the blast radius if any single device is compromised and prevents lateral movement across your business network, a technique that is commonly exploited in cyber attacks targeting organisations in shared office environments.
Device Management in a Shared Environment
When your team works in a co-working space, physical security of devices becomes a more pressing concern. Unlike a private office where you control who enters the building, a co-working space is accessible to dozens or even hundreds of people from different organisations. Laptops left unattended, USB drives sitting on desks, and screens displaying confidential information are all real risks.
Every company device should have full disk encryption enabled — BitLocker on Windows and FileVault on macOS. This ensures that even if a laptop is stolen, the data is inaccessible without the correct credentials. Mobile device management (MDM) solutions such as Microsoft Intune or Meraki Systems Manager allow you to enforce security policies, push software updates, and remotely wipe a device if it is lost or stolen.
Screen privacy filters are a simple but effective measure for preventing visual eavesdropping — particularly important in open-plan environments where neighbouring desks may be occupied by strangers. Kensington locks or similar cable locks provide a basic level of physical theft deterrence, though they should be considered a supplement to, not a replacement for, proper device tracking and remote wipe capabilities.
Managing BYOD in Shared Spaces
Co-working environments often accelerate the bring-your-own-device (BYOD) trend, as employees may prefer using personal laptops or tablets in the more informal setting. This presents additional security challenges that must be addressed through clear policies and technical controls. Establish a written BYOD policy that defines minimum security requirements for personal devices accessing company data — including mandatory encryption, up-to-date operating systems, and enrolment in your MDM platform before any access to corporate resources is permitted.
Microsoft Intune's app protection policies allow you to create a secure container on personal devices, separating company data from personal data without requiring full device management. Employees can access Outlook, Teams, and SharePoint through managed apps that enforce encryption and prevent data leakage to personal applications, whilst maintaining privacy over their personal photos, messages, and browsing. This balance between security and privacy is particularly important in co-working settings where the line between work and personal use is often blurred, and where employees may resist handing over full control of their personal devices to their employer.
For organisations that permit BYOD, consider implementing tiered access levels. A fully managed company device might have access to all internal applications and sensitive data, whilst a personal device enrolled in Intune app protection might be limited to email, Teams, and general document access. Unmanaged devices could be restricted to web-based access only through a secure browser session. This graduated approach allows flexibility whilst maintaining appropriate security controls for different risk levels.
Cloud-First Strategy: Essential for Co-Working
A co-working environment strongly favours a cloud-first approach to IT. Traditional on-premises infrastructure — file servers, Exchange servers, local databases — becomes impractical when you do not control the physical space. Moving to cloud platforms ensures your team can work productively from any location whilst maintaining security and compliance.
Microsoft 365 Business Premium is the most popular choice for UK SMEs in co-working spaces, and with good reason. It provides Exchange Online for email, SharePoint and OneDrive for file storage and collaboration, Teams for communication, and — critically — it includes Microsoft Intune for device management and Microsoft Defender for Business for endpoint security. This single subscription covers the majority of your core IT needs without requiring any on-premises infrastructure.
| IT Function | Traditional Office | Co-Working (Cloud-Based) |
|---|---|---|
| On-premises Exchange Server | Microsoft 365 Exchange Online | |
| File storage | Local file server with mapped drives | SharePoint / OneDrive for Business |
| Phone system | On-site PBX with handsets | Microsoft Teams Phone / VoIP |
| Printing | Networked MFP on private network | Cloud print or portable USB printer |
| Backup | On-site NAS or tape | Cloud backup (e.g., Veeam for M365) |
| Security | On-premises firewall and AV | Cloud firewall, EDR, and SASE |
| Line-of-business apps | Locally installed software | SaaS or Azure Virtual Desktop |
For businesses that rely on legacy applications that cannot run in the cloud, Azure Virtual Desktop provides a solution. It allows your team to access a full Windows desktop environment hosted in Microsoft's UK data centres, running your specific applications, from any device in the co-working space. This keeps your data secure in the cloud rather than stored on potentially vulnerable local devices.
Cloud Backup and Data Protection
A common misconception amongst businesses moving to cloud platforms is that Microsoft 365 automatically backs up all their data. Whilst Microsoft provides infrastructure-level redundancy and disaster recovery, it does not protect against accidental deletion by users, malicious insider activity, or ransomware encryption of cloud-stored files. A third-party backup solution for Microsoft 365 — such as Veeam Backup for Microsoft 365, Acronis, or Datto SaaS Protection — is essential for ensuring your business data can be recovered regardless of the cause of loss.
In a co-working environment where you have no control over the local infrastructure, cloud backup takes on even greater importance. There is no server room to house a backup appliance, and relying on external hard drives for backup in a shared space introduces both security and reliability risks. A fully cloud-based backup strategy that automatically protects your Microsoft 365 data, line-of-business SaaS applications, and any data stored in cloud storage services ensures that your business can recover quickly from any data loss event without depending on physical hardware you cannot secure.
Consider your recovery time objectives (RTO) and recovery point objectives (RPO) carefully. For most UK SMEs, an RTO of four hours and an RPO of 24 hours is acceptable, but businesses handling time-sensitive transactions or client data may need more aggressive targets. Your cloud backup provider should offer granular recovery options — allowing you to restore individual emails, files, or entire mailboxes without needing to perform a full restore. Test your backup and recovery procedures quarterly to ensure they work as expected and that your team knows how to initiate a restore when needed.
Internet Connectivity: Do Not Rely on the Space Alone
Co-working internet is shared infrastructure. During busy periods, bandwidth can degrade significantly — particularly if other tenants are running large file transfers, video streaming, or data-intensive operations. For businesses that depend on reliable, fast internet — which is virtually every business today — relying solely on the co-working space's connection is risky.
Consider providing your team with 4G or 5G mobile broadband dongles or MiFi devices as backup connectivity. A business 5G SIM from providers like Three Business, Vodafone Business, or EE can deliver speeds of 100-300 Mbps, often exceeding the shared Wi-Fi in a co-working space. This ensures your team can continue working even if the building's internet goes down, and provides an alternative for video calls when the shared Wi-Fi is congested.
Monitoring Connection Quality
Once you are established in the co-working space, implement ongoing monitoring of your internet connection quality. Tools such as PRTG Network Monitor, Domotz, or even simple scheduled speed tests can alert you to degradation before it impacts your team's productivity. Track metrics over time to identify patterns — you may find that bandwidth drops significantly on certain days or at particular times of day, allowing you to plan important video calls or data-intensive work accordingly and avoid the frustration of unexpected slowdowns.
For businesses with multiple co-working locations or a mix of co-working and home-based staff, a Software-Defined WAN (SD-WAN) solution can intelligently route traffic across multiple connections. SD-WAN appliances from vendors such as Cisco Meraki, Cradlepoint, or Peplink can bond the co-working space's Wi-Fi with a 4G/5G cellular connection to provide both increased bandwidth and automatic failover. If one connection degrades, traffic seamlessly shifts to the other without any action required from the user. This level of resilience was previously only available to large enterprises, but compact, affordable SD-WAN devices have made it accessible to UK businesses of all sizes operating from shared workspaces.
Telephony and Communication
Traditional desk phones are generally impractical in co-working spaces. Most businesses in shared environments rely on VoIP (Voice over Internet Protocol) solutions that run on laptops, tablets, or mobile phones. Microsoft Teams Phone is the most seamless option if you are already using Microsoft 365, allowing you to make and receive calls using your business phone number from any device. Alternatives include 3CX, RingCentral, and 8x8, all of which offer UK phone numbers and competitive calling rates.
Practical Communication Tips
Noise management is a genuine concern when making business calls from a co-working space. Invest in quality noise-cancelling headsets for your team — models from Jabra, Poly (formerly Plantronics), and EPOS are widely used in UK businesses and offer excellent background noise suppression for both the wearer and the caller. Look for headsets with certified compatibility for Microsoft Teams or Zoom, as these have been tested and optimised for the specific audio requirements of each platform and provide the best possible call experience.
If your business handles a high volume of sensitive telephone conversations — such as legal consultations, financial advice, or medical discussions — you may need to book private phone booths or meeting rooms within the co-working space for these calls. Many modern co-working spaces provide acoustic pods specifically for this purpose, but availability varies and booking systems can be competitive during peak hours. Factor the cost and availability of private calling spaces into your overall assessment of the co-working provider, as regular need for private rooms can significantly increase your monthly costs beyond the headline desk rate.
Consider implementing a unified communications strategy that brings together voice calls, video conferencing, instant messaging, and presence information into a single platform. Microsoft Teams is the natural choice for businesses already invested in the Microsoft 365 ecosystem, offering all of these capabilities without the need for separate applications or subscriptions. A unified approach simplifies IT management, reduces costs, and ensures that your team can communicate seamlessly whether they are at their co-working desk, in a meeting room, working from home, or travelling between client sites across the UK.
If your business makes a high volume of external calls, consider the quality of the co-working space's internet connection carefully. VoIP calls require consistent, low-latency bandwidth — and a congested shared Wi-Fi network can make calls sound terrible. Using a wired Ethernet connection or your own 5G backup for VoIP traffic can make a significant difference.
Printing and Document Handling
Printing in a co-working space requires careful thought, particularly if you handle confidential documents. The communal printer in the shared kitchen area is not the place to print client contracts, financial reports, or employee records. Anyone could pick up your documents before you reach the printer, and many shared printers store copies of printed documents on internal hard drives.
Options include using a small portable USB printer at your desk, implementing cloud printing with secure release (where documents only print when you authenticate at the printer), or simply going as paperless as possible. For most businesses in co-working spaces, the latter approach is the most practical and secure. Digital signatures, electronic forms, and cloud document management eliminate the vast majority of printing needs.
Planning the Move: A Practical Checklist
Moving to a co-working space requires systematic IT planning to avoid disruption. Begin at least four weeks before your move date, and assign a clear owner for each task — ideally your managed IT provider, who can handle the technical details whilst you focus on running the business.
Four weeks before: Audit current IT assets, confirm co-working space IT provisions, order any new equipment. Three weeks before: Set up VPN, configure MDM policies, test cloud services. Two weeks before: Migrate any remaining on-premises services to cloud, test backup and recovery procedures. One week before: Brief all staff on new IT procedures, distribute security guidelines. Move day: Test all connections, verify VPN, confirm printing, check phone system. Week after: Review performance, address any issues, optimise configurations.
Compliance Considerations
If your business is subject to UK GDPR — and virtually every business is — working from a co-working space does not reduce your obligations. You remain the data controller and must ensure that personal data is protected regardless of where your team works. This means encrypting data in transit and at rest, controlling who can access what, maintaining audit logs, and being able to demonstrate your security measures to the ICO if required.
For businesses in regulated sectors, the requirements are more stringent. Financial services firms regulated by the FCA must ensure their operational resilience is not compromised by the move. Healthcare organisations handling NHS data must comply with the Data Security and Protection Toolkit. Legal firms must satisfy their professional body's requirements around client confidentiality. In all cases, a properly configured cloud environment with appropriate security controls will meet these requirements — but only if it is set up correctly from the start.
Cyber Essentials certification is increasingly expected by UK businesses and government bodies. If your business holds or is pursuing Cyber Essentials, your IT setup in the co-working space must meet the scheme's requirements for firewalls, secure configuration, access control, malware protection, and patch management. A managed IT provider experienced in co-working environments can ensure your setup passes certification.
Ongoing Compliance Management
Compliance is not a one-off exercise completed during the initial move — it requires ongoing management and regular review. Schedule quarterly reviews of your security controls to ensure they remain effective and appropriate for the co-working environment. Staff turnover, changes in the co-working space's infrastructure, new regulations, and evolving cyber threats all necessitate regular reassessment of your security posture to maintain the standards required by your regulatory framework.
Document your IT security arrangements thoroughly. Maintain a record of all security measures in place, including VPN configurations, MDM policies, encryption standards, and access controls. This documentation serves multiple purposes: it satisfies regulatory audit requirements, it helps onboard new staff quickly with clear security expectations, and it provides a reference point for your IT provider when troubleshooting issues or planning changes. Keep this documentation in a secure but accessible location — a SharePoint site with appropriate access controls is ideal for most UK businesses.
Consider appointing a data protection champion within your team — someone responsible for ensuring that day-to-day practices align with your documented policies. In a co-working environment, it is easy for security practices to slip over time. Screens left unlocked, documents left on shared printers, or conversations about sensitive matters held in communal areas are all common lapses that a designated champion can identify and address before they lead to a data breach. Regular security awareness training, tailored specifically to the risks of working in a shared environment, should be provided to all staff at least annually and whenever a significant change occurs in your workspace arrangements.
Moving to a Co-Working Space?
Cloudswitched helps UK businesses transition smoothly to co-working environments with secure, cloud-first IT setups. From VPN configuration to device management and compliance, we handle the technology so you can focus on growing your business.
GET IN TOUCH
CloudSwitched
London-based managed IT services provider offering support, cloud solutions and cybersecurity for SMEs.
