You share your coworking space with dozens of businesses. You share the meeting rooms, the coffee machine, the printer. But you also share the WiFi network — and that's where things get uncomfortable.
Most coworking spaces run a simple setup: one network, one password, everyone on it. That password is usually written on a whiteboard, stuck to the wall, or emailed to every new member. It hasn't changed in months. And every device connected to that network — your laptop, the freelancer's phone next to you, the IoT sensor in the ceiling — can, in theory, see every other device.
If your business handles client data, that should worry you.
Why shared WiFi is different from your home network
At home, you control who connects. You know every device. You set the password. In a coworking space, none of that applies.
A typical London coworking space might have 50-200 people connecting daily. Members come and go. Day-pass guests connect for eight hours and disappear. Nobody's checking what software is running on anyone's device. Nobody's enforcing security policies. The network treats everyone the same.
That creates a specific set of problems.
Packet sniffing. On an unsegmented shared network, traffic from your device passes through the same infrastructure as everyone else's. If a connection isn't encrypted end-to-end — and not all connections are — someone with the right tools can intercept it. These tools aren't exotic. They're free, widely available, and can be run from an ordinary laptop.
Man-in-the-middle attacks. An attacker on the same network can position themselves between your device and the router, intercepting or modifying traffic in transit. On shared WiFi with a common password, this is significantly easier than on a properly segmented network.
Rogue devices. Without network access control, anyone can connect anything. A compromised device on the same network as yours can probe, scan, and attempt to exploit vulnerabilities on your machine — and you'd have no idea it was happening.
No segmentation. This is the core issue. On a well-designed network, each company or user group would be on its own VLAN — a virtual partition that isolates their traffic from everyone else's. Most coworking spaces don't do this. It costs more. It requires proper network engineering. And since members rarely ask about it, there's no commercial pressure to implement it.
The numbers we do have
There's no published UK data specifically about cyber incidents in coworking spaces. That's partly because these incidents tend to be underreported, and partly because the sector hasn't been studied in isolation.
What we do know is broader. According to the government's Cyber Security Breaches Survey 2025, 43% of UK businesses reported a cyber breach or attack in the past twelve months (DSIT, 2025). The most common attack vector was phishing, followed by impersonation and then unauthorised access.
Shared networks don't cause all of these. But they make several of them easier. Phishing emails are more convincing when the attacker already knows you're on the same network as a particular company. Unauthorised access is more achievable when there's no segmentation between you and the target.
The absence of coworking-specific data isn't reassuring — it means the risk is unmeasured, not that it's low.
Five questions to ask your coworking space
Most coworking operators will answer these if you ask directly. Some will be impressed you're asking. Others might not know the answers — which tells you something too.
1. Is the WiFi network segmented?
This is the big one. Are you on a VLAN separated from other members, or is everyone sharing a flat network? If the answer is "one network for everyone," your devices are visible to every other device in the building.
2. What encryption is in use?
WPA3 is the current standard. WPA2-Enterprise (where each user has individual credentials) is acceptable. WPA2-Personal (where everyone shares the same password) is what most spaces use — and it's the weakest option for a multi-tenant environment.
3. Is there a separate guest network?
Day-pass users and visitors should be on a different network from full-time members. If they're not, the security of your connection depends on the device hygiene of someone who walked in this morning.
4. Who manages the network, and when was it last audited?
Some coworking spaces have professional IT management. Others rely on the building's original setup from years ago. If nobody can tell you who manages the network or when it was last reviewed, that's your answer.
5. What's the incident response process?
If you discovered suspicious activity on the network today, who would you report it to? What would they do? If the answer involves a blank look, plan accordingly.
What you can do regardless of the space
You can't control the coworking space's infrastructure. But you can control your own devices and practices. Here's what actually makes a difference.
Use a VPN for all work traffic. A reputable business VPN encrypts everything between your device and the VPN server. Even on an unsegmented network, intercepted traffic is unreadable. This is the single most effective thing you can do. Not a free VPN — a paid, business-grade service with a no-logging policy.
Enable your device firewall. Both Windows and macOS have built-in firewalls. Make sure they're turned on and set to block incoming connections. This stops other devices on the network from probing yours.
Turn on MFA everywhere. Multi-factor authentication on your cloud services means that even if someone captures your password, they can't get in without the second factor. This is becoming mandatory under Cyber Essentials v3.3 from April 2026 (IASME), but you should be doing it anyway.
Keep your OS and software updated. Unpatched systems are the easiest targets on a shared network. If your laptop is running an outdated OS — particularly Windows 10, which lost support in October 2025 — you're vulnerable to known exploits that will never be fixed.
Disable file sharing and AirDrop in public. Both Windows file sharing and Apple's AirDrop can expose your device to others on the same network. Turn them off when you're on shared WiFi.
Use HTTPS everywhere. Most modern browsers enforce this, but check. Any connection that isn't HTTPS is transmitting data in plain text across the shared network.
When shared WiFi isn't enough
For most freelancers and very small teams, the precautions above are sufficient. A VPN, a firewall, MFA, and good patching habits go a long way.
But there's a line where shared infrastructure stops being appropriate. You've probably crossed it if:
- You handle regulated data — financial records, medical information, personal data under UK GDPR
- Your clients or contracts require specific security certifications (Cyber Essentials, ISO 27001)
- Your team is five or more people, all on the same shared network
- You've never had anyone assess your security setup
- You store sensitive intellectual property on devices connected to shared WiFi
None of these mean you need to leave the coworking space. They mean you need to think more carefully about how you're using it — dedicated network connections, endpoint protection, proper device management, and possibly a security assessment of your current setup.
The uncomfortable truth
Coworking spaces are brilliant for flexibility, cost, and community. They're less brilliant for security. The economic model — shared infrastructure, low cost per desk, minimal IT management — creates exactly the conditions that make networks vulnerable.
That's not a criticism. It's just how shared environments work. A hotel WiFi has the same problems. The difference is that you probably wouldn't log into your company's financial systems from a hotel lobby. But you do exactly that from your coworking desk, five days a week, without thinking twice.
The question isn't whether coworking WiFi is risky. It is, by design. The question is whether you've taken the steps to make that risk manageable for your business.