Concerns about the security of business communication tools like Slack have surfaced following the massive data breach that hit The Walt Disney Company over the summer. The debacle prompted Disney to announce in an email to staffers last week that it would remove Slack from all of its business units by the end of its next fiscal quarter and move forward with new internal tools.
In response to Disney’s decision, Marc Benioff, CEO of Salesforce, which acquired Slack in 2021, insisted in an interview with Bloomberg that their security is “rock solid” because they do their due diligence to ensure their clients’ data remains safe and protected. He then added, “Companies have to also take the right measures to prevent phishing attacks and to lock down their employees’ social engineering. So, we can do our part, but our customers also have to do their part.”
Like many other collaboration tools, Slack comes with benefits and risks. To better secure sensitive information and prevent potential cyberattacks when using Slack, companies and individuals can take the following measures:
1. Avoid password sharing on Slack
As a cardinal rule, one should never share passwords on the platform, because once a message is sent, it is available for everyone to view. If employees need to exchange access details for accounts and programs, they should do so using more appropriate venues, like password management tools, which are more secure against unauthorized access.
2. Enable two-factor authentication (2FA)
Many people may hate this feature, but it’s actually helpful against bad actors trying to access private data. This adds another layer of security beyond the usual username-and-password combo. When Slack’s 2FA is enabled, a one-time code will be sent to the user’s phone each time they access their Slack account. So, if a hacker tries to access their Slack account, the hacker wouldn’t be able to move forward without the one-time code.
3. Use private Slack channels for confidential conversations
There are two types of channels available on Slack: public and private. Messages sent via public channels will show up in search results for other users of the same workspace. On the other hand, messages and files sent via private channels can only be viewed by authorized members. Administrators are encouraged to use this feature to limit access to sensitive information, including news about upcoming projects, mergers, acquisitions and other critical business operations.
4. Implement email security policies
Since an email address is mandatory to join a Slack workspace, companies must have a defined email security policy in place. By laying out rules for the use of corporate email, employees can help contain the organization’s email security risks. In return, this helps companies maintain a higher level of data protection across all communication channels.
5. Administer Slack security training in employee onboarding
Having a security policy in place is never enough. It’s important for companies to take a proactive role in incorporating Slack security training into employee onboarding programs. From the get-go, new members should become aware that sharing anything via the communication tool has security risks. They should also be taught about specific risky behaviors to avoid when using Slack, such as creating public links to files that shouldn’t be shared publicly. Conducting regular refresher courses is also a good way to reinforce this measure.
6. Stay updated on Slack vulnerabilities
Last, but not least, one important measure to follow when using Slack is to stay up-to-date with its updates and changes. The official Slack website releases regular security news and updates, including information on newly discovered bugs or vulnerabilities and upcoming fixes. Like what they say in the medical field, prevention is always better than cure. Staying informed can help companies address potential problems way before they escalate.
Photo by Sundry Photography/Shutterstock.com
