Slack is an incredibly popular app. It became a lifeline for so many companies during remote work in 2020 and it will remain an essential part of working life for years to come.
But just because it's a helpful business app does not mean it comes without issues. Like many apps, it is liable to be hacked; data can be stolen; havoc can be wreaked.
In order to use Slack effectively, companies have to also ask themselves: Is Slack Secure?
We'll run down the inherent issues in the app and some steps your company can take to secure Slack. With our solution, Slack Security is achievable.
Slack does not provide any default security protections. That means that everything you share—files, company data and information—is ripe for hackers.
Because Slack is known to be invite-only, there is a common presumption that everything shared on Slack is private.
An employee on any plan can create an external link, which converts a file tethered to an organization into a publicly available URL. Any member of Slack has the potential to create and edit user groups, add apps and integrations, invite new members, and invite a multi-channel guest to a private channel.
And since anyone can create groups, add apps and invite members, it means that the potential for chaos is high.
Companies share everything on Slack: files, budgetary spreadsheets, company announcements, sensitive documents. They share funny GIFs and literally everything else:
But that share-ability can lead to the following bad outcomes:
Any data or information shared on Slack can easily be passed on. This can happen maliciously or by mistake—many users consider Slack to be internal but forget that external partners might also have joined a channel.
On Slack, users can share malicious links or malware without realizing and there are no protections against it. And given the general trust employees have of the platform, anyone in your company could click on a malicious link or download malware.
It's fairly easy to join a Slack channel. Any user, at almost any permission level, can invite others to join whether inside or outside the company. The approval process is often loose and casually enforced.
With the sudden ramp-up of Slack usage, unfamiliar users are likely to trust what they see and permissions approved in bulk.
The first compromised account typically happens by email. Subsequent 'east-west' compromise typically avoid email in order to avoid detection. As companies move internal communication to Slack , the attackers will follow.
The above seems daunting, but there are ways to protect your organization.
Here's how the Avanan solution works:
Securing Slack is possible and with Avanan it's easy. With a few simple clicks, all of the inherent issues can go away.
Learn more about Avanan's Slack protections and start a free trial today.