Slack, a wildly popular SaaS communication tool for the modern workplace, helps users become significantly more productive. 

The foundations of Slack started when its creator Stewart Butterfield built a communication platform for online gaming collaboration. After several rounds of funding and several core updates, the Searchable Log of All Communication and Knowledge, or “Slack” as it’s better known, was born in 2014.

Slack proved its value during the pandemic when an influx of home workers flocked to the service. The ability to easily chat, make phone calls, and share files and documents was a welcome relief during a very challenging time. However, Slack security issues remain a concern, and hackers are targeting the platform because of the wealth of sensitive data saved in Slack communications.

Top Slack Security Concerns in 2022

Despite Slack being an invite-only platform with native multi-factor authentication, there are still four areas of concern regarding well documented Slack security concerns. These concerns should be under constant review to offer the best protection to businesses and users.

#1. Data Leakage

The Enterprise edition of Slack comes with an unlimited data retention plan where all conversations are saved in the Slack SaaS cloud platform. Data is retained from the beginning of time and nothing is overwritten; it's only removed when a user manually deletes the conversation. Data Leakage is caused by human error, technical faults, poor data protection policies, and occasionally a malicious actor. 

There can be significant consequences if the business is subject to General Data Protection Regulation (GDPR) or similar laws such as California Consumer Privacy Act (CCPA). 

#2. Malware

Collaboration tools are being targeted with malware, data miners, and remote-access trojans. As businesses shift away from email, phishing techniques are changing to target tools like Slack. Compromising Slack only requires hackers to overcome one obstacle - gaining access to the system. 

Hackers try to trick employees into granting rogue access requests. While this is not always easy, inexperienced employees may mistake a phishing attempt for genuine business communication, and once access has been compromised, the hacker can subscribe to conversations and access chat archives with relative ease.

#3. Impersonation

To make Slack a user-friendly experience for larger audiences, access is granted with security tokens. Impersonation is difficult but if the token is intercepted or shared maliciously (such as being put up for sale on the dark web) then unfettered access is possible.


#4. Third-Party App Integrations

Slack integrates with cloud services, applications, and APIs to power many automation features, making monitoring, alerting and integrating with cloud services or data feeds easy. However, with great power comes great responsibility because app permissions can open the door to contaminated webhooks that expose valuable business data. 

The responsibility of configuring third-party apps is offloaded to the user, which no doubt increases the probability of misconfiguration for apps that can post messages on channels, modify or edit existing messages, and even create additional Slack channels.

Slack Security with Avanan

Technical solutions can harden Slack security and reduce the attack surface hackers can target. 

The Avanan Slackbot is a pre-configured, zero-management cloud security engine that has specific protections built-in to secure Slack communications. It provides administrators with the tools to control access to channels, and sensitive data and automatically quarantines malicious files, and triggers security events. Avanan integrates seamlessly with Slack to create a single dashboard that allows administrators to deep dive into exactly what Slack is doing.

Enforce Internal Policies

Organizations must plan user access rights that align with an internal security policy. The policy must segregate access rights to follow the principle of least privilege, segregate access to private Slack channels and implement a select few approvers who manage cross-channel access requests. This is a privilege reserved for team leaders and principals who are trusted implicitly by the company.

Avanan includes detailed logging of all Slack activities. This includes any triggered events from Slack, workflows, and end-user activities such as login details, file shares, 3rd party application integrations, and details on new channels. Any file that is downloaded on Slack is logged for additional peace of mind.

Enhanced Education Program

It’s important to create training to highlight the latest threat landscape and the newest attack vectors used to gain access. Employees should learn how to spot phishing trends and techniques and be introduced to ethical social engineering to ensure they are adhering to security best practices.

The Avanan Slackbot will automatically post messages to the channel upon creation and when new users are added and so on. This approach can help to reinforce the best practices for the business and reinforce the expected conduct of Slack users. 

Default File Sandboxing

 File sharing aids team collaboration but often data shared is business confidential or contains data that does not belong in the public realm. Every file is sandboxed when downloaded via Slack, resulting in a more secure environment. If viruses, malware or ransomware is detected, the infected files are automatically quarantined and ring-fenced. This stops the execution of any unwanted scripts or code. 

The threat engine will automatically alert the user and the issue will be flagged with system administrators.  In the event of a false positive, the user can request the file be released but approval must be granted by a principal user

Technical Protections such as DLP

 Data Leak Protection scans posted text messages for potentially leaked information, such as Credit Card and Social Security Numbers. Confidential messages can be tagged as classified and Avanan will determine if the message needs to be quarantined or encrypted with Information Rights Management (IRM) software to control who can access the data. As per malicious file detection, relevant users will be automatically notified.


Advanced Anomaly Engine

Avanan’s anomaly engine is designed to identify suspicious or unexpected user access to Slack. The tool learns a baseline of the expected behavior of the platform, and if any deviations from the normal activity are detected, an event is logged and administrators are automatically notified. Accounts can be automatically disabled to prevent the exposure of business data. 


Want to know more about the powerful feature set of the Avanan Slackbot engine? Download our Slack Solution Brief to learn more about how easy it is to protect valuable and sensitive business data. You’re also welcome to request a demo to experience the peace of mind afforded by protected Slack communications.