Estimated reading time: 1 minute, 43 seconds

Slack’s Popularity Brings Threat of Workspace Breach  

The spread of the collaboration and communications platform Slack, particularly as organizations embraced hybrid work during the pandemic, also raises questions about cybersecurity.

SlackFor the first time, most workers now say they prefer real-time communications tools like Slack and Microsoft Teams over email, according to a recent survey by Ziff Davis. Slack customers include 77% of the Fortune 100, according to the company. Slack has even become a forum for job searches.

Yet like any other platform, Slack carries the risks of cyberattacks through misuse of its built-in features or risky behavior, notes Ofer Maor, CTO and co-founder of cybersecurity startup Mitiga.

Writing for Dark Reading, Maor points out that while users have learned to be on the lookout for phishing emails, the open culture of Slack means that most people probably aren’t on guard for suspicious messages from their colleagues. “Therefore,” Maor writes, “compromising a single account in Slack can easily be leveraged to deceive other users and gain additional access—not only to other users but to multiple channels.” As Maor observes, many organizations has sensitive information such as passwords available and preserved indefinitely in channels open to large numbers of users.

Slack users also have access to an array of apps. Maor warns that third-party apps are a serious risk for almost all software-as-a-service platforms, and Slack is no exception.

What’s more, Slack doesn’t preserve a record of messages that are erased. According to Maor, ransomware attackers could use the threat of deleting information as effective leverage for their demands.

To be sure, Maor notes, Slack is a “great platform” with significant investment in security. Still, one example of Slack being used in a cyberattack occurred last year, when scammers stole a trove of data from video game publisher Electronic Arts by duping an employee using the tool, as Motherboard reports.

For improving the security of an organization’s Slack workspace, Maor recommends setting clear policies around private versus public channels, minimizing permissions for third-party apps, backing up Slack content, enabling multi-factor authentication and other advanced security features and keeping Slack logs.

Read 1613 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.