Slack proved that it was big long ago. Its popular (dare I say ubiquitous) adoption by businesses of all sizes has made Slack, with 10m+ active users, a serious force in the collaboration or business messaging marketplace (according to Datanyze, outside of Microsoft Sharepoint offerings, Slack has the next highest team collaboration market share at 7.1%). While Slack adoption has been rapid, securing Slack communication has not been. Unfortunately this has made Slack a target for attackers and an unmitigated risk for your organization.
How Slack is Used
I use Slack daily for simple co-worker messaging, file sharing, and team collaboration. My use of Slack has surpassed my use of email – because it is easier, more immediate, and more completely solves my working needs. It combines the functionality of texting (it works great on phones!), file sharing and group chat. It provides seamless collaboration with presence sense, archiving, and acts as a springboard to launch other related tools. It’s the first app I check in the morning – or second, just behind my appointment calendar.
While Slack’s primary use is for internal teamwork and communication, I’ve also experienced it for external community enhancement – as a vehicle for outside stakeholders to interact and companies to engage customers.
Slack Security Concerns
As with any new medium, along with the good comes the opportunity for abuse – and Slack is a soft target. Fact is most Slack channels today operate in the clear, with little to no controls to enforce policy or appropriate use. Insiders may inadvertently share confidential content inappropriate for outsiders. Files shared within Slack may contain malware or malicious links that evade normal AV/malware inspection.
Communicating with vendors, prospects, and customers is easier than ever using Slack. However, opening up communication channels also opens the door to digital attacks. An irate customer may pollute a customer group chat with vitriolic language or worse, an ill-intent perpetrator can propagate malware, illegal or stolen content, and scams if they infiltrate a Slack channel.
Is Messaging Your Weakest Link?
Collaboration and messaging tools such as Slack, while powerful, require as much security attention as email or any other digital communication platform in your tool chest. Too often they are unprotected, despite that ignoring or assuming security for these channels can be costly.
Without proper monitoring, threat actors can easily include links to phishing sites, obtain PII and other intellectual property, or may engage in other behavior that damages GuitarPlanet’s reputation and scams their clientele.