Posted  by  admin

Slack Is

Slack is a collaboration hub for businesses that hasexploded in popularity over the last five years. It now has 10 million dailyactive users, making it by far the leading platform for live chat withinbusinesses. Slack boasts that it’s beingused by ‘65 of the top Fortune 100’ companies. Their internal statistics tellus that 85,000 businesses, from SMBs to large enterprises, are now using thepaid tier of Slack within their organization.

We are no longer supporting this browser, so you’ll need to switch to one of our supported browsers to keep using Slack. We know this can be a pain, and we’re sorry for asking you to do it. We know this can be a pain, and we’re sorry for asking you to do it. Try Slack for free with your teammates. All it takes is an email address to get started. This browser is no longer supported. We know it's a hassle to switch browsers, but we want your experience of Slack to be fast, secure, and the best it can possibly be.

This huge number of users represents an opportunity forhackers to utilize the platform to infiltrate networks and gain access tosensitive data. So, how secure is the Slack platform and should yourorganization be thinking of security solutions to protect this attack vector?

Slack’s Security

When Slack first launched in 2013, it was branded as afriendly alternative to Microsoft’s team tools. You could communicate instantlyusing this platform, with group messages and full conversation logs. This madeit instantly attractive to businesses looking for an easy to way to instantlyshare messages, with integrations with other business apps.

However, in 2015 Slackwas hacked, revealing the holes in its security. The company announced thatover four days it’s systems had been hacked, compromising some of its users’data. This included email addresses, usernames, encrypted passwords. Slack alsonoticed some suspicious actives on user accounts, suggesting at least someaccounts became compromised. Acompromised Slack account from a CEO or executive level position could cause asmany security issues as a compromised email account. This hack led Slack toimplement two-factor authentication.

Just this week, another security vulnerability was uncoveredin Slack that allowed hackers to remotely exploit a vulnerability in slack to alterwhere files sent though Slack are downloaded, allowing them to inject malwareor alter information, as reported by Threatpost.This bug has now been patched, but the attack surface for Slack remains large.

Slack Israel

Open Communities and Phishing attacks

Technologies

Slack features ‘open communities,’which allow large groups of people to communicate easily. Channels can beopened with any individuals, and a username is all a user has to verify theidentity of the person they are speaking to.

This means that like email, Slackhas become a platform where users must be vigilant about looking out forphishing attacks and spam messages. Because Slack is invite-only, users assumethat their workspace is secure, but this is not always the case.

In 2017, a group of hackers used an account pretending to be a ‘Slackbot’, which sent out a phishing attack directing people to a fake site where their financial details were collected.

These types of phishing attacksthrough Slack could be potentially much more damaging than a similar campaign wouldbe through email.

In an interview with Expert Insights, President and CTO of SafeGuard Cyber Otavio Freire argued that “people have learned to distrust what they see in an email. But with new technologies, they haven’t experienced that reason to distrust yet.”

Slack themselves, while removing the infected accounts, have put the onus on security teams to protect themselves from phishing attacks telling Ethnews “we encourage team admins and members to be vigilant, and to review and enforce basic security measures.”

Slack Is Bad For Productivity

So how can business protect themselves whileusing Slack?

Security solutions for Slack

Like email, Slack is anincredibly useful and productive communications tool for businesses. Also, likeemail, businesses will not stop using Slack because of the security concerns.

Slack Is

Slack has provided security vendors a way to create security solutions for Slack using their open source APIs. This has allowed vendors to create multiple security apps for Slack that can be easily be installed straight from the app browser menu within Slack itself. These solutions are an ideal way for businesses to protect themselves from security threats while using Slack.

Avanan, a vendor known fortheir CASB solution, has created a security platform for Slack that provides URLfiltering, protects businesses from malware, identifies and blocks accountsthat have been hacked, and provides a full administration dashboard. This can effectivelyprotect businesses from phishing links and compromised accounts on Slack.

Other companies, like SafeGuardCyber, have established a platform for compliance, archiving and security on Slack.This provides businesses with cyber defence by evaluating all Slack messages,images, attachments and links for malicious content. It also provides them withreal time compliance but archiving messages.

Summary

All businesses should be considering the security of Slackand the steps they can take to make sure their employees and sensitive data andfinancial information sent through Slack is safe.

Simple steps to enhance the security of Slack are to make sure that no employees share any sensitive business information or private account deatails through Slack. Everyone should also be using two-factor authentication, to minimize the risk of account compromise.

Businesses’ should also consider using one of the security solutions outlined earlier in this article. If Slack is replacing email for your internal business communications, having an established security solution in place will become vitally important in protecting your business data.

TrackingSlack Is

About Expert Insights:

Expert insights is an independent review platform for CyberSecurity services. They offer to readers detailed and meticulously researchedproduct information written by industry experts, and independent end userreviews. This helps customers looking for cyber security services make aninformed buying decision.