Are you ready for a breach in your organization’s Slack workspace?

When organizations transitioned to hybrid working at the start of the pandemic, Slack gave teams a crucial way to collaborate effectively, regardless of their physical location. But in most organizations, Slack is a relatively new solution, bringing the typical challenges of adopting new technologies – related to culture, functionality, expected user behavior and, of course, security. For many organizations, Slack is now the primary communication channel, replacing messaging and knowledge management repositories. As a result, Slack contains more and more sensitive information than these traditional systems.

Before we dive into the challenges, let’s be clear: Slack invests substantial resources in securing its infrastructure, platform, and software itself. However, like any other technology platform, Slack can serve as a base for attacks by taking advantage of built-in features, insecure use, or misconfigurations. And while established collaboration and communication platforms have a full ecosystem of security solutions and best practices, Slack only has a small subset of those solutions and practices in place.

Slack offers an open and collaborative culture, while years of phishing attacks have made users wary of unusual emails, few suspect a message from a colleague on Slack. Therefore, compromising a single account in Slack can easily be exploited to trick other users into gaining additional access, not just to other users, but to multiple channels. Most organizations leave many public channels to encourage participation and share knowledge as part of the process. Slack as a knowledge base approach. However, few consider who has access to the channel and therefore people share sensitive information – even secrets, such as passwords or API keys in channels. Shared in a conversation, very few people think it will be stored forever and accessible to any compromised account.

This open culture is not the only problem. Slack also offers an extensive app market and allows you to create additional apps outside of this market. Third-party apps on SaaS platforms pose a huge supply chain risk, creating an attack vector for almost any SaaS platform, including Slack. Many apps ask for broad permissions, but even seemingly innocuous requests to “read from all public channels” allow broad access to a significant amount of data. Additional potential risks include content filtering, lateral movement, communication with third parties (Slack Connect) and many others.

Slack detection and response
As Slack becomes an increasingly dominant part of your organization’s infrastructure, it will become a target of attacks and eventually be hacked, just like any other technology we use. That’s why companies must be able to identify, contain and respond quickly to security incidents in order to minimize their impact. Unfortunately, the technology and practices required to do this for Slack are still limited. For example, Slack provides access to security logs only to customers using its enterprise tier. Without security logs, detection and response is nearly impossible. Other advanced security features, such as single sign-on, are not available in their standard and pro plans, leaving many medium and large businesses exposed.

Also, many don’t realize that Slack doesn’t keep any history of anything deleted. If an attacker deletes messages, they disappear forever. This can turn into an effective ransomware attack, which is difficult to respond to without prior preparation, mainly backups.

Should I stop using Slack?
No. Slack is a great platform that can help your business work more efficiently. It is important to be aware, however, that any platform we use is susceptible to risk and can be an attack vector. By understanding these risks, we can become more secure and resilient to attacks.

Here are five ways to minimize the impact of a potential Slack breach.

1. Private/public channels: Define and apply a clear policy on public and private channels. As a repository of sensitive data, your users need to think about where and how they share information.

2. Limit third-party permissions: Limit your third-party apps to minimum permissions to reduce the impact of a third-party breach.

3. Backups: Back up your Slack. If Slack serves as a knowledge management repository, it is an essential asset in the organization. Automate Slack’s export capabilities or hire an external vendor to create backups.

4. Enable advanced security features: Require multi-factor authentication and enable security features in Slack’s enterprise license, including additional encryption, compliance, and security management.

5. Collect logs: Collect and retain Slack logs so you have the information you need to investigate an incident.

The time you spend now reviewing the potential challenges and security risks of a Slack breach will help you if it happens. The steps outlined above can help you reduce the impact and likelihood of potential Slack breaches.

Aubrey L. Morgan