Cloud-based collaboration apps like Office 365 and Slack have made remote working a possibility. But as SaaS (Software as a Service) is constantly being developed and fine-tuned, many security and privacy problems still continue to surface. In Slack’s case, according to this article, IT professionals found five ways by which data confidentiality could be accidentally violated:
- Creating public download links to Slack files
- Giving end users the ability to make major changes in Slack
- Promoting an unlimited number of users as admins and giving them the right to view and make important, and at times irreversible, decisions
- Allowing users to install third-party apps and agree to their permission requests
- Enabling end users and admins to access Slack without requiring the two-factor authentication (2FA)
Tips on safeguarding your information
Put an end to data leakage on Slack by following these five tips:
- Prevent your users from creating public links to your files by disabling this feature in your Slack’s Settings & Permissions page
- Manage permission settings in the Settings & Permissions page to stop end-users from taking any unauthorized actions
- Limit the amount of admins you have in your Slack Workspace
- Select the right Slack Workspace Owner to ensure that only secure third-party apps install requests are approved (because only the Owner can approve, control, and restrict app installations)
- Avoid sending confidential files to users who don’t have 2FA enabled (by filtering who has 2FA turned on) or encourage your users to enable 2FA to eliminate risk of data leakage
Feel free to contact our experts today if you’d like to know more about cybersecurity best practices for your business.
Source: https://www.bettercloud.com/monitor/blind-spots-in-slack-5-things/
