Security

Slack Launched Encryption Key Addon For Businesses

Slack announced today to launch encryption keys that will help businesses to protect their data.
Slack announced today to launch encryption keys that will help businesses to protect their data.

Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security.

Slack announced today to launch encryption keys that will help businesses to protect their data. The team introduced Slack Enterprise Key Management (Slack EKM) add-on feature to its Enterprise Grid, that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and the data they share using their chat platform. With this key management feature, the Slack team hopes to give customers more control over sensitive data.

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. The Chief Security Officer Slack, Geoff Belknap said, “Organizations that are security-minded, especially in highly regulated markets—such as financial services, health care and government—are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs.”

What is the purpose of Enterprise Key Management if Slack really encrypts the data?

Slack currently encrypts your data in transit and at rest. But the purpose of EKM is just to give an extra layer of protection to its customers. This tool adds an extra layer of protection without interfering with the operation of Slack apps. It can be beneficial especially for those those who are in regulated industries. They can share chats, files and other data, all while still meeting their own risk mitigation requirements.

Is Slack safe to use?

Slack is a great platform to have conversations around the world. According to Forbes, more than six million people use Slack daily, spending on average more than two hours each day inside the chat app. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. As long as you take the right security precautions, there’s no reason why it can’t be used to its full potential on your team, whether you’re a small shop or a multinational enterprise.

What information does Slack collect?

As mentioned in their privacy policy, Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Slack when using the Services.

What are the security risks of Slack?

Slack is a completely safe and secure platform but the risks can be occur from user end. If you are a slack user, you must have the clear understanding of the risks involved. Here are the top 3 security risks if your organization uses slack.

  1. Admin Roles

Granting admin rights to one or two users can be beneficial, as it prevents only one employee being responsible for creating, moderating and managing user groups. When employees left the the company or when their contract has ended with the company, they may retain access to the confidential or sensitive information.

To prevent this, businesses needs to ask Admin that handles creating and deleting Slack user accounts. That individual must know exactly when to on-board and off-board slack user and guest accounts.

2. Third Party Apps

There are millions of third party app available on the internet that needs permission, integration and access to your personal data.

Be extra careful when linking Slack to third-party apps, especially those that contain other types of sensitive information (such as your CRM, Google Drive, etc). As a general rule, avoiding third-party app integrations is a safer approach.

3. System Vulnerabilities

Hackers are always hungry to hunt organization’s systems and infrastructure. Make sure that your system is up to date and have necessary security tools installed in your system, such as virtual private network, antivirus and others. Using these tools can be a added security layer to your system.

As with any other tool, the shared responsibility model is key. Take responsibility for your half of the security equation, and you’ll be well on your way to a secure Slack implementation.

About the Author:

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Slack, encryption)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Silent Ransom Group targeting law firms, the FBI warns

FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback…

6 hours ago

Leader of Qakbot cybercrime network indicted in U.S. crackdown

The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices…

11 hours ago

Operation RapTor led to the arrest of 270 dark web vendors and buyers

Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…

2 days ago

Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks

A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…

2 days ago

U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…

2 days ago

New Signal update stops Windows from capturing user chats

Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…

2 days ago