430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Slack Launched Encryption Key Addon For Businesses

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to […]

Slack Enterprise Key Management

Slack announced today to launch encryption keys that will help businesses to protect their data.
Slack announced today to launch encryption keys that will help businesses to protect their data.

Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security.

Slack announced today to launch encryption keys that will help businesses to protect their data. The team introduced Slack Enterprise Key Management (Slack EKM) add-on feature to its Enterprise Grid, that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and the data they share using their chat platform. With this key management feature, the Slack team hopes to give customers more control over sensitive data.

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. The Chief Security Officer Slack, Geoff Belknap said, “Organizations that are security-minded, especially in highly regulated markets—such as financial services, health care and government—are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs.”

What is the purpose of Enterprise Key Management if Slack really encrypts the data?

Slack currently encrypts your data in transit and at rest. But the purpose of EKM is just to give an extra layer of protection to its customers. This tool adds an extra layer of protection without interfering with the operation of Slack apps. It can be beneficial especially for those those who are in regulated industries. They can share chats, files and other data, all while still meeting their own risk mitigation requirements.

Is Slack safe to use?

Slack is a great platform to have conversations around the world. According to Forbes, more than six million people use Slack daily, spending on average more than two hours each day inside the chat app. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. As long as you take the right security precautions, there’s no reason why it can’t be used to its full potential on your team, whether you’re a small shop or a multinational enterprise.

What information does Slack collect?

As mentioned in their privacy policy, Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Slack when using the Services.

What are the security risks of Slack?

Slack is a completely safe and secure platform but the risks can be occur from user end. If you are a slack user, you must have the clear understanding of the risks involved. Here are the top 3 security risks if your organization uses slack.

  1. Admin Roles

Granting admin rights to one or two users can be beneficial, as it prevents only one employee being responsible for creating, moderating and managing user groups. When employees left the the company or when their contract has ended with the company, they may retain access to the confidential or sensitive information.

To prevent this, businesses needs to ask Admin that handles creating and deleting Slack user accounts. That individual must know exactly when to on-board and off-board slack user and guest accounts.

2. Third Party Apps

There are millions of third party app available on the internet that needs permission, integration and access to your personal data.

Be extra careful when linking Slack to third-party apps, especially those that contain other types of sensitive information (such as your CRM, Google Drive, etc). As a general rule, avoiding third-party app integrations is a safer approach.

3. System Vulnerabilities

Hackers are always hungry to hunt organization’s systems and infrastructure. Make sure that your system is up to date and have necessary security tools installed in your system, such as virtual private network, antivirus and others. Using these tools can be a added security layer to your system.

As with any other tool, the shared responsibility model is key. Take responsibility for your half of the security equation, and you’ll be well on your way to a secure Slack implementation.

About the Author:

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Slack, encryption)

[adrotate banner=”5″]

[adrotate banner=”13″]