Collaboration Security

5 Ways to Avoid Getting Phished on Slack

Posted by

Did you watch the Olympics?

If you did, you probably saw this commercial:

Why does it matter that Salesforce bought Slack and ran a heavy ad load during the biggest sporting event in the world?

Answer: it means that Salesforce is serious about Slack. This high-profile go-to-market campaign is the first of many.

Salesforce wants Slack to be the platform of choice for collaboration. In the words of Salesforce CEO Marc Benioff:

We're going to rebuild all of our technology, once again, to become Slack-first to help our customers have a harness to work in this new world — where you're working at home; you're working in the office; you're working at events; you're working anywhere.

If Slack really is where the future works, that future - messages, channels, file shares, and everything in between - needs to be secured. With more than 12 million Daily Active Users and 150,000 organizations on board, Slack is becoming a prime target for malicious actors (we all remember the EA hack).

Clearedin is here to help. That starts with five recommendations for your organization to use Slack phish-free:

  1. Be extra careful about sharing Personally Identifiable Information (PII). PII should only be shared with known and trusted individuals. If you share PII on Slack, follow through with a plan to delete it.
  2. If you get a Slack invite via email, make sure it's not a phish. The same old email tricks apply - spoofed Slack domain, realistic content, and long-term social engineering. You'd be surprised at how easy it is to click through (if you're a security person, you're not surprised).
  3. When you work with external collaborators, make sure their Slack workspaces are authentic. Anyone can set up a Slack workspace or organization with any name - whether or not they represent that organization. Verify authenticity by using a second trusted channel or a secret.
  4. Have visibility and controls around file sharing. This includes external file links shared on Slack and files uploaded directly to Slack. Create a process for trusted human approvals and roll it out.
  5. Use a security platform that plugs directly into Slack. And Microsoft Teams. And email. And wherever collaboration goes next.

Do #1-#4 and you'll be in great shape.

Do #5 and you'll be in the best shape you can be.

Related Posts

Get Clearedin

Stop targeted attacks on email, Slack, Zoom, and Box with Clearedin’s active defense technology.
Let us show you