Collaboration Security

5 Ways to Avoid Getting Phished on Slack

Posted by

Did you watch the Olympics?

If you did, you probably saw this commercial:

Why does it matter that Salesforce bought Slack and ran a heavy ad load during the biggest sporting event in the world?

Answer: it means that Salesforce is serious about Slack. This high-profile go-to-market campaign is the first of many.

Salesforce wants Slack to be the platform of choice for collaboration. In the words of Salesforce CEO Marc Benioff:

We're going to rebuild all of our technology, once again, to become Slack-first to help our customers have a harness to work in this new world — where you're working at home; you're working in the office; you're working at events; you're working anywhere.

If Slack really is where the future works, that future - messages, channels, file shares, and everything in between - needs to be secured. With more than 12 million Daily Active Users and 150,000 organizations on board, Slack is becoming a prime target for malicious actors (we all remember the EA hack).

Clearedin is here to help. That starts with five recommendations for your organization to use Slack phish-free:

  1. Be extra careful about sharing Personally Identifiable Information (PII). PII should only be shared with known and trusted individuals. If you share PII on Slack, follow through with a plan to delete it.
  2. If you get a Slack invite via email, make sure it's not a phish. The same old email tricks apply - spoofed Slack domain, realistic content, and long-term social engineering. You'd be surprised at how easy it is to click through (if you're a security person, you're not surprised).
  3. When you work with external collaborators, make sure their Slack workspaces are authentic. Anyone can set up a Slack workspace or organization with any name - whether or not they represent that organization. Verify authenticity by using a second trusted channel or a secret.
  4. Have visibility and controls around file sharing. This includes external file links shared on Slack and files uploaded directly to Slack. Create a process for trusted human approvals and roll it out.
  5. Use a security platform that plugs directly into Slack. And Microsoft Teams. And email. And wherever collaboration goes next.

Do #1-#4 and you'll be in great shape.

Do #5 and you'll be in the best shape you can be.

Related Posts

Get Clearedin

Stop targeted attacks on email, Slack, Zoom, and Box with Clearedin’s active defense technology.
Schedule a Demo