Over the last few years, Slack has grown from an interesting curiosity to the go-to communication tool for 65 of the Fortune 100 companies. They have over 10 million active daily users and over 85,000 paid users.
They’re trusted by mega-companies who value security such as Oracle, E*Trade, MIT, SAP and the New York Times. But how secure is this tool?
Let’s take a deeper dive.
Gossip & Hackmail Problems
One of the main issues that people are facing right now is not coming from corporate espionage and major data leaks… It’s coming from coworkers getting busted talking smack about each other.
This is a particularly large issue for remote workers. They’re not in the office, so they don’t gossip about coworkers in the lunchroom or outside having a smoke. They have to do it digitally. It’s too easy to complain about one coworker to another and follow it up with a wacky /giphy. But this leads to big problems.
It was recently reported that Slack’s chat logs are frequently becoming, “a treasure trove of embarrassment and blackmail.” Taking screenshots or accessing chat logs of private conversations can quickly escalate office politics into House of Cards-level politics, complete with blackmail.
How Hackable is Slack?
Like any online tool, the bigger it becomes, the more hackers are looking for a way to break in.
If security is a big concern for you, you should know that Slack has had a relatively clean history, with a few exceptions. In 2015, they suffered a data breach, which led them to roll out two-factor authentication to protect their users and their data.
In 2017, they reported that they had detected and patched a potential vulnerability that would have given hackers access to user data, such as shared files and chat logs.
More recently, they warned investors that their product could be targeted by “sophisticated organized crime, nation-state, and nation-state supported actors.”
Some experts say that Slack is not as secure as other messaging apps like Signal and Whatsapp, because it relies on encryption protocols like HTTPS, as opposed to end-to-end encryption that can only be decrypted only by the sender or recipient. Slack offers encryption on their servers, but your data is still accessible if someone has decryption key.
Extra Precautions for Remote Workers
These security issues are intensified for remote workers or on-the-go business travelers, who are often working on public Wi-Fi in coffee shops, hotels or airports.
This can be their only lifeline back to the company, so they may have no choice but to use Slack, especially if the company has mandated it as their mandatory comm tool.
This puts the onus on mobile workers to protect themselves with the usual steps.
- Sign out of everything when you’re done working, plus disable your Wi-Fi and Bluetooth
- Never sign into an unsecured or non-password protected wireless network or hotspot
- Never sign into an online banking account or mobile app when on public Wi-Fi
Like most things, Slack is as secure as the user makes it. So always be mindful of what you share!