When it comes to protecting your Slack messages, many companies are still flying blind. Slack has become the de facto corporate messaging app, with millions of users and a variety of third-party add-on bots and other apps that can extend its use. It has made inroads into replacing email, which makes sense because it is so immediate like other messaging apps. Its flexibility and ubiquity are precisely why it’s more compelling to protect its communications.
Slack hasn’t been sleeping about security–quite the contrary. Last January, the company posted an interview with its CSO about various concerns. Slack’s effort is mainly focused on making sure its own app is bug-free and tested regularly for vulnerabilities. When Slack opened up its API to third-party developers, the company put in place some basic rules to ensure that these apps were also developed with secure controls. Slack also has some good recommendations to keep its app more secure, such as making sure that all users implement two-factor authentication and setting up automatic provisioning and deprovisioning for users. All these efforts are noteworthy, but incomplete.