Security tips to protect your workspace
At Slack, security is our top priority. We care most about keeping your account secure, protecting your privacy and building a service you can trust. We’ve rounded up the tools that workspace owners and admins need to keep their workspaces and members safe. After all, a secure workspace is a happy workspace!
Hello there! 👋Our Support team are available 24/7 and always happy to help. If you notice suspicious activity in your workspace, please contact us.
Ask members to set up 2FA
Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA turned on, members enter a verification code (from their mobile device) along with their normal password. 2FA ensures that even if a password is stolen or compromised (Heaven forbid!), access won’t be granted unless the member is verified from their device.
Members can choose to enable 2FA if they like – but workspace owners can make this a requirement. If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack.
Manage apps with care
All members can add apps to your workspace by default. We review every app in our Directory, but there are lots of other apps your members can try to install. To help manage security, workspace owners can control who can add apps and from where. Learn more about managing apps for your workspace.
Note: For internal integrations built by your team, treat the tokens you generate carefully. Never share tokens with other people or applications. Read how to Connect your tools to Slack.
Limit who has access
Slack allows for transparency and sometimes that means sharing propriety information or sensitive details. That’s why we give workspace owners and admins control over who gets invited to become a member.
Here are some tips to manage who has access to your workspace:
Only invite people you know.
For total control, keep the default setting: only let workspace owners and admins send invitations to new members. If you do allow others (except guests) to send invitations, you should review pending and accepted invitations periodically.
Deactivate members’ accounts as soon as they no longer need access.
Change is constant, and people come and go. Don’t forget to deactivate a member’s account when they leave. On the Plus subscription and above, you can streamline deactivation with your identity provider and SCIM provisioning.
Use guest accounts and limit which channels they’re invited to.
Some members of your Slack workspace (e.g. contractors, interns or clients) may only need access to certain channels. Guest accounts are an excellent way to manage who has access to what. (Available on paid subscriptions only.)
Click shared links with caution
If you manage a workspace, it’s impossible to monitor every single link that gets shared – so we do our part to help. If we identify a potentially unsafe web page or malicious link, we’ll show a visual warning. That will help members to proceed with caution. Read more about safe browsing. 🔗
Limit administrative privileges
Using @mentions to make announcements is a quick way to get people’s attention. If you want them to, workspace owners can limit announcements to certain members or to just workspace owners and admins.
Members can find each others’ email addresses in their profiles, but some may prefer to keep this info private. Workspace owners and admins can choose whether to display members’ email addresses in their Slack profiles.
💡If you’re an owner or admin, browse workspace Settings & permissions.
Understand Slack use
On the Standard subscription and above, workspace owners can view analytics and usage for insight into how your members use Slack.
Tip: Interested in some of our additional security features? Start by reading more about our different Subscriptions, products and features.