Secure your Slack data with best practices, enhanced threat detection, and alerting controls in Slack

Trust is the bedrock of our company. For over a decade, Slack has delivered industry-leading levels of security, performance, and availability to organizations of all sizes – from non-profits and large government agencies to the majority of the Fortune 100.

Slack operates with the highest security standards to protect our customers. Despite recent reports, we have no evidence of any existing vulnerabilities within the Slack platform. 

 

Cybersecurity is a shared responsibility. While Slack builds enterprise-grade security into everything we do and provides the necessary tools and resources to protect your data, it is also up to you to implement security controls and best practices to further strengthen the security of your Slack Enterprise – especially when the majority of security breaches involve cybercriminals taking advantage of human error.

Enterprise-grade security is woven into every aspect of how users collaborate and get work done in Slack, including robust security and detection features built to give you the control, visibility, and flexibility needed to manage security challenges. While we provide many controls within the Slack platform to ensure your workspace security, company data security is only as strong as the collective controls put in place by each organization. Examples of such controls include endpoints (malware scanning), strong user access controls (MFA), user awareness (training), and restricting unmanaged device access to company resources (personal devices). Defense in depth provides security resilience for your enterprise.

We want to draw attention to features and best practices that will help keep your organization secure. While not exhaustive, we’ve included additional links to give you the insights needed to make informed decisions for your organization and its security posture.

Set up two-factor authentication

Two-factor authentication (2FA) is an extra layer of sign-in security. With 2FA enabled, users enter a verification code from their mobile device in addition to their Slack password. Using 2FA ensures that even if a password is compromised, access to Slack won’t be granted unless the person signing in is verified from their device.

Users can choose to enable 2FA if they’d like, but Workspace Owners and Workspace Admins can make 2FA mandatory for members. If your company uses an identity provider, consider upgrading and configuring single sign-on for Slack.

Identity and device management

Slack allows you to manage users and groups, streamline authentication using your identity provider, and assign roles and permissions. We give you the solutions to help you ensure that only the right people and approved devices can access your company’s information in Slack.

Identity and access controls

• SAML-based single sign-on
• Session duration
• Two-factor authentication
• User and group provisioning via SCIM/JIT
• Domain claiming

Device management 

• Enterprise Mobility Management (EMM)
• Secondary authentication
• Session management
• Block message copy and file download
• Default browser control
• Block jailbroken or rooted devices
• Minimum app version

Data protection, detection, and alerting

By default, Slack encrypts data at rest and data in transit as part of our foundational security controls. We also provide tools that give you even more visibility and control.

• Enterprise Key Management (EKM)
• Data Loss Prevention (DLP)
• Native DLP for Slack Connect
• Native audit logs
• Audit logs API (more on this below)
• Legal holds
• Block file downloads and copying
• Grid workspace discovery
• App and integration management
• Data residency

Information governance 

Slack offers governance and risk-management capabilities that are flexible enough to meet your organization’s needs, no matter what they are.

• Global retention policies
• eDiscovery
• Data exports
• Custom terms of service (TOS)

How our audit log API can help you detect suspicious behavior inside Slack

Slack’s Audit Logs API offers real-time access to audit events within Enterprise Grid organizations, allowing owners to monitor user actions and safeguard against inappropriate access. This API supports integration with tools like Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR), providing visibility into security issues and suspicious user behavior such as large-scale downloads of corporate data. Anomaly events are a special part of the Audit Logs API that help surface unexpected app and user behaviors that may be considered risky in your environment.

It’s read-only, meaning it doesn’t write events or assess the appropriateness of actions. While it doesn’t monitor message content, it can feed access data for custom apps or compliance solutions like e-Discovery or Data Loss Prevention.

Trust and security are our top priority. We care about protecting your data and building a service you can trust. For more security tips to protect your workplace, see here. To learn more about Slack’s security features, please visit https://slack.com/trust/security.