Is Your Slack Workspace Secure? A Guide to Slack Cybersecurity
Slack is a great tool that fosters collaboration, but is vulnerable to a variety of cyber threats. Securing your Slack workspace isn't a once-off task—it's a commitment to aligning with best practices and maintaining vigilance.
Published May 25, 2025.
Insider threats aren't just a big deal for Slack implementation, they could very well be the most dreaded vulnerability for any security team. One notable example is the Disney data breach in 2024 when a threat actor group managed to exfiltrate and expose 1.1TB of data from Disney's internal Slack channels.
If an organization as large as Disney can suffer attacks on its internal Slack channels, then all companies can. Here's what you can do to secure Slack's security shortcomings and keep your organization safe.
» Just looking for a great solution for cybersecurity? Contact KELA
Public vs. Private Slack Channels
Slack channels are the heart of communication and collaboration within a workspace. Understanding the difference between public and private channels is crucial for maintaining security:
Public Channels
These channels are open to all workspace members. Anyone can join, view the conversation history, and participate. This open nature fosters transparency and knowledge sharing, but it also presents security risks.
Security risks include:
- Accidental exposure: Sensitive information shared in a public channel could be inadvertently seen by individuals who shouldn't have access.
- Data leakage: If a member leaves the company, they might still have access to the history of public channels unless their account is deactivated promptly, potentially leading to data leakage.
- External access: In some cases, public channels might be accessible to external collaborators or guests, further expanding the potential audience for sensitive data.
Private Channels
These channels are invite-only and hidden from everyone else, both externally and from existing employees who haven't been invited. Private channels offer better control over who has access to specific conversations and data.
Benefits include:
- Restricted access: Sensitive discussions, confidential projects, or personnel matters should ideally take place in private channels.
- Improved control: Admins have more control over membership in private channels, making it easier to manage access and revoke it when necessary.
Common Security Risks Associated With Slack
When organizations adopt Slack as their main communication tool for internal and external interactions, they may face a range of risks—such as the Uber data breach in September 2022.
The primary ones to look out for include:
- Misconfigurations: Slack offers a wide range of customization options, which can lead to misconfigurations that leave your workspace vulnerable. Failing to properly configure guest access or not setting appropriate data retention policies can expose sensitive information.
- Role-based access control: Slack admins can grant end-users extensive controls and rights. While this flexibility can be beneficial as team members don't have to rely on IT to resolve most admin tasks, giving end users the right to create, manage, modify, or delete increases the risk of breaches and data vulnerabilities.
- 3rd-party integrations: Tools like Jira and other productivity applications can be integrated to work seamlessly within Slack, but they also increase the attack surface. Detecting and removing bots and applications that fail to meet organizational security standards instead of vetting them beforehand can be risky and labor-intensive.
- Data retention: Slack retains data indefinitely by default, which means every message, file, and channel is stored unless admins set retention policies. This can lead to a massive data set that widens your attack surface and increases the amount of data at risk.
- Phishing: Attackers can use phishing techniques (social engineering strategies) to gain access to your Slack environment through uneducated employees. Once inside, they can impersonate senior personnel, potentially tricking employees into revealing sensitive information or performing actions they shouldn't.
- Mobile security: If a mobile device is lost or stolen, and it's not properly secured with a strong passcode or biometric authentication, unauthorized individuals and infostealers could gain access to the Slack app and all its contents. Additionally, using Slack on unsecured public Wi-Fi networks can expose data to interception
» Learn more about security risks: The most-targeted entry points by hackers
Common Indicators of Slack Vulnerabilities
- Unusual login activity
- Unexpected traffic
- Changes in user permissions
- Suspicious file uploads or messages
To address immediate Slack threats, you should revoke unauthorized access or disable unapproved third-party apps while investigating compromised accounts. This can be done through Admin Settings > Security > Sign Out Users & Revoke API Access.
» Feeling overwhelmed? Find out why your organization needs cyber threat intelligence
Strengthen Slack Vulnerabilities
KELA can help neutralize the threats across your organization. Gain visibility over your attack surface and prioritize vulnerabilities accordingly.
Best Practices for Securing a Slack Workspace
1. Deactivate Old Accounts
Failing to offboard former employees correctly compromises their accounts, which could be accessed by threat actors. Consider integrating the offboarding process with HR systems and implementing policies to monitor and regularly review these procedures.
Automating the offboarding process is beneficial, but immediate deactivation is even better. If you utilize the Enterprise Grid Slack subscription, follow the guidelines below to deactivate a former employee's account:
- From your desktop, click your workspace name in the sidebar
- Hover over Tools & settings, then select Organisation settings
- Click People in the left sidebar, then select Members
- Tick the box next to any members you'd like to deactivate
- Click Deactivate above the list of members
» Did you know that cybercriminals sell credentials to over 12,000 Slack workspaces? Read all about it in part 1 and part 2 of our Slack attack surface guide
2. Enforce Access Control
To follow the principle of least privilege, implement the following tips:
- Grant limited access to sensitive channels
- Restrict guest accounts and external contributors to only the channels they need
- Require admins to approve all new invites
- Implement company-wide multi-factor authentication (MFA)
This can be achieved through the Manage users and groups section under Admin settings, where you assign appropriate permissions to users, guests, and external contributors.
3. Restrict File Sharing and Integrations
To protect sensitive information shared in Slack channels, you should restrict file sharing and external integrations in the following ways:
- Ensure proper logging and audits to verify that all applications and bots meet the required security standards
- Disable file uploads for non-essential channels
- Limit file types to only those necessary
- Restrict external file-sharing integrations (like Google Drive or Dropbox)
This can be set up in Slack Admin Settings under Permissions, where you adjust "Who can upload and share files" and "Restrict file sharing with external apps."
Pro tip: Organizations should have a change management system as part of their defense strategy that should include reviewing and approving third-party applications before they're integrated.
4. Integrate Security and Encryption Tools
While Slack doesn’t natively offer end-to-end encryption for communications, it does provide limited encryption for data in transit and at rest—this means the data can still be accessed by Slack's systems. To improve this security, consider integrating third-party solutions that add extra encryption layers or looking into alternative communication platforms that offer native end-to-end encryption.
Additionally, integrating Slack with security information and event management (SIEM) solutions can provide real-time monitoring and analysis of security events, helping to detect and respond to potential threats more effectively.
5. Implement Security Awareness Training
Technical controls are only effective if users understand and follow security best practices. Regular security awareness training should cover topics like:
- Phishing awareness: How to recognize and avoid phishing attempts, which are a common way for attackers to gain access to Slack accounts.
- Password security: The importance of strong, unique passwords and not reusing passwords across different services.
- Data handling: Guidelines for handling sensitive data within Slack, including what types of information should not be shared and how to use public vs. private channels appropriately.
- Reporting suspicious activity: How to report suspicious activity or potential security incidents.
» Learn more about how to prepare your organization for the future of cybercrime
Secure Your Slack Workspace Today
Securing your Slack workspace isn't a once-off task—it's a commitment to aligning with best practices and maintaining vigilance. While Slack offers a powerful platform for communication and collaboration, it also presents potential security risks if not properly managed. By implementing robust access controls, careful management of integrations and file sharing, regular security audits, and comprehensive security awareness training for all users, you can significantly strengthen your workspace's defenses.
» Ready to boost your company's security? Try KELA for free
