Six Tips for Secure Collaboration from Slack’s Security Chief

1

“Unsurprisingly, my number one tip is to use a shared collaboration environment instead of email wherever you can. With email being an open protocol it’s harder to validate who you're working with and it's an entry point into your workforce for attackers.

“If you're in a more closed and controlled environment – like Slack Connect – then you have the opportunity to vet the people that you're interacting with and protect your employees from malicious actors.”

2

“As an administrator make it easy for your employees to do the right thing – and that means not oversharing information. So, if you are collaborating with an asset or a document, set your defaults so that they retain the sharing scope of URLs within your organisation. That should be your default. Make it frictional for users to share information outside your organisation.”

3

“The number one recommendation I have for the entire world is to enable a second factor of authentication. Use all the authentication features that the cloud, the service provider is going to offer you. I know that people have heard that a million times, but once you get used to the teeny tiny bit of cognitive friction that using the second factor of authentication adds to your life, you will wonder why you didn't do it sooner. Because the benefit to your security and the privacy of your data is such that you're actually getting a net benefit in the things in your life that you have to worry about. I can't overstate that.”

4

“Patch, update, keep things up to date. Every security professional says that, but it continues to amaze me the number of organisations that are taken over by ransomware because they don't have the latest patches installed.”

5

“Understand where the weaknesses are being introduced into the security environment of users based on the fact that they're working from home. How secure is their home office network equipment? Do they have personal devices that haven't been patched since the 1980s, that are now part of their operating environment and an entry point for malware? It's something more for security teams to think about.”

6

“Give your workforce time to breathe at a difficult time by making sure people can work according to their own schedules and be flexible. I think it's really important at a time when everyone's under so much pressure [during the pandemic] to take the pressure off, because when people are under pressure that's when they make mistakes. And when mistakes are made that's when data gets exposed. Nobody wants to do the wrong thing, everybody wants to do the right thing and giving people the flexibility they need to work well is what's going to make you safer as a company.”