Avanan protects Slack and Microsoft Teams with one click.
As you continue to transition to remote work due to the COVID-19 crisis, it is likely that you are spending more and more of your time communicating with coworkers across a variety of channels
Besides email, you're also using Slack or Microsoft Teams, chatting with coworkers, sharing files, even enjoying a funny GIF or two. Even before the outbreak, a large portion of internal communications and file sharing lived within Slack or Teams.
While these platforms may help speed communication, both Slack and Teams do not provide any default security protections. That means that everything you share—files, company data and information—is ripe for hackers.
And because these are collaborative mediums, both external actors and third-party apps may have nearly access to your channel, your information and your employees.
You must take active steps to secure your messaging and collaboration platforms from the following risks.
Avanan has protection for Slack Security available now and will be releasing protection for Microsoft Teams soon.
Companies share everything on Slack and Teams: files, budgetary spreadsheets, company announcements, sensitive documents.
But that share-ability can lead to the following bad outcomes:
Any data or information shared on Slack or Teams can easily be passed on. This can happen maliciously or by mistake—many users consider Slack and Teams to be internal but forget that external partners might also have joined a channel.
Neither Slack nor Teams offer protection against malware.
Users can share malicious links or malware without realizing and there are no protections against it. And given the general trust employees have of these platforms, anyone in your company could click on a malicious link or download malware.
The only way to protect against malware, then, is to purchase outside protection. Today, Avanan provides one-click protection against malware in Slack and, soon, Teams.
It's fairly easy to join a Slack or Teams channel. Any user, at almost any permission level, can invite others to join whether inside or outside the company. The approval process is often loose and casually enforced.
With the sudden ramp-up of Slack and Teams usage, unfamiliar users are likely to trust what they see and permissions approved in bulk.
Worse, profiles are the only indicators of identity and can be edited by the end-users at any time. None of your employee's anti-phish training applies.
It is incredibly easy, then, for an imposter to enter active conversations undetected, access sensitive information or introduce malware. Because information is so free-flowing, entire companies can be put at risk by just one impersonator.
Both Slack and Teams allow third-party add-ons and integrations to boost productivity. Companies can link their Dropbox, G-Suite and thousands of other apps to their Slack or Teams accounts.
External apps connected to Slack or Teams bring their own security flaws and attackers are fond of using tools with weak security but over-reaching access as back doors. Any employee can add any integration, without following any protocol or company policy broadening the attack surface.
With Slack and Teams, there's very little by way of reporting tools. It's nearly impossible to know what is being shared within your channels both between different departments or even with external partners.
Normally email compliance tools would address this issue, but none of the email gateways extend their monitoring to internal collaboration tools and the typical SIEM reporting is a challenge, leaving a blind spot that is only growing larger.
When you use Slack or Teams, you are typically on your own to figure out how to best monitor it for compliance.
The first compromised account typically happens by email. Subsequent 'east-west' compromises typically avoid email in order to avoid detection. As companies move internal communication to Slack and Teams, the attackers will follow.
Avanan is the highest-rated email security platform. But you may not know that Avanan is the only email security solution that can extend that same level of protection to all of your collaboration platforms. Avanan's DLP can identify files and text containing sensitive information and protects against malware and malicious links. Every email protection is available for Slack. Soon it will be available for Teams. Stay tuned.