Archive Data Protection

    Do You Have a Data Risk Problem in Slack?

    Safeguarding Collaboration Without Compromising Productivity

    by Emily Schwenke

    Key Points

    • This blog was originally posted on the Aware website, but with the acquisition of Aware by Mimecast, we are ensuring it is also available to visitors to the Mimecast website.
    • Discover the hidden risks within Slack data, from sensitive information exposure to reputational and workplace incidents, and why traditional controls may fall short.
    • Learn how IT leaders leverage Aware’s solutions for real-time compliance, automated data protection, and effective governance tailored for Slack’s unique challenges.
       

    How do modern IT leaders cut through the tangled mess of siloed datasets to surface risks in Slack messages?

    Innovative organizations of all sizes use collaboration tools like Slack to support every type of work. Synchronous and asynchronous, in-person, remote, hybrid and more. Across single teams, multiple departments, and even with outside organizations. 

    Slack excels at connecting today’s digital workforce and breaking down silos that slow access to information. However, Slack wasn’t designed to handle the data governance complexities of modern businesses. That’s where IT leaders must step in to plug the gaps and ensure they mitigate the risks in their Slack dataset. 

    What risks does Slack data contain? 

    • Sensitive information 

    How many instances of PII/PHI/PCI or IP exist in your Slack dataset? Can you be certain of finding and removing them all? How would you demonstrate to regulators and potential investors that they don’t exist in your Slack ecosystem? 

    • External audiences 

    How many guest users (or Slack Connect channels) have your employees created? How can you prevent them from viewing or exfiltrating sensitive data? 

    • Reputational damage 

    How do your employees interact within Slack? Do Slack’s siloed channels provide dark corners where negativity, bullying or harassment can flourish? 

    • Workplace incidents 

    What happens if an incident comes to light? How do you conduct eDiscovery or internal forensics on the data living in Slack? Could you be sure you can surface all relevant messages and context to understand exactly what happened? 

    With the volume of data living in Slack at an all-time high, IT leaders need a way to protect their organization’s best interests and easily satisfy the demands of legal, compliance and information security. 

    Your people are your greatest strength — and your weakest link 

    Human behavior is unpredictable, and the informal nature of Slack communications make it easy for an innocent mistake — or malicious insider — to create real harm for the enterprise. Two-thirds of insider threat incidents are caused by negligence, but they can cost the organization upward of $871,000 each. 

    In the course of doing their jobs, employees might not realize the risks they introduce by sharing restricted information within Slack. After all, it’s not unreasonable to assume that a work-sanctioned tool is secure. 

    What employees don’t realize is that Slack was designed to accelerate information-sharing, without providing many native DLP controls. Often, senior leadership don’t realize this either — until a data risk incident brings it to their attention. 

    The challenge of solving Slack data risks 

    If your organization uses Slack, there’s no going back. Employees and businesses alike recognize the value Slack brings to the workplace. Almost 80% of the Fortune 100 use Slack in some capacity. Taking it away only encourages shadow IT in your organization, increasing the risk that Slack presents instead of lessening it. 

    The same is true of introducing new controls that restrict how the end user accesses and employs Slack. Creating multi-factor logins, implementing tight retention policies, locking down group visibility and limiting file sharing could all help to reduce risk, but are equally likely to push employees toward alternative, unsanctioned solutions. More than half of employees find ways around security precautions they find too restrictive. 

    What IT leaders need is the ability to perform information governance and data loss prevention within Slack, without impacting the end user. Aware provides that solution. 

    Mimecast Aware for Slack data risk mitigation 

    Mimecast Aware is the only Slack partner recommended for both eDiscovery and DLP, enabling organizations to reap the benefits of Slack while mitigating its risks. Unlock automated compliance monitoring, real-time identification and tombstoning of sensitive data, and faster, more effective federated search. 

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page