Productive & Protected: Cybersecurity For Workplace Chat Apps

There is a strong demand for workplace chat applications such as Microsoft Teams and Slack. These convenient applications allow employees to quickly communicate and collaborate in ways that are more dynamic and fluid than traditional email. With the security options presented today, you can avoid workplace chat apps being used as unsecured “Shadow IT” and instead implement them as a part of your organization’s secured toolkit.

In this article, we will be largely focusing on two applications – Microsoft Teams and Slack. Many of the features mentioned today are only available in enterprise-level tiers of these applications, with many of the Microsoft Teams features made available through Office 365 subscriptions. 

Cybersecurity Risks of Workplace Chat Apps

Leading workplace chat applications are primarily cloud-based, which comes with its own unique suite of risks and mitigation strategies. These chat apps also open a potential vector for sensitive information to be transmitted from an organization’s secured servers to a third-party platform with potential vulnerabilities. 

Cloud-based applications have the risk of:

  • Third Party Control
    • When an organization uses the applications or services of another company there is an added vector for risk as the cybersecurity practices of third parties are out of their control. If the third party is breached or is intentionally hiding malware in its software it can be a potential vulnerability to connected systems.
  • Increased potential for data breaches
    • A data breach is said to occur when information is accessed by an unauthorized party. If a third party application is granted access to an organization’s network there is an increased potential for sensitive data to be wrongfully accessed.
  • Insecure APIs
    • A software’s Application Program Interface (API) defines the set of tools, protocols, and routines for building the software. Third party applications with insecure APIs become a potential vulnerability should those insecurities be exploited.
  • Account hijacking
    • One of the advantages of cloud-based applications is the ability for them to be accessed remotely. This advantage can also prove to be a potential vulnerability as the login credentials of an authorized party can be stolen and used to gain remote access to sensitive information.
  • Insider threats
    • Employees, contractors, and associates can intentionally or unknowingly cause damage to internal systems or leak sensitive information through their actions. As with account hijacking, the ability to access resources off-site through cloud applications gives an added opportunity for sensitive information to be accessed .

How to Mitigate the Risks

The productivity, collaboration, and communication improvements when using workplace chat applications make them a worthwhile consideration for use as a tool within an organization. To maximize the potential of these applications while reducing the risks, there are key steps an organization can take to protect themselves.

Security Through Policy

To mitigate cybersecurity risks, an organization’s workforce must be equipped with the right knowledge and policies. Regular cybersecurity training for employees reduces the potential for accidental insider threats by providing employees with the knowledge needed to operate safely.

Organizations that wish to use workplace chat applications as a resource for their business need to ensure they have a robust cybersecurity plan that includes policies for acceptable device and network use, password hygiene practices, privilege-based access to sensitive data and systems, as well as other cybersecurity best practices. 

Identity Management

A suitable workplace chat application must include advanced identity management options beyond a simple username/password login to ensures that employee user accounts are difficult to access by unauthorized parties. 

Identity Management Features:

  • Single Sign-On (SSO) 
    • Single Sign-On features allow an organization to log in to multiple services using a trusted third-party application.
    • Slack offers Security Assertion Markup Language (SAML) as their SSO option, allowing organizations to use an identity provider of their choice such as Microsoft Azure, GSuite, LastPass, and OneLogin. 
    • Microsoft Teams uses Azure Active Directory as the identity and access management platform, which also uses the SAML protocol.
  • Multi-factor Authentication (MFA)
    • Multi-factor authentication provides an additional layer of identity verification by requiring the use of additional authenticators such as an authentication app (Microsoft Authenticator, Authy, Google Authenticator) or an SMS.
    • Slack offers 2-Factor Authentication (2FA) via an authentication app or SMS.
    • Microsoft Teams offers 2-Factor Authentication (2FA) via an authentication app or SMS

Data Security

If workplace chat applications are used to communicate between project teams, the potential for sensitive or otherwise confidential data to be shared on these platforms is a risk that needs to be mitigated. To prevent breaches of an organization’s data, a suitable workplace chat application needs to have robust data security measures in place.

Data Security Features & Solutions:

  • Data encryption at rest and in transit
    • in-transit data is data that is moving from one system to another, and at rest data is data that is being stored.
  • Privileged Access Management (PAM)
    • PAM-based solutions isolate accounts with greater privileges (admins) into a secure repository, reducing the possibility of damages through unauthorized access to these accounts.
  • Anti-malware
    • Microsoft Teams uses Advanced Threat Protection (ATP) to prevent malware from contaminating an organization’s systems
    • Slack has integrations for added security & compliance software
  • Enterprise Key Management (EKM)
    • With EKM features, organizations can manage their own encryption keys with a trusted EKM provider. 
    • Slack offers EKM features with Amazon’s Key Management Service (AWS KMS) to encrypt messages and files.
  • Cloud Access Security Broker (CASB)
    • CASBs such as MVISION Cloud, Bitglass, and Microsoft Cloud App Security are software tools or services that act as a gatekeeper between an organization’s existing internal infrastructure and the infrastructure of a third-party cloud service provider, allowing for greater security and control when using third party cloud resources
    • CASBs typically offer network and application firewalls, authentication, and data loss prevention tools that prevent transmission of sensitive data outside of authorized channels
    • With the increased prevalence of Bring Your Own Device (BYOD) policies, organizations should consider the use of an agentless CASB to have access to the security features of the CASB without the need for installing agents on individual devices. The use of an agentless CASB also mitigates privacy concerns for employees using personal devices for work as it can leverage needed security features without monitoring their personal traffic.

Slack Security Overview

Slack’s enterprise grid comes with a variety of security and compliance features to help organizations integrate the application while reducing cybersecurity risks. For a detailed overview of Slack’s security features, see their whitepaper on security within Slack, their enterprise security features page and their general security page. 

Microsoft Teams Security Overview

Microsoft Teams meet Microsoft’s standards for “Tier D” compliance, their strictest internal compliance framework standard. For a detailed overview of Microsoft Teams’ security features, see their pricing & features page and their Microsoft Teams security compliance overview.

About the Author:

Dale Strickland works at CurrentWare Inc, a global provider of employee productivity, compliance and data loss prevention software headquartered in Toronto, Canada.

Leave a comment

Your email address will not be published. Required fields are marked *

Popular Post

Recent Post

Fix – Windows 11 Bluetooth Not Working

By TechCommuters / October 18, 2021

Is Bluetooth on Windows 11 giving issues? You have come to the right place. In this post, we will discuss how to fix Windows 11 Bluetooth not working. Generally, the Bluetooth problems are caused due to some software issues, but they can also be related to hardware malfunctioning. Therefore, before we get into details, let […]

How to Reset Network Settings on Windows 11

By TechCommuters / October 16, 2021

Are you facing connectivity issues? Follow these instructions to reset network settings on your Windows 11 and fix the connectivity problems. The network settings on the PC manages internet connectivity. However, in some cases, due to outdated network adapters and incompatible configuration issues like slow connection and dropped connection, no wireless connectivity occurs. If you […]

Bitdefender Internet Security Review

By TechCommuters / October 15, 2021

As the cybersecurity needs of users are growing, Bitdefender has come up with comprehensive Internet security software that is designed to keep you safe 24/7. Bitdefender Internet Security is a one-stop solution for all your security needs. We’ve got a chance to test this powerful tool and to check its compatibility with other security solutions […]

How to Uninstall Cortana from Windows 11

By TechCommuters / October 13, 2021

Is Microsoft’s digital assistant bothering you? Do you want to uninstall it? You’ve come to the right place; here, we will explain removing Cortana on Windows 11. Although Microsoft doesn’t give a straightforward way to uninstall it, there are still ways. Why Uninstall Cortana? It is not like Microsoft’s cloud-based digital assistant; Cortana takes too […]

Seven Best-Hidden Spy Apps For Students

By TechCommuters / October 11, 2021

Technology is advancing at an alarming rate, with most people jumping onto the new trend without fully understanding what these advancements entail or the consequences. It is also a widely known fact that many people do not read the terms and conditions of the new apps. So, the following seven apps will help you keep […]

Top 5 Best Apps to Boost Your Academic Writing Skills

By TechCommuters / October 11, 2021

Most students find it hard to write a comprehensive academic essay within the given timeframe. It becomes quite challenging and equally stressful to complete the assigned task, especially when the deadline is near. However, there are certainapps for writing essaysthat will help you deliver top-quality assignments. Best Essay Writing Apps to Improve Writing Skills There […]

What is brand risk protection and why does it matter?

By TechCommuters / October 6, 2021

Today’s security professionals have become familiar with the idea that every organization has an attack surface that describes its global exposure to threats against internal and cloud applications, devices, users, and data.  The attack surface grows as greater connectivity, cloud applications and myriad new types of device are adopted as an organization expands its digital […]

How to Keep Yourself & Your Devices Safe Online

By TechCommuters / October 1, 2021

Worldwide, more and more people are doing what they can to protect themselves and their data. Considering we live in a world that is so connected, with everything from work to our social lives and entertainment happening online, protection is a must. Staying safe online isn’t as difficult as you think either; it just requires […]

How To Join a FaceTime Call From an Android or Windows Web

By TechCommuters / September 26, 2021

Finally, iOS 15 is now available to download, and it has brought many surprises along. The biggest iOS 15 surprise is that now Apple users can FaceTime with non-Apple users. Yep, you no longer need to use Zoom or Microsoft Teams to make video calls. Instead, Apple has allowed people to join a FaceTime call […]

How to Use VPN on Synology NAS

By TechCommuters / September 25, 2021

We all want to secure our remote access for daily needs & projects. But how to get it done is a big question. Using a VPN this problem can be easily solved as it creates an encrypted tunnel to secure network connection.  Acronym for Virtual Private Network (VPN) hides IP addresses allowing users to navigate […]

5 Best Lead Generation Software for 2021

By TechCommuters / September 22, 2021

Are you looking for the best lead generation software? Then don’t look for the tool that can boost your sales or customer base. In fact, search for the tool that can integrate your CRM software for better KPIs and analytics. Lead capture software can do a lot more than improving your sales or traffic. It […]

5 Best Label Designing and Printing Software in 2021

By TechCommuters / September 19, 2021

Be it product branding or marketing; labels play a significant role in selling a product. In fact, the label helps to distinguish your products from others.  Therefore, the designing and printing of your product label need to be perfect. And for this, we will talk about the best 5 label designing and printing software in […]

Top 3 Apps to Add to Your Android Phone

By TechCommuters / September 17, 2021

The following apps are tops. They have become popular with Android, so if you’re on the lookout for good and useful applications, it may be that you have a few of these apps already. There are many amazing apps for Android in the market but a few outshine the rest. Just about everyone finds these […]

Review – Light Mi Neo Sync Box & TV Backlight Kit

By TechCommuters / September 15, 2021

While scrolling through Netflix, do you feel you’ve seen it all? Well, if that’s the case let us add some spice to it and shed new light on streaming services, gaming, Blu-rays, etc. Wondering how that would be possible? Well, using Light Mi Neo the best and pocket-friendly alternative to Philips’s sync box you can […]

How to make money online?

By TechCommuters / September 14, 2021

We are living in an era where many platforms give you a space to create different kinds of content and there are different ways through which you can showcase your skills and talent and can earn a pretty good amount of money. You won’t be just earning money but you will also learn a lot […]