Managing the demands of a distributed workforce — especially across multiple time zones and countries — is difficult in the best of times. Now, in the time of the Coronavirus, security leaders are being asked to manage new productivity tools at unprecedented speeds while keeping data security top of mind. As more companies add Slack to their communications and productivity stacks, security policies are being tested in new ways.
Sometimes even the biggest companies are vulnerable to data leaks in Slack. When Twitter experienced their massive hack in July 2020, 130 high-profile user accounts were exposed to hackers, and 45 accounts were compromised to initiate password resets, new logins, and sending Tweets directing readers to promote a cryptocurrency scam. The credentials for these accounts were exposed through public Slack channels within the Twitter org.
How can cybersecurity teams ensure data security and maintain the necessary speed and efficiency their org expects from its tech stack when implementing Slack? Data loss prevention (DLP) is the way to go. A solid DLP solution will detect any suspicious messages or improperly shared data in Slack, classify the types of data that could be exposed, and protect your org from data exfiltration.
There’s a lot that DLP for Slack can do. Here’s the first part of a series of ways DLP for Slack supports many essential cybersecurity initiatives for everyday safety, like staying in compliance, detecting unstructured data, and more.
#1: Support compliance regimes like HIPAA within Slack
DLP allows organizations to implement compliance policies that require data protection. Many compliance regimes can be supported by a solid DLP solution. The most common use case is HIPAA compliance, due to the sensitive nature of protected health information (PHI) and the massive risk an organization assumes when digitizing health records.
Advancements in big data and SaaS applications help improve patient outcomes for health care providers and insurance companies. As decision makers in the healthcare industry seek to modernize and optimize their data ecosystems, they must implement security measures to protect the future of big data and SaaS tools in the field. The rapid progression to cloud systems, all-digital databases, and distributed care teams is not sustainable without the right DLP platform to protect essential private data from being lost.
In 2020, more than 89% of all hospitals implemented inpatient or ambulatory electronic health record (EHR) systems to record and track patient data. HIPAA compliance is required in most use cases here, to ensure PHI is protected at all times. Organizations looking to implement Slack should know that Slack is not HIPAA compliant on its own. But choosing a DLP solution that detects PHI data like Social Security numbers and medical record numbers will assure that your Slack instance is HIPAA compliant.
DLP for Slack can cover many of the most common required compliance regimes, like GDPR, CCPA, and more. Compliance is easy when you use DLP to monitor your cloud-based apps.
#2: Protect the sensitive Slack data that matters to your org with detectors
DLP starts with detecting and classifying data in SaaS apps. Identify which data your org needs to protect with detectors, like PII, PHI, API keys and other secrets. A good DLP solution even allows you to set custom indicators to find the data that you want to protect from leakage.
The flexibility of DLP makes it easy for your cloud security policies to scale up with your company as you grow. Relying on rigid rules like regexes found in legacy security solutions doesn’t make sense, especially within a platform like Slack that hosts thousands of conversations each day. Any message can carry business-critical data that needs protecting. When you have a good cloud DLP on your side in Slack, you can keep the collaboration and information flowing between teams without the fear of data loss.
Remember what’s at stake with a data breach. On average, a breach exposes around 10,000 patient records and inflicts $2.75 million in damages in the healthcare industry alone. Over half healthcare vendors have experienced a data breach in their company history. Adding DLP to Slack means you can set your detectors to catch the data that should not be shared improperly and save the company from losing money and trust among your customers.
#3: Detect and remove potential Slack threats automatically
Maintaining security across SaaS apps is challenging, because new threats can occur at any time and they’re not always easy to track down. Any new threat to your data security puts your entire system at risk of breach and data loss. You need a data guardian always at the ready to defend against threats and neutralize them before they wreak havoc on your systems.
DLP can detect potential threats automatically, and remove any suspicious messages or files being shared in Slack. You’re in total control of your security posture with DLP for Slack: quarantining suspicious messages or setting automatic deletion rules for messages that meet the criteria for removal are two examples of how to deal with potential threats in Slack.
Catch bad behavior and set the right policies to reduce your risk. Whether it’s squashing potential leaks or finding which users are sharing suspicious files in your org, DLP for Slack can help you create a proactive security posture.
#4: Send notifications to Slack users to help them better understand security policies
Security is often a black box to staff members who don’t work directly with IT. Some of that can be blamed on poor communication on security policies. When people in your organization lack visibility into why certain decisions are being made, confusion is naturally bound to follow.
We’ve all sat through the IT presentations and security training videos that tell us why it’s important to follow the rules and keep company data safe. But most of it is abstract and dry, because it fails to engage us on a level where we can understand how much individual risk vectors can impact the company. We’re asked to be responsible digital citizens; but do we really know (or care) why?
One way to engage teams in your org for better security posture is sending alerts in Slack through a DLP solution when a message is deleted. It begins by notifying the user right away that their action could put the company at risk. A properly crafted message can detail why the action is against company policy, and should explain what triggered the deletion (like sharing a sensitive piece of data such as a credit card number, or sending a file that shouldn’t be shared in Slack). Instead of just telling the employee that they did a bad thing, they can clearly see why the message wasn’t the right way to go and they should be able to understand the decision to remove the threat.
DLP can do a lot more than just detect and remove threats. It can also help communicate why security decisions are made to end users, and reinforce good digital behavior. It’s one way to help normalize risk response across the entire organization and educate your teams to ensure compliance. Security can be easier to understand, with an assist from DLP.
#5: Address the risks of unstructured Slack data
Unstructured data is everywhere, thanks to the explosion of cloud-based SaaS apps and collaboration platforms. We wrote about the issue of unstructured data in depth, with emphasis on just how much unstructured data is out there, where unstructured data tends to live, and why being in the dark about this data is a major detriment to your business.
The problem is massive: more than 90% of unstructured data is never examined, and modern businesses are utilizing as little as 1% of their unstructured data. This means large portions of data are left unsecured and underutilized for many businesses. A solid DLP solution can scan your Slack instance for the unstructured data that’s hiding in files and messages being shared on a daily basis among your staff.
Cloud security challenges come from all angles, and threats persist thanks to the constant influx of new information into SaaS applications. Data discovery is essential for risk identification and remediation, and your security policy should include a way to scan for unstructured data. Adding a DLP solution that can scan Slack for the data that hides from typical detectors will help you level up your organization’s data security posture.
DLP and Slack go together, naturally
Slack is an incredibly powerful tool that has changed the way we work and stay connected across different teams, time zones, and countries. It was built to do that one thing very well, but does not include any security functionality without a little help. DLP solutions allow an organization to use Slack securely by handling the everyday functionality required for data protection.
In part two of this series on why your organization needs DLP for Slack, we’ll look at five ways DLP supports long-term, holistic security goals for your organization. For now, we hope this list of ways DLP for Slack promotes everyday cybersecurity readiness makes it clear that Slack and DLP are a natural fit to work together to protect your business-critical data.