Ask Floh: Why oversharing on team messaging could be a problem: Peerio
October 11, 2018

Ask Floh: Why oversharing on team messaging could be a problem

Has your company ever shared sensitive data on team chats like Slack?

In this week’s Ask Floh, we hear about the risks and learn how to securely share sensitive data on chat.

Transcript:

Alright, hello. Welcome to Ask Floh. I’m here to answer all of your security questions and help you survive in the digital world.

So today, there’s a question from Ajay in Toronto. And he asks:

“I’ve seen some of my coworkers casually sharing all kinds of confidential client info in our company’s slack channels. Honestly, it kind of freaks me out. I mean, what could possibly go wrong? Right? Look, I don’t want to go back to email. And I like the ease of team messaging. But what can we do to make sharing on chat less risky?”

Okay, yeah, there’s a lot of different issues here. So depending on what kind of business you’re in, and depending on where your customers are, it might be that you’re subject to a bunch of different regulatory requirements. And so for example, some something like GDPR might apply. If you have customers in the EU. If you’re in the financial industry, if you’re in health care, there might be additional requirements, depending on where where your clients are. There’s a lot lot of different stuff going on. And this is something that if you have a legal team, they might be able to help you with understanding what actually the issues might be there.

So specifically, with Slack, one of the issues is that if people are sharing confidential information in open channels, that’s searchable by everyone in the company. So that might be a lot of people who theoretically have access to that information, who shouldn’t. And as well, you know, Slack is not encrypted. The data sits on Slack servers, where Slack employees or theoretically, someone who hacked Slack might be able to gain access to that information after the fact. So that’s really a thing to watch out for.

Now, I noticed that you mentioned email. And the thing about email is, it’s not necessarily any better.

So you know, whenever you do bring up this conversation, that’s, that’s something to point out, right. There’s no need to go back to email, because email is maybe not even protecting you. Depending on how your email setup, that might actually be a bad idea.

So the one of the things that you should consider is having some kind of encrypted solution, in particular end to end encryption for sharing that kind of information. So maybe you want to establish some kind of two tier system maybe, or maybe you just want to move everything over to something that’s, you know, a little bit like Slack has that same ease of communication, but also has sort of more guarantees regarding confidentiality.

So this is something to bring up with IT to bring up with management, whatever the structure is internally. Yeah, and the main thing really us to understand your risks and see if this is actually something that could get you into trouble and take it from there.

And really, I commend you for thinking about this. I think a lot of people don’t think too deeply about the data they’re handling and data is really important and is really tricky, and yet you should think about it and worry about.

So thank you for the question and talk to you next time.


You know what’s better than secure team communication? Nothing. Peerio gives you a super secure way to chat with your team, store and share files, all in one place. Every message and file stored and sent with Peerio is encrypted end-to-end by default. Learn more.