Security tips to protect your workspace
In our eyes, secure workspaces are happy workspaces — that’s why keeping your account secure, protecting your privacy, and building a service you can trust are our top priorities at Slack.
This guide rounds up the tools Workspace Owners and Admins need to keep their workspaces and members safe: You’ll level up from encouraging members to pick a strong, unique password (but good passwords are very important too!).
Let’s get started.
Ask members to set up 2FA
By turning on two-factor authentication (2FA), members can only sign in to your workspace if they have both their password and access to their mobile device so they can confirm their identity. So in the unfortunate event their password is compromised or stolen, only they can sign in to their account.
For workspaces on the Free plan, setting up 2FA is voluntary for members, but on the Standard plan and above administrators can turn on mandatory workspace 2FA for everyone.
💡 Want more? If your teammates access other apps and services through an identity provider, consider upgrading and configuring single sign-on for Slack.
Manage apps with care
By default, all members can add apps to your workspace. Every app in Slack’s App Directory is reviewed, but if you’re concerned about the security of external apps that aren’t available in the directory, Workspace Owners can control which apps are installed:
- Limit who can approve apps or integrations.
- Restrict installations to only apps listed in Slack’s App Directory.
- Control which apps are approved for members to install.
Learn more about how to manage apps for your workspace.
Note: For internal integrations built by your team, be sure to treat the tokens you generate carefully. Never share tokens with other people or applications. Read how to Connect your tools to Slack.
Give access to only the people who need it
A Slack workspace is where your team can work together openly, and sometimes that means proprietary information or intimate details about your organization is accessible to members. This is why we give Workspace Owners and Workspace Admins the keys for inviting new people to join by default.
Here are some tips for managing who has access to your workspace.
- Only invite people you know.
Keep the default setting that lets only Workspace Owners and Admins send invitations to new members. If you do allow everyone (except guests) to invite new members, it’s a good idea to review pending and accepted invitations periodically.
- Deactivate members’ accounts as soon as they don’t need access.
Change is constant, and people come and go. Don’t forget to deactivate a member’s account when they leave.
💡 On the Plus plan and above, Workspace Owners can streamline deactivation process through their identity provider and SCIM provisioning.
- Use guest accounts and limit which channels they are invited to.
Guest accounts are an excellent way to manage who has access to what, especially for contractors, interns, clients, or other people who only need access to a limited number of channels on your workspace. (Available on paid plans only.)
Learn all about the benefits of Multi-Channel and Single-Channel Guests.
Use caution when clicking on shared links
If you manage a workspace it’s impossible for you to monitor every single link that gets shared in your workspace — so we do our part to help. If we identify a potentially unsafe webpage or malicious link, we’ll show a visual warning to let people know they should proceed with caution.
Read more about safe browsing. 🔗
Consider limiting administrative privileges
Making announcements that mention @channel or @everyone in your workspace is a great way to get people’s attention quickly. Depending on your team, Workspace Owners may want to change the messaging permissions to Workspace Owners and Admins only.
- Email display
Some may want to to keep their contact information private, so you can choose whether to display members’ email addresses in their Slack profiles.
Workspace Admins and Owners can browse the full menu of workspace Settings & Permissions.
Use exports to understand Slack usage
While Workspace Owners and Admins can export data from their workspace, that doesn’t mean they can read individual messages sent in other people’s private channels and direct messages.
Depending on your workspace’s plan, you can access different kinds of information and insight. Learn more on our Guide to Slack data exports.
💡 On the Standard plan and above, you can view analytics and usage to gain insight into how the people in your workspace use Slack.
Hi! Our Support team is available 24/7 and always happy to help. If you notice suspicious activity on your workspace, please contact us.
Note: Interested in some of our additional security features? Start with reading more about our different Plans, products & features.