Uber is perhaps the world’s most well-known platform company and company messaging apps, offering ride-hailing, service provision, food delivery, parcel delivery, and couriers in 72 countries and more than 10,500 cities worldwide. Being such a big company, you would think they would have matters like online security nailed, but this appears not to be the case.
In September 2022, an individual sent a message on the Uber employee Slack channel, stating they were a hacker and had accessed several of the company’s internal databases, including the AWS console, Slack, Google Workspace, and its security systems. The Uber staff was immediately told to stop using Slack, and Uber confirmed the breach a day later, stating they were looking into the situation.
But then, the media started reporting that the hack happened because of an 18-year-old who obtained access to Slack through a simple phishing attempt. Posing as an employee from corporate IT, they tricked another staff member into handing over their login and password. The hacker then used this information to access Slack and post several messages, including poking fun at the company and criticizing them for not paying employees well.
Though barely an adult, the hacker most likely joined forces with a hacking group called Lapsus$. This group links to several attacks on technology firms. Uber claims that he breached no user data and no other serious results from the hack occured. But, the damage to its reputation, both publicly and among staff, is not easily repaired. This is why it is very important to have a social media and communications strategy in place.
How can companies protect themselves when using these platforms?
Using these company messaging apps can be essential to managing a company, particularly workflow and communication between staff. For many, simply phasing them out is not a viable option. Therefore companies need to find ways to use them and ensure their staff is using them responsibly and without falling fou to nefarious actors. Asides from phishing, like in the case of Uber, account takeover is another significant risk facing users.
Account takeover is where a hacker gains access to an account and then changes the email, phone, or even password without the owner realizing it, therefore seizing control of it. For a company, certain services breached this way potentially remains disastrous with wide-ranging internal and external consequences. By following the guide on Account Takeover and Fraud Prevention on seon.io, companies can be safe knowing that all measures are in place to ensure account security. This can include practicing good password safety, being vigilant with links, and not handing over any information to a third party, no matter how convincing they are.
The same security measures used to protect against account takeover fraud also apply to protect against other forms of attack. For example, phishing or brute force hacking contributes to the millions of dollars lost in such incidents yearly. By educating your employees on security risks, ensuring their passwords are frequently changed, hard to guess, and not clicking on random links or downloading apps from suspicious sources, you can protect your business. This will also stop people, like the infamous Uber hackers, from infiltrating your company’s communication tools or other essential software.
Slack the messaging program
Slack is a messaging program started in 2013 to connect employees within an organization around one platform. It allows the creation of different channels and groups for other purposes, as well as 1-2-1 messaging and group chats. Another recent feature is Huddles, which enables audio meetings through the application. It also provides integration with other software. This includes calendars and customer management systems such as Dropbox, GitHub, Zendesk, IBMBluemix, and Googe Calendar. Slack is also available in an app for iOS and Android and can be downloaded for Apple Watch.
Another popular workplace tool in the same vein is Workplace, a direct competitor to Slack. Created in 2016, Meta Platforms developed Workplace. It brings together instant messaging, video calling, news sharing, and online group workflow management. The software uses machine learning to make intelligent recommendations and streamline processes for users. Additionally, it is integrated with Google Drive, Zoom, and Dropbox, as well as many others.
What are the drawbacks of these platforms?
These communication and workflow management platforms have a lot of benefits, as mentioned, but they also have some drawbacks.
For some companies, it can be just another software to add to a long list, thus overwhelming employees. For example, email, Zoom, Google Drive, CMS software, and other software are essential for the job. Some companies may find it hard to get workers onboard with yet another program, meaning participation can be low.
Another risk includes no moderation. You could end up with people talking too much, going off-topic, arguing, or wasting time discussing non-work-related matters. It could be worth enforcing a code of conduct and having one person in charge of keeping things in line to ensure the platform runs smoothly.
There are also security issues, as we have mentioned. Suppose someone gains access to such a platform. In that case, they can get their hands on sensitive information and potentially embarrassing communications. Or they could pose as an employee to get other employees to hand over information, data, and logins.
What are the benefits?
But despite the drawbacks and the care needed, several benefits exist to company messaging apps. For example, they are essential for fostering quick and efficient communication between employees without having to resort to email. They can also make the organization much more straightforward while fostering a climate of collaboration.
These kinds of software are also helpful in helping employees who may struggle with disorganization, to stay on task. Lastly, they can help improve the company culture by giving people a space to express themselves in various ways. As opposed to a slightly less formal way than email or face-to-face. This means the removal of some barriers, such as nerves. Overall, the benefits of this software are vast. Use them within companies, but only when taking precautions, and employees know the risks.