Slack data loss prevention

With data loss prevention (DLP) for Slack, you can reduce the risk of sharing confidential, malicious or personally identifiable information in your Slack organisation. Slack DLP scans messages, text-based files and canvases sent by members of your organisation for content that violates rules that you create.

image (2).png

How it works

  • Org primary owners and members with the roles admin system role can assign the DLP admin system role to members. 
  • DLP admins can create customised rules using regex, or choose from several preconfigured rules to scan for messages and files in Slack that may require administrative action.
  • Rules can be further customised to apply only in specific conversation types and workspaces in your Enterprise Grid organisation.
  • DLP Admins will receive a daily summary of rule violations via Slackbot and can take action on messages and files from the DLP dashboard. 

Note: Canvases in Slack Connect conversations won’t be scanned by DLP.

 

Create DLP rules

You can write your own custom rules or choose from several preconfigured rules to scan Slack for data like credit card numbers or personally identifiable information. When creating a rule, DLP admins can choose to take one of the following actions when a rule is violated:

  • Display DLP dashboard alert only 
  • Show a warning to members who violate a DLP rule*
  • Hide (or ‘tombstone’) messages or files until they can be reviewed

* Member warnings can’t be displayed on canvases that violate a DLP rule.

  1. From your desktop, click your organisation name in the sidebar.
  2. Hover over Tools & settings from the menu, then click Organisation settings.
  3. Click  Security in the left-hand sidebar, then choose Data loss prevention.
  4. Click Create rule in the top-right corner.
  5. Under Rule name, choose a name for your rule.
  6. Select an option from the drop-down menu to choose a preconfigured rule or click Use custom regular expression and enter a regex string that you’d like to track.
  7. Select an Action to take and (if applicable) customise the text that appears when your rule is violated, then click Next.
  8. Choose whether your rule applies to Slack Connect conversations, specific workspaces and specific conversation types in your grid org. 
  9. Click Save rule to finish.  

Note: Preconfigured DLP rules have been developed by Slack using algorithms based on industry best practices. Please note that preconfigured rules may not detect all targeted data and conversely, they may detect false positives.

 

Manage DLP rules

You can edit a DLP rule to change it or deactivate a rule you no longer need.

  1. From your desktop, click your organisation name in the sidebar.
  2. Hover over Tools & settings from the menu, then click Organisation settings.
  3. Click  Security in the left-hand sidebar, then choose Data loss prevention.
  4. Under the Rules tab, click the   three dots icon next to the rule that you'd like to change. 
  5. Choose Edit or Deactivate and follow the prompts.  
  6. Click Save rule or Deactivate to finish.


Manage DLP rule violations

When a member of your organisation sends a message that violates a DLP rule, you’ll see an alert in the Slack DLP dashboard. From the dashboard, you can then archive the alert, delete the message or restore the message (if it was hidden). Remember that alerts expire after 90 days and will be removed from the DLP dashboard.

  1. From your desktop, click your organisation name in the sidebar.
  2. Hover over Tools & settings from the menu, then click Organisation settings.
  3. Click  Security in the left-hand sidebar, then choose Data loss prevention.
  4. Under the Alerts tab, click on a flagged message. 
  5. Click Manage in the top-right corner and select an action.

Note: Slackbot will notify people if their flagged messages or files are deleted.

Who can use this feature?
  • Members with the DLP admin system role
  • Available on the Enterprise Grid subscription

Related articles

Recently viewed articles