Tag Archives: Security

Privacy: Social Cause or Business Imperative?

Does your company have NDAs or Confidentiality Agreements? If you do, then your company understands privacy is a business imperative.

For most of us, privacy is a social cause; a way of life that protects a basic civic liberty. But online privacy isn’t just a social cause. It’s also a business imperative. And encryption is one of the easiest ways to protect our livelihood. But first back to business imperatives…

Does your company lock the front door at night? Does it have locks on personnel files? Does your company have non-disclosure agreements? Does it have confidentiality agreements for vendors and employees? Does it secure the WiFi network with a password? Do you need a password to login to email?

If you answered “Yes” to any (and I bet you answered “Yes” to all) of these questions, your workplace understands the business imperative of privacy. You don’t have to be Silicon Valley startup or Apple to be paranoid about the future of your business. These privacy policies are designed to protect the company, its assets, your stockholders, and frankly your own job and livelihood.

Let’s be honest, most businesses shouldn’t be that worried about hackers, foreign operatives, and compromised credit card records. It’s the other very real things that will more likely kill your business or/and ruin your career, things like theft, corporate espionage, ransomware, litigation from former employees, and workplace morale. Also don’t forget information leakage from BYOD, mobile, and the informality of most electronic conversations. The volumes and volumes and volumes of plain text information shared, discoverable, and hosted in the cloud will be the next gold rush for litigators. Just ask Sony or Gawker .

Yes, corporate privacy is more than IT security. It is everything the company does after it secures the network with taller walls and wider moats. Encryption of business information is the simplest and best method of protection. And many argue if your data is encrypted and unreadable by any actor, either inside or outside your network, you can always sleep at night knowing you are safe again.

Privacy is a 7×24 business imperative. We need to move away from “Do you care about privacy?” and move toward “What are you going to do today to better protect your business?”

Slack’s Top 5 Privacy Mistakes Competitors Can’t Make

Everyone makes mistakes. I do too. But when it comes to privacy, uses should keep their guard up and most businesses who collaborate online will appreciate it.


Slack is a great product and people love it. I get it. I think it’s great fun too, but it’s just not suited for business collaboration.

There are some popular features in Slack that competitors should avoid if they care about user privacy.

1. The Browser “Playground”

Your browser is a vulnerable place. Think of it as a public playground where every website you’ve ever visited has left its germs and viruses. There are countless security vulnerabilities with deploying an application through the browser; everything from the browser itself, to your security settings, plugins, extensions, the code from every website you visit, and the cookies that track you. With one click, malware can easily get installed on your computer so while there are things you can do to try to protect your activity online, sometimes that’s just not enough.

2. Integrations

Integrations are small applications that extend the functionality of a platform. Slack impressively boasts both a marketplace and investment fund to get more Integrations built for Slack. Most every Integration people use is hosted by Slack meaning every bit and byte that comes through an Integration can be read by Slack. (But I guess if you’re already using Slack heavily, you’re already okay with their ability to read every bit and byte).

3. Inline Pixie Dust

Most collaboration tools will overload posts that include URLs with metadata like images, titles, source content, and icons. This is also true of fun features like Giphy. While it might make the timeline more visually interesting, because you deserve, competitors should not offer this feature.

Here’s the issue: By implementing inline pixie dust, all of this content would get automatically downloaded to your device and you couldn’t control it. Clickable URLs are fine since the user is in control since meaning you choose when you want to visit a site.

4. Email Digests

For those not familiar, lots of products use email digests as a way to summarize a day’s worth of conversations into one quick scannable list sent to your inbox at the end of each day.

The problem? When a team has a conversation, it would be a critical privacy compromise that one/some/all of that team now have those same messages sent over the internet in an email. Email is one of the most vulnerable methods of communication, with a 789% year-over-year spike in malware and phishing. People set weak passwords, which are easily hacked and constantly stolen (remember the 1.6 billion passwords stolen two years ago?). All you need to do it look at the news for the latest email scandal (this week, the DNC was hacked and the Russians stole and exposed their opposition research on Trump).

There is certainly value in having a quick way to “get back up to speed” and we plan to build a “While you were away” feature in Semaphor that gives users the same benefit without compromising the privacy of your conversations.

5. Presence

Is so-and-so online? Presence allows users to passively know if another user is on/offline. Unlike the above features, we are giving serious thought to adding this feature to Semaphor — it is quite handy. That said, it will most certainly be implemented in a privacy-minded way. Does everyone on your team want everyone else on the team to know they are online? Should this summer’s intern know the CEO of your multinational company is “In a Meeting?” This level of transparency has benefits, but it needs to be controlled by users. Defaults should be set to Hidden, and only the user should be able to opt-in to such a feature.