If you use Slack to keep in touch with coworkers, friends, and communities, you know how convenient and easy it is to use. But just like any other online service, you should be diligent to keep your information secure. While Slack’s cloud-based servers are pretty secure by themselves, you can still take some steps to make sure nobody gains access to your account.

Here are some Slack security tips that will help keep your communications private.

Understand Slack Encryption

Slack uses cloud servers to store its user information and account data, and it employs a variety of encryption methods to keep it secure. After a high-profile hack in 2015, the company has redoubled its efforts, including adding features to help users keep their data safe.

Among the methods Slack uses are:

  • Encrypting data at rest (e.g., stored databases) and in transit (i.e., messages you send through the service)Identity management tools to allow and ensure user control over who can access a workspaceSupport for single sign-on to minimize exposure of passwordsDomain-claiming to provide control over who can find and use workspaces, along with restricting users to specific email address domains

Create a Strong Password

The first step to locking down any account is securing it with a strong password. The regular rules apply: Make a password that’s as long as possible and avoid easily guessed things like birthdays, sequential or repeating numbers, or the word “password.”

You may also consider using a password management system. These services will create unique and complex credentials and save them securely so that you don’t have to remember them.

Turn on Two-Factor Authentication

Even with the best, longest password you can devise, you can take extra steps to keep your Slack account safe. Two-factor authentication is one of the best ways to secure it. It adds an extra step after you enter your password that requires you to authorize any logins from another device (usually your smartphone). With this feature on, people won’t be able to access your account even if they guess or steal your password.

If you’re a Workspace Owner or administrator for your Slack channel, you can require other users to turn on 2FA from your channel’s Administration page. Regular users can set it up through their account page by selecting Account Settings from their profile in Slack.

Slack isn’t just a real-time chat room. You can also use it for direct messages and file sharing. And along with those extra capabilities come more calls for caution. Although Slack can be a more closed system than, say, your email, people can still find ways to use it for phishing scams and other illegal activities. These risks can not only compromise your Slack account but your financial data and computer.

The same rules apply as when you receive a suspicious email: Don’t click a link or download a file unless you know exactly what it is and who is sending it.

Get the Latest Tech News Delivered Every Day