Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to stop P2P data breaches

Three tips that will ensure your company meets security mandates

Article comments

The Federal Trade Commission (FTC) has notified hundreds of US businesses that their sensitive data is circulating freely on peer-to-peer (P2P) file sharing networks for all to see. While no company wants to have confidential information exposed to unauthorised users on the web, many businesses, depending on the nature of the data being exposed, also fall under legal compliance mandates to safeguard the data.

"Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information at risk. For example, we found health-related information, financial records, and drivers' licence and social security numbers - the kind of information that could lead to identity theft," said FTC Chairman Jon Leibowitz in an FTC statement.

Leibowitz continued: "Companies should take a hard look at their systems to ensure that there are no unauthorised P2P file-sharing programs and that authorised programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing."

The FTC statement explains that the FTC is developing new educational materials that increase awareness of the risks associated with P2P networks, and provide tips to help protect data, in order to help businesses understand and manage the security risks of file-sharing networks.

Why wait for the FTC materials, though? Here are three tips that will help ensure your company doesn't receive a nasty letter from the FTC letting you know that your data has been breached on a P2P network.

1. Beware the doftware

There are actually multiple reasons to be cautious regarding the client software required for P2P file-sharing. First, most P2P client software doesn't have the same attention to security as commercial software does. P2P clients can be buggy and may cause system crashes or other performance problems.

The larger issue is that P2P client software is often open source and hosted from the host systems that are part of the P2P network. The client software itself could easily be compromised with some sort of Trojan or botnet-type malware which could infect systems and allow attackers access.

2. Watch what you share

P2P client software is generally pre-configured with a default folder that will be the shared folder for the P2P network. Files in that folder will be exposed to the rest of the P2P network and can be downloaded by all.

Some P2P clients might default to the root of the C: drive, or some users may unwittingly designate the root of the C: drive or some other equally sensitive drive or folder as the default share location for the P2P network.

3. Just don't use it

While it is true that there are legitimate uses for P2P networks, and most of the data available on P2P networks isn't counterfeit software, pirated music, or breached data from corporations, there is arguably no legitimate reason for accessing a P2P file-sharing system from a business network.

Allowing anonymous users access to files and folders on computer systems in your network can sap precious network bandwidth - and that is the best-case scenario. If not properly configured and secured, you also run the risk of opening your network to attack and compromise, or inadvertently exposing sensitive data.

If there is a legitimate reason for allowing P2P file-sharing access, the policies and procedures defining that access should be documented, and P2P file-sharing should be restricted to authorised users with an established need for it.

As long as companies continue to configure users with god-like Administrator privileges on their computers, and allow them to install and remove software at will, the risk will continue to exist that employees may install questionable software and expose the company network, or sensitive data to unauthorized access.

Tony Bradley is co-author of Unified Communications for Dummies. He tweets as @Tony_BradleyPCW, and can be contacted at his Facebook page.


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *