The FTC put out a news release earlier this year warning companies to be cautious about using P2P File-Sharing Networks to share sensitive data.
The alert went out after nearly 100 companies were notified that personal information, including sensitive data on employees and/or consumers, has been shared from their computer networks and is available on P2P networks, publicly, which could lead to identity theft or fraud. When used incorrectly, data not meant for public sharing may end up open to the public on P2P networks.
“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ license and social security numbers--the kind of information that could lead to identity theft,” said FTC Chairman Jon Leibowitz. “Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”
The FTC has put together 2 guides on P2P use for consumers and for businesses. For businesses, the P2P advice includes advice to: