P2P File-Sharing and Sensitive Data

By: Absolute Team | 4/26/2010

The FTC put out a news release earlier this year warning companies to be cautious about using P2P File-Sharing Networks to share sensitive data.

The alert went out after nearly 100 companies were notified that personal information, including sensitive data on employees and/or consumers, has been shared from their computer networks and is available on P2P networks, publicly, which could lead to identity theft or fraud. When used incorrectly, data not meant for public sharing may end up open to the public on P2P networks.

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ license and social security numbers--the kind of information that could lead to identity theft,” said FTC Chairman Jon Leibowitz. “Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”

The FTC has put together 2 guides on P2P use for consumers and for businesses. For businesses, the P2P advice includes advice to:

  • Delete sensitive information you don’t need, and restrict where files with sensitive information can be saved.
  • Minimize or eliminate the use of P2P file sharing programs on computers used to store or access sensitive information.
  • Use appropriate file-naming conventions.
  • Monitor your network to detect unapproved P2P file sharing programs.
  • Block traffic associated with unapproved P2P file sharing programs at the network perimeter or network firewalls.
  • Train employees and others who access your network about the security risks inherent in using P2P file sharing programs.
Financial Services