How to stop P2P data breaches

Many companies uses peer-to-peer (P2P) file sharing network to share their data with their employees within the company. But that has been the most insecure method to transfer confidential data; Federal Trade Commission (FTC) has notified hundreds of US businesses that their confidential data is seen by many unauthorized users on the web. And many of the US businesses fall under legal compliance to safeguard the data depending on the nature of the data being exposed on the web.

P2P Data Breach

FTC Chairman Jon Leibowitz said in an FTC statement:

“Unfortunately, companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk. For example, we found health-related information, financial records, and drivers’ licence and social security numbers – the kind of information that could lead to identity theft,”

“Companies should take a hard look at their systems to ensure that there are no unauthorised P2P file-sharing programs and that authorised programs are properly configured and secure. Just as important, companies that distribute P2P programs, for their part, should ensure that their software design does not contribute to inadvertent file sharing.”

According to the statement by Jon Leibowitz, it is clear that FTC has planned to educate companies and have developed some new educational material which will increase the awareness of the risk associated with P2P networks, and guide them with some tips how they can secure their data.

The date when this material will publish by FTC is not confirmed. So why wait for it, here are some tips through which your company can secure their confidential information from exposing on the P2P network.

Step 1:

Beware the software:

The client also needs software for P2P file sharing, and there are so many reasons to be cautious about client software. The most important reason that you need to be cautious about, is that the client software in most P2P doesn’t have same security attention as compared to the commercial software. It may cause client’s system to crash and decrease system performance.

The major reason behind this is that, P2P client software is open source software and is hosted from the host system that are part of P2P network. Because it is open source the clients PC can easily be attacked by malware like Trojen or Botnet and allowing the hackers to access your PC and see your confidential information.

Step 2:

Watch what you share

The P2P client software comes up with a default folder that is a shred folder on the P2P network, and can been access by anyone on the P2P network. People on P2P network not only can see the file in the folder but also can download from it. Many P2P clients make by mistake or unwittingly make the root of C: drive or any other drive which contains equally sensitive data can make that folder a default location for P2P network.

Step 3:

Just don’t use it.

Although, there are only legitimate uses for P2P network, and corporations mostly don’t have breached data, or pirated music, or software on the P2P network, so there is no legitimate reason for accessing P2P file-sharing from their system.

The most important thing that needs to be known is that, anonymous users on P2P network are allowed to access your file and folder on your system causes the network bandwidth to drain. So you need to secure and properly configure your system else your sensitive data will be exposed

If it is necessary to allow file-sharing access on P2P network, then it should be restricted to authorized users only, policies and procedures should be documented defining the access of the files.

The basic wrong doing being done on the companies part is that they give full administrative rights to the administrative, allowing them to do anything they want like to install and remove software etc. This increases the risk to exposes companies sensitive data to unauthorized users on the network.

Another option is to switch from traditional P2P clients over to a Trend Micro cloud computing secured network that actively prevents malware from infecting other machines, and keeps your data encrypted.

Follow us on Twitter @TechSkipper

Write an email to the author of this post at jawad@techskipper.com

, , , , , , , ,

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>