Sophos warns firms of dangers of P2P file-sharing after FTC data probe

February 23, 2010 Sophos Press Release

 

Following a data security probe by the Federal Trade Commission, IT security and data protection firm Sophos is warning of the dangers of uncontrolled peer-to-peer (P2P) file-sharing in the workplace, which can put sensitive corporate and personal information at risk.

The FTC has notified almost 100 US organizations of serious P2P-related security breaches that have exposed consumers to the risk of identity theft and fraud. The use of P2P file-sharing networks to download music and movies opens the door for data loss both in the workplace and on home PCs, where users may have worked on company files.

"If not configured properly, Kazaa, Limewire and other P2P file-sharing networks can scoop up files on your computer that you would probably prefer the whole world didn't have access to," explained Graham Cluley, senior technology consultant at Sophos. "There are now cybercriminal gangs who scavenge the file-sharing networks, hunting for sensitive work documents such as financial records, driving licences and social security numbers."

The FTC's warning acts as a stern reminder to companies worldwide towards the dangers posed by P2P file-sharing in the work environment, and the need to control the movement of sensitive data. A survey conducted by Sophos revealed that 86.5% of organisations would like the ability to block P2P file-sharing applications, with 79% indicating that blocking is essential. These statistics point towards the concerns felt by most businesses with regard to protecting their data.

"Some firms may choose to turn a blind eye to their workers using peer-to-peer file-sharing applications to download pirated music and movies, but they must wake up to the risks of exposing sensitive data. Many of these P2P apps will scour your entire hard drive for files to share automatically, and could pick up data that should never be released onto the net," Cluley continued. "By using application control and data loss protection, companies can both block their users from running the file-sharing apps and prevent them from moving sensitive data to an uncontrolled home PC."

Last year, a US House of Representatives Committee hearing revealed that a confidential document was shared via the Limewire peer-to-peer (P2P) file-sharing network. This document contained details of the secret service safe house that would be used by Michelle Obama in the event of the White House being evacuated. In addition, the hearing heard that sensitive details regarding the location of every nuclear facility in the USA were available via file-sharing systems.