FTC Says Sensitive Data Leaking Onto P2P Networks…. Oh Noes!

If you run peer to peer (P2P) software on your computer such as Kazaa or Limewire, you need to read this story in USA Today. Apparently sensitive data is leaking onto P2P networks:

This is a long-debated concern on which studies have been done and for which Congressional hearings have been held. The basic problem has to do with well-meaning employees taking company files home and loading them on their personal PCs to work on.

If that PC is subsequently used to download free music or videos at LimeWire, Kazaa or dozens of other P2P networks — and the user is not careful about configuring the download — work files  can get exposed to all users of the network. “It sounds preposterous, but sensitive information leaking out unintentionally like this is amazingly common,” says Eric Johnson, director of digital strategies at Dartmouth’s Tuck School of Business.

In fact, data leakage via P2P networks has become so commonplace that there are cybercrime gangs who specialize in continually searching P2P sites for sensitive work documents. FTC investigators easily found  health-related information, financial records, drivers’ license and social security numbers accessible on P2P networks — “the kind of information that could lead to identity theft,” says [FTC Chairman Jon] Leibowitz.

So why is this happening? Employees are being forced to do more with less, often being forced to use their home computers to get work done. That has to change according to some:

[Lisa] Sotto [head of privacy and information management at New York law firm Hunton & Williams] says companies need to establish and enforce policies relating to the access and use of sensitive company data, and train employees on best security practices. “Awareness is critical,” she says. “A lot of people don’t know that there is a problem.”

The thing is, I don’t see it changing anytime soon. Unless something major happens to a company in this regard, the expectation is going to be that employees will have to use their own computers to get work done. Because it’s better for them that their employees foot the cost of having to work from home. I see that sort of behavior from companies a lot in my travels. The only way to truly solve this is for laws to be passed that prohibit this behavior.

Leave a Reply

%d bloggers like this: