A new way employees are exposing company data
April 13, 2010 by Sam NarisiPosted in: In this week's e-newsletter, Security
Are employees unknowingly making your company’s data available on the Internet?
That’s what about 100 businesses recently learned was happening, via a warning letter from the Federal Trade Commission (FTC).
The FTC notified the businesses it had discovered sensitive data about their workers and customers on peer-to-peer (P2P) filesharing networks, where it could be downloaded and used to commit identity theft or fraud.
The likely cause of the leaks: Employees downloaded P2P clients at work to download music and video files, without realizing the programs were configured to share everything on the person’s hard drive with outside users.
The FTC’s letters make it clear: Companies with sensitive info exposed may have broken the law — and blaming users for their behavior won’t shield companies from liability.
Said the FTC: “It is your responsibility to protect such information from unauthorized access, including taking steps to control the use of P2P software on your own networks and those of your service providers.”
Companies should take steps now to make sure users aren’t exposing data:
- Write a policy against installing P2P clients on company computers
- Monitor your network to detect unauthorized programs, and
- Use firewalls to block outsiders from accessing the network.
DocuCrunch.com delivers the latest IT and Imaging news once a week to the inboxes of over 200,000 IT and Imaging professionals.
Click here to sign up and start your FREE subscription to DocuCrunch!
Tags: data breach, filesharing, peer-to-peer
Loading ...
April 14th, 2010 at 2:08 pm
Routers and / or firewalls can easily be configured to block P2P sharing networks
April 14th, 2010 at 4:15 pm
I always find it interesting that employees feel what they want personally is so important. Then after they expose their companies’ sensitive information it’s the company’s responsibility. Do they ever think that they might be creating a situation where they themselves could end up unemployed? I know that ethics and morals are not PC, but they sure do make a lot more sense than our current lack of them. Maybe it is time we hold employees responsible for their actions, and set strict guidelines for them to follow regarding the use of P2P software.
April 14th, 2010 at 5:02 pm
What kind of donut network is this? These controls should already be in place.