When debit cards first came out, says Internet encryption pioneer Taher Elgamal, people simply scrawled their pin numbers on the back of their cards.
He sees many businesses taking the same sort of naïve approach to security these days when it comes to file-sharing and peer-to-peer networks. Too often, businesses haven't thought through the risks involved in file-sharing. And like those early debit card users, employees often are thinking simply of convenience and ease of usage.
Yorgen Edholm, president and CEO of Accellion, a company that provides secure file transfer solutions, agrees that businesses have been slow to react, despite continued news reports about data breaches. "One of the things that surprises me is it's still such an under-discussed topic,'' says Edholm. "Two years from now, it's going to be, 'How did we do that?'"
How P2P threatens your data
In February, the Federal Trade Commission notified nearly 100 organizations and businesses that had released sensitive information about customers, students, or employees through file-sharing or P2P networks. The government agency also announced it was conducting investigations of other businesses which had exposed data through file-sharing. In conjunction with the announcement, the FTC published new educational materials for businesses.
The risk to your data from P2P technology is a two-pronged threat. Employees are placing critical data at risk by using P2P technology to transfer and to share work-related materials. However, as people become accustomed to moving much of their lives online, they often blur the distinction between work and home activities. Employees downloading the latest movies and music from file-sharing sites also create risk for their employers.
Among the dangers:
The threat is so significant Abrams thinks P2P programs should be avoided. "Peer-to-peer file-sharing programs have virtually no place in a business environment,'' he says. "The security of the programs varies widely. However, in many cases, the default settings are not the most secure. The risks of P2P file-sharing are too great to be ignored."
While every organization is vulnerable, Sanjay Mehta, senior vice president for security solution company Breach Security, advises that your company may be particularly susceptible to P2P threats. "In many ways, small to mid-sized businesses are great targets,'' he says. Mehta notes that smaller businesses often aren't equipped with the IT assets or the staffing to evaluate P2P risks or combat data breaches that occur through file-sharing.
How you can protect your data
Like most technology-related security issues, the first steps you should take involve people rather than machines or software, say the experts. Smart business practices will go a long way toward avoiding file-sharing data losses. Make sure your organization follows this checklist:
Most important, says Mehta, is taking action now. If you visited the problem of file-sharing a year ago, it's time to look again. "The threat factor moves a heck of a lot faster than every so often," Mehta says.