In a February 22, 2010 press release, the Federal Trade Commission states that it notified “almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud.”
The agency also released new educational materials that recommend ways to manage P2P risk. Interestingly, the FTC does not suggest that all P2P file sharing software be banned from a business. The recommendation is to evaluate what sensitive data is being used compared with the benefits of using such software. This recommendation fails to appreciate the fact that all P2P software used for a business purpose can likely be replaced with secure search software that does not require opening up your folders to strangers. Moreover, there is no general business purpose for using LimeWire or similar software given such tools are focused primarily on locating free music and video files. In fact, that is why some universities have banned the use of P2P file sharing software for years now. The reasonable assumption is that if music and video does not fit within a scholastic environment, it does not in a business environment.
Several years ago, Information Week did an excellent expose of the P2P risk faced by many businesses. This was a wake up call that was obviously not heeded given the FTC release. In a similar vein, security specialists were warning years ago that there were hundreds of thousands of websites infected with SQL injection exploits. To this day, SQL injection exploits remain one of the most popular tools for hackers to gain database access. Unfortunately, given the “fix” for such an exploit requires some basic coding, it is beyond the expertise or concern of most businesses and individuals.