Well, it looks like we can chalk up another security breach to file-sharing or Peer-to-Peer (P2P) software. I just finished reading an article on Yahoo! News titled "Mortgage data leaked over file network" and it reported an all too common problem, people are still installing P2P software on work computers or work on company file on their home computer that already has the software installed.
In this particular instance, it was the latter:
"Three spreadsheets containing more than 5,000 Social Security numbers and other personal details about customers of ABN Amro Mortgage Group were inadvertently leaked over an online file-sharing network by a former employee.
Tiversa Inc., a Pittsburgh company that offers data-leakage protection services, traced the origins of the ABN data to a Florida computer with the BearShare software installed."
Unfortunately, many companies with a mobile workforce encounter this problem where their users may require the ability to install/configure software on their laptops. My previous employer, Pfizer, had their own P2P breach last June, when the employee installed software on a company laptop and "exposed Social Security numbers and other personal data belonging to about 17,000 current and former employees".
Assuming most end-users aren't malicious; there may be instances where they install P2P software for collaboration purposes or because they have an attachment limit on their e-mail and need to transfer large files. They don't want to bother their help desk and may actually think they're helping, but they misconfigure the software and end up sharing files they never intended.
Speaking for myself, I don't believe there is any place for this type of software on a business computer and if I ran across it during an audit, I would remove it immediately and educate the user about the danger. Also, this software is usually employed to illegally trade copyrighted material, so I don't want any liability issues to raise their ugly heads at the workplace.
What say you? Is there a business need for this type of software and is it worth the risk of compromising your valuable business data.
Comment Preview