In the March 17 edition of InformationWeek, John Foley writes a rather sobering article about the dangers of Peer-2-Peer (P2P) clients to your business’s well-being. Pfizer is now in hot water for exposing an estimated 17,000 employee’s personal data via a P2P network.
It all started when the spouse of a Pfizer employee used file-sharing software on a company laptop, presumably to swap music or other content with other P2P users. Unknowingly, the laptop user also exposed 2,300 work files, including those containing sensitive Pfizer employee data–names, Social Security numbers, addresses, and bonus information resident on the laptop.
What is P2P software you ask? Simply put, it is a group of computers, often referred to as nodes, collectively sharing files such as music, movies, or programs. However, this is not limited to these types of files. P2P networks can often contain typical documents individuals may want to share, or unknowingly share, such as Microsoft Office documents, personal data, or other unscrupulous information.
Last September, authorities in Seattle arrested 35-year-old Gregory Kopiloff on charges that he used LimeWire to amass federal tax returns, student financial aid applications, and credit reports, then used them to open accounts in other people’s names. Kopiloff pleaded guilty and is due for sentencing March 17.
P2P networks such as LimeWire, Kazaa, eMule, BearShare, Morpheus, and BitTorrent (the list goes on) have gotten the attention of many of the governmental agencies in charge of national security such as the CIA, FBI, Homeland Security, and U.S. Secret Service as they are realizing the amount of information being searched by potential enemies of the state.
Lastly, you should be concerned with malware payloads that can be slipped in through the back door after installing these seemingly helpful software packages. In some instances dozens of malicious viruses, trojans, key-loggers, or root-kits might be potentially installed on an innocent computer giving whomever control over both personal information as well as your computer.
In summary, P2P software has had its uses, and is not in and of itself a bad thing. However, this type of solution is not to be taken lightly and should not be used in corporate settings or on corporate property, as a general rule. Once the information is out there, there are no ‘take-backs’.
The article mentions several protection services above and beyond typical security software thay you may be interested in looking into. I know I am for my company’s network…
DandyID
Friendfeed
Twitter
Disqus
Facebook
Google Reader
IntenseDebate
Linkedin
Seesmic
Viddler
Technorati
Lijit