Hi, I’m Maneesha Mithal, an attorney at the Federal Trade Commission.
For most companies, using customer and employee information is an everyday part of doing business. On a typical day, you might use credit card numbers, medical information, Social Security numbers, and other personal data that you have in your files.
If this information gets into the wrong hands, it could lead to fraud and identity theft.
That’s why any company that has this type of sensitive information in their files or on their computer systems wants to consider the security implications and risks of using Peer-to-Peer file sharing software.
Peer-to-Peer file sharing is a way for people to share software and documents with other computer users. Many people think about it in terms of sharing music, videos, or photos.
File sharing programs let you connect your PC to a network of computers. And once connected, you can view and download files that other people have shared.
The fact is that millions of people can be connected to a file sharing network at the same time, giving each of them access to lots of information. And exposing them to certain risks.
Some users might mistakenly give others access to drives or folders with sensitive information.
If this happens on your network, you could inadvertently share information like tax returns, medical records or company documents.
Viruses or other malware programs also can be a threat. They could change the drives or folders you’ve designated for sharing – making your private files public.
Once another user downloads your files, you can’t get them back or delete them – even if you didn’t mean to share them.
And if the file sharing software has security flaws, it could open the door to attacks on other computers on the network.
If you’re deciding whether to ban or allow access to file sharing programs on your network, consider your business needs.
Think about how much sensitive information is on your network and where it’s saved. Consider which computers have access to this information and how you protect it.
If you need to keep sensitive information on your network to conduct business, weigh the benefits of file sharing against the risks.
And put a policy into place about the use of file sharing programs in your organization.
Once your policy is in place, enforce it. That can help minimize the risk of someone sharing sensitive information unintentionally.
Whether you use file sharing programs or not, you can secure the sensitive information on your network. Here’s how:
Delete any sensitive information you don’t need.
Restrict the folders or drives on your network where files with sensitive information can be saved.
Minimize or eliminate the use of file sharing programs on any computers that store sensitive information.
Scan your network to detect file sharing programs that your organization hasn’t approved and take steps to remove them.
And finally, train your employees – and anyone else who accesses your network – about the security risks inherent in using file sharing programs.
To learn more about the risks of using file sharing programs, visit the Business Center at business.ftc.gov.