By Lesley Fair

P2P = IT 911.

No, it’s not the latest e-commerce metric.  It’s a warning from the Federal Trade Commission (FTC) about the risks that peer-to-peer (P2P) file sharing can pose to your company’s information infrastructure.

P2P technology is a way to share documents and videos, play games, and facilitate online telephone calls.  Because anyone can join a P2P network by installing certain software, millions of computers can be connected at one time.  But when P2P software isn’t configured properly, sensitive files you didn’t intend to share – customer account data, credit information, personnel records, etc. – may be accessible to anyone using the same software, including cybercriminals casing the network for their next target.

The security risk to computer systems isn’t just hypothetical.  The FTC recently notified almost 100 businesses and organizations that sensitive information from their files is readily available on P2P networks.  If the FTC’s warning is any indication, no sector is immune.  Personal information from small businesses was found, as well as sensitive data from global corporations employing tens of thousands.  Public institutions, like schools and local governments, received warnings, too.

Although the FTC has announced that investigations are underway, savvy marketers know it’s wise to take preventive steps before the government comes to call.  To help companies manage the security risks presented by file sharing software, the FTC published Peer-to-Peer File Sharing:  A Guide for Business, filled with plain-language tips for luddites and tech types alike.  The Guide walks you through the most important decision your business needs to make about P2P networks:  Should you ban the use of file sharing programs or should you allow them with appropriate safeguards? 

If an outright ban is the best policy for your company, scan your computers and networks for programs already in operation and take steps to remove them.  To help you enforce the ban, the Guide explains how you can use administrative security controls to block access to sites used to download P2P programs and prevent employees from installing unapproved software.  If you decide to allow P2P programs, it’s smart to control their use.  The Guide offers practical advice on reducing the risk inherent in file sharing programs.

While you’re pondering your in-house P2P policies, take the time to conduct a data security check-up.  Most importantly, make it a policy to keep only what you need and securely dispose of everything else.  Consider whether the information on your system warrants encryption.  Restrict where sensitive files can be saved or copied.  Use file names that make it tougher for crooks to spot the “good stuff.”  (Calling a document “Smith Account Records” or naming a spreadsheet “Employee Tax Info” is a neon sign for fraudsters.)  Take special care to evaluate the practices of employees who have home offices or who work from the road.  Follow up with contractors and vendors to make sure they’re implementing the same high standards you apply. 

Lesley Fair is an attorney with the FTC’s Bureau of Consumer Protection.