Peer to peer networks create enterprise data leakage risk

by Doug Pollack

Today’s article by Ben Worthen in the Wall Street Journal highlights an unexpected risk to an organizations data security. While many companies do not sanction the use of peer-to-peer network sharing software by employees, the article describes the potential risk of a data breach when employees use business files on a home PC.

A letter from Senator Joe Biden that was reviewed by the Journal notes that “files containing the personal identitying information of nearly 24,000 US soliders” were made publicly accessible via a peer-to-peer file sharing network. The information included “the full names and social security numbers” of the soldiers.

While it isn’t known exactly how the files were breached, it is possible that files from a work PC are loaded onto a home PC that uses a file sharing application like Limewire or Bitorrent. Businesses are starting to become more aware of the risks associated with peer-to-peer networks. A recent Ponemon Institute study noted that peer-to-peer file sharing software represented the single greatest threat to security pros who cited it.

While removable media like thumb drives have become almost ubiquitous within corporations, they also pose a very special class of threat of data breach given that employees are spending greater amounts of time working outside their primary workplace and using computers that are not controlled by their organization’s information security technologies.