Security isn’t a game…
My friend, Corey, had an interesting post over at Office Product News contending that most C-level executives do not see security as an over-arching strategy…
A common misconception is that security is simply a one-stop shop… This is just not the case. In days long gone, perimeter defenses were mostly adequate in protecting networks from severe attacks.
However, corporate IT quickly learned what one virus or trojan let loose on the internal network might do.
Today security most definitely needs to be a game of stratagem consisting of layering on levels of desktop security, server level protection, infrastructure checkpoints, perimeter walls, and constant user-level training.
Folks, eat it, live it, breath it. If you want to be cheap about things just unplug your computer from the wall, stick it in the closet, close the door, and walk away…
Hows does Peer-2-Peer (P2P) file sharing impact your business?
In the March 17 edition of InformationWeek, John Foley writes a rather sobering article about the dangers of Peer-2-Peer (P2P) clients to your business’s well-being. Pfizer is now in hot water for exposing an estimated 17,000 employee’s personal data via a P2P network.
It all started when the spouse of a Pfizer employee used file-sharing software on a company laptop, presumably to swap music or other content with other P2P users. Unknowingly, the laptop user also exposed 2,300 work files, including those containing sensitive Pfizer employee data–names, Social Security numbers, addresses, and bonus information resident on the laptop.
What is P2P software you ask? Simply put, it is a group of computers, often referred to as nodes, collectively sharing files such as music, movies, or programs. However, this is not limited to these types of files. P2P networks can often contain typical documents individuals may want to share, or unknowingly share, such as Microsoft Office documents, personal data, or other unscrupulous information.
Last September, authorities in Seattle arrested 35-year-old Gregory Kopiloff on charges that he used LimeWire to amass federal tax returns, student financial aid applications, and credit reports, then used them to open accounts in other people’s names. Kopiloff pleaded guilty and is due for sentencing March 17.
P2P networks such as LimeWire, Kazaa, eMule, BearShare, Morpheus, and BitTorrent (the list goes on) have gotten the attention of many of the governmental agencies in charge of national security such as the CIA, FBI, Homeland Security, and U.S. Secret Service as they are realizing the amount of information being searched by potential enemies of the state.
Lastly, you should be concerned with malware payloads that can be slipped in through the back door after installing these seemingly helpful software packages. In some instances dozens of malicious viruses, trojans, key-loggers, or root-kits might be potentially installed on an innocent computer giving whomever control over both personal information as well as your computer.
In summary, P2P software has had its uses, and is not in and of itself a bad thing. However, this type of solution is not to be taken lightly and should not be used in corporate settings or on corporate property, as a general rule. Once the information is out there, there are no ‘take-backs’.
The article mentions several protection services above and beyond typical security software thay you may be interested in looking into. I know I am for my company’s network…
-
ChangeForge... a catalyst to affect the paradigm by Ken Stewart is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Based on a work at www.changeforge.com. -
-
