Data thieves aren't always the black-clad hackers typing away in a dark room a la The Matrix. Datacentre employees with a chip on their shoulders and the technological savvy to put something over on "the man" are often at fault as well.
So, what can you do about it? Whether you're responsible for your own computer or manage a fleet of hundreds (or thousands) of PCs, PCs are vulnerable to a variety of threats, including:
- P2P clients
- Insecure wireless networks
- Insecure work at home environment
- Social engineering
Here's how to stop them.
Just Say No to P2P File Sharing
Peer-to-peer file transfer clients such as Gnutella, BitTorrent, Kazaa, LimeWire and others enjoy an almost virus-like popularity as an easy means of sharing music and video files with other media enthusiasts. Unfortunately, they can also share sensitive corporate and personal data with strangers around the block, the country or the world.
Recent studies of P2P file sharing at banks and the federal government have demonstrated how easy it is for programs intended for media sharing to gain access to confidential and secret information. In Dartmouth University's Tuck School of Business study of P2P file sharing at America's top thirty banks, P2P file sharing searches for text in song or video filenames found matching information of all types, including company names, addresses and much more.
A study by security firm Tiversa found over 200 classified documents in just a couple of hours of searching with P2P client LimeWire.
Why is P2P file sharing so potentially dangerous? Depending on the client, P2P file sharing is usually keyed to file types, not folders. Consequently, a music or video file in the same folder as confidential information can expose the entire folder's contents to a P2P search.
What's worse is that some P2P clients make it easy to share an entire drive rather than just specified folders. P2P clients pop up everywhere, including corporate PCs, as well as your children's PCs or other home PCs.