Business Owners: Keep Your Networks Secure
Just in case the business owner didn’t have anything to worry about, here is a new headache to avoid. EPN Inc., also known as Checknet, Inc. is a collection agency that also provides electronic payment and e-commerce services. Unfortunately, Checknet has recently settled charges brought by the Federal Trade Commission that Checknet failed to maintain security measures over the sensitive financial information it manages for its clients. Its chief executive officer had installed file-sharing software on the company’s computers, and that allowed access to thousands of people’s financial and health information. The FTC also charged an auto dealership in Georgia with the same installation of file-sharing software. The companies are subject to audits for the next 20 years to verify that their computers protect information properly.
In 2010, the FTC warned that file-sharing software was also being used to steal consumer data. “As the nation’s consumer protection agency, the FTC enforces laws that require companies in various industries to take reasonable and appropriate security measures to protect sensitive personal information, including the Gramm-Leach-Bliley Act and Section 5 of the FTC Act.” The action against Checknet and the Georgia auto dealership seems to be the initial wave of actions to defend against such file-sharing.
What Is File-Sharing Software? File-sharing software (sometimes known as P2P networks) does as it says – it shares files across the Internet. Bram Cohen developed BitTorrent over a decade ago. Instead of “top down” method of one server downloading files to computers, BitTorrent clients create a “swarm,” harnessing the computers that have downloaded a file to the share parts of that file to other parts of the swarm. About half of all Internet traffic now is now related to BitTorrent swarms, and legitimate purchases of content like movies are now outnumbered by 3 to 1 or more.
File-sharing programs like BitTorrent have been a constant problem for residential Internet users. While these are often used to obtain movies, their ability to move large files quickly also make them convenient for more prosaic uses, such as getting files from the office to work with at home. However, this open window can be used for scarier things, like downloading confidential information like social security numbers, bank accounts, and the like.
More industries are subject to privacy requirements like HIPAA or the FDIC than ever before. Even if your company is not subject to such rules, your clients and customers will not appreciate their private information being made available on BitTorrent sites. While being caught downloading movies or music illegally is embarrassing, getting caught allowing access to private information can quickly destroy a business’ goodwill that was years or decades in the making.
What To Do. Search your entire network – including any devices such as laptops or smartphones – for BitTorrent clients. The most common clients are BitTorrent 7, BitComet , Shareaza, Vuze, and utorrent. If they are found, remove them, and inform the person on whose computer it was on that it was removed. Also, check your employee manual to see whether it needs to be updated to include warnings that file-sharing software is strictly forbidden. Not only may this prevent copyright trolls from coming after your company because its IP address was attached to a swarm for a movie you wouldn’t tell your mother about, it could also prevent the FTC from coming after your firm, too.