19 November, 2009

SNAFU: Peer-to-peer and Sensitive Information

A lot of people noticed the recent Congressional ethics probe that was disclosed because a junior staff member put a sensitive document on her computer at home. Not surprisingly, her computer also had file-sharing software installed and she inadvertently was sharing the document on a peer-to-peer network. Some are calling for a review of congressional cybersecurity policies after the breach. One thing to remember is that this sort of thing is not unique, new or surprising.

David Bianco wrote about a similar topic in 2006 and covers the important points, though I would add that the problem also extends to personal systems, not just mobile devices. Whether the vulnerability is a mobile device that is easily lost or stolen (laptop, smart-phone, music player, etc), or a personal system running software that would never be allowed in a work environment, don't put sensitive information on systems that are difficult to control.

No comments:

Post a Comment