Citigroup leaks customer data through P2P file sharing
Dow Jones Newswire reported on Friday, September 21st, that "The names, Social Security numbers and mortgage information of thousands of people have been leaked by an employee of Citigroup Inc.’s (C) ABN Amro Mortgage Group unit onto a popular peer-to-peer file-sharing network. The leak made the information available to millions of casual music-sharers, as well as would-be identity thieves." The said P2P network is Lime Wire software, which permits sharing of music, movies, and other files over its networks.
The data in question apparently leaked through the home computer of a Citi employee (one news story says it is a "former employee" ). This again highlights the challenges that organizations face in trying to exert content control when their systems and networks are increasingly decentralized and de-perimeterized.
I am just finishing up a report on Web filtering in which I stressed the importance of application control, the ability to detect and control other channels of communication such as Instant Messaging, P2P, and FTP. Companies often think that they are safe if they secure their email and web channel, but other channels are becoming increasingly more popular, especially with the advent of Web 2.0 applications. Communications over these channels, if left unmonitored and unchecked, will be the back-door in for hackers and criminals.
Barry Murphy and I are working on an "enterprise content governance" document. In that document, we will outline some best practices for organizations to securely manage their content. The first step we recommend is to "understand your content surface". A content surface encompasses all the channels via which content can go in and out of your organization. Not everybody understands how vast and dynamic their content surface is. Take P2P for instance, its communication is incredibly dynamic: it’s here one second, it’s gone the next.
Do you know what your content surface is? If not, do you have a strategy to find out?