Peer-to-Peer (P2P) Networks exist where groups or “peers” of computer systems are linked to each other through the Internet for a common purpose usually with a common application directing their use. Files can be shared directly between systems on the P2P network without the need for a central server. In other words, each computer on a P2P network becomes a file server of sorts, while also acting as a client.
P2P software like Kazaa, Napster, and LimeWire was once a standard application on many people’s home computers. These programs allowed users to swap large files over the internet, typically illegal music and movies. Rather than using central servers for this purpose, they used their worldwide user base’s computers as both client and server (P2P). However, these P2P applications fell out of common usage as copyright owners were able to identify participants in these P2P networks and began cracking down on illegal file sharing. Today, a more anonymous P2P network called BitTorrent has largely replaced these older networks. Again, today, many Torrents, as they are called, serve illegal file content such as recently released movies and music.
Risks with Modern Peer-to-Peer Networks:
While there are legitimate uses for P2P networking, the file-sharing aspect raises both intellectual property and cybersecurity concerns. Any time people are sharing music, movies, software, or any other proprietary content, questions of intellectual property and copyright laws surface. In fact, some internet service providers have attempted to ban torrents and other P2P applications, despite the valid and perfectly legal functions P2P can serve.
Secondly, with the anonymity P2P computer owners has improved, allowing them to hide their identity, CyberHoot has reported that some of the downloaded files now contain malware and are infecting unsuspecting users.
What does this mean for an SMB?
In the 25 years, CyberHoot security professionals have been practicing cybersecurity, we have yet to find a legitimate business use of P2P networks. Most firewall vendors allow you to block access to P2P Networks from company networks, and so you should block such access outright.
If you watch the video explanation of Peer-To-Peer networks below, you will see that BlockChain technology applied to P2P networks may one day introduce technologies and security that are needed by businesses. However, until you find a legitimate business use-case, block these networks and their applications, especially bittorrents.
However, in the pandemic work-from-home era, it may not be possible to block such access outright. In these cases, it’s important to put cybersecurity policies in place the forbid using P2P networks on company devices or even personal devices doing company business. The stated risks are simply too common and damaging to your business.
Additional Business Cybersecurity Recommendations
The recommendations below will help you and your business stay secure against the various threats you face on a day-to-day basis.
All of the following suggestions can be accomplished in your company by hiring CyberHoot’s vCISO services. For a vCISO proposal, please email Sales@CyberHoot.com.
- As mentioned earlier in this article, companies should govern and guide employees with cybersecurity policies and procedures including acceptable use, password, information handling, and written information security policies (aka WISP) at a minimum.
- Train employees on how to spot and avoid phishing attacks. Adopt a learning management system like CyberHoot’s product to teach employees the skills needed to become more confident, productive, and secure.
- Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
- Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, deploy DNS protection, antivirus, and anti-malware on all your endpoints.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections, etc) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
All of these recommendations are built into CyberHoot’s product and/or vCISO services. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services or email Sales@cyberhoot.com for a free consultation. Do it today as you never know when an attack will occur. At the very least continue learning by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity threats, vulnerabilities, and breaking news.
For more info, watch this X min video on Cybrary Term.
CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:
- Cybrary (Cyber Library)
- Press Releases
- Instructional Videos (HowTo) – very helpful for our SuperUsers!
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.