Filter by Category

FBI Issues Warning on FTP Servers

FBI Warning for FTP

FBI warning for FTPFBI's Issued Warning

In 2017, the FBI issued a Private Industry Notification to healthcare providers warning them of the dangers of unsecured FTP servers.

According to the alert, the FBI is aware of criminal actors actively targeting FTP servers operating in “anonymous” mode, meaning a user can authenticate to the FTP server with a common username like “anonymous” or with a generic email address or password. The FBI notification cited a 2015 study from the University of Michigan that indicated over one million FTP servers were configured to allow anonymous access.

While the notification was intended for medical and dental facilities, inadequate FTP security is a concern across all industries. According to the FBI, “Any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cybercriminals.”

Related Reading: Why Healthcare Needs MFT to Help Secure EHR File Transfers

The Problem with FTP

The problems with FTP servers go beyond anonymous mode. For one thing, many organizations are running legacy FTP software that hasn’t been kept up-to-date with modern security concerns. Another widespread issue comes from granting excess permissions to trading partners or internal staff. Anyone given administrative access could change a setting on the server without realizing the potential security implications.

Hopefully it’s clear that you should be using encryption to protect your data. What some businesses fail to realize is that encryption methods vary greatly in strength based on factors like key size and type of encryption ciphers used. Many of the older ciphers and protocols have been broken and are now obsolete. Finally, a major problem with legacy FTP servers is a lack of alerts if anything goes wrong and the lack of detailed logs to help you maintain compliance with industry regulations.

Related Reading: Problems with FTP (And How to Solve Them)


These common pitfalls can be addressed with a robust managed file transfer (MFT) solution. Managed file transfer offers a variety of strong, up-to-date protocols and encryption methods, allowing you to replace standard FTP with something more secure like SFTP or FTPS.

Software with role-based security gives you the option to limit any user or user group to just the permissions they absolutely need, and detailed audit logs keep track of exactly which user took what action and when—essential information for your team and for auditors alike.

Watch the Webinar: Replacing FTP Scripts with Managed File Transfer

Free Encryption and FTP Software

No cost software is available from GoAnywhere MFT for Enterprise File Sync and Sharing (EFSS) file collaboration, FTP automation, and Open PGP encryption. Explore more details about the free software and download ittoday.

Related Posts

FTP, FTPS, & SFTP: Which Protocol Should You Use and When?

FTP, FTPS, and SFTP are three classic file transfer protocols, but they are not created equal. If you’re not sure what protocol is best for your organization, check out this blog.

TFTP vs FTP: Or is There a Better Option?

If your organization never needs secure or reliable file transfers, TFTP or FTP are still viable (but dated) solutions. The probability is high that is not the case. Therefore, it’s time to consider secure, automated, and reliable file transfer solutions.

Is FTP Dead?

Is FTP a viable option for sending file transfers? Not so fast. You may not want to use FTP for your file transfer needs in the future, and here’s why.

Problems with FTP (And How to Solve Them)

Discover some of the top problems with FTP that organizations run into, and FTP alternatives you can turn to for more reliable, secure, and efficient file transfer.