Filter by Category

FBI Issues Warning on FTP Servers

FBI warning for FTPThe FBI recently issued a Private Industry Notification to healthcare providers warning them of the dangers of unsecured FTP servers. According to the alert, the FBI is aware of criminal actors actively targeting FTP servers operating in “anonymous” mode, meaning a user can authenticate to the FTP server with a common username like “anonymous” or with a generic email address or password. The FBI notification cited a 2015 study from the University of Michigan that indicated over one million FTP servers were configured to allow anonymous access.

While the notification was intended for medical and dental facilities, inadequate FTP security is a concern across all industries. According to the FBI, “Any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals.”

The problems with FTP servers go beyond anonymous mode. For one thing, many organizations are running legacy FTP software that hasn’t been kept up-to-date with modern security concerns. Another widespread issue comes from granting excess permissions to trading partners or internal staff. Anyone given administrative access could change a setting on the server without realizing the potential security implications.

Hopefully it’s clear that you should be using encryption to protect your data. What some businesses fail to realize is that encryption methods vary greatly in strength based on factors like  key size and type of encryption ciphers used. Many of the older ciphers and protocols have been broken and are now obsolete. Finally, a major problem with legacy FTP servers is a lack of alerts if anything goes wrong and the lack of detailed logs to help you maintain compliance with industry regulations.

These common pitfalls can be addressed with a robust managed file transfer (MFT) solution. Managed file transfer offers a variety of strong, up-to-date protocols and encryption methods, allowing you to replace standard FTP with something more secure like SFTP or FTPS. Software with role-based security gives you the option to limit any user or user group to just the permissions they absolutely need, and detailed audit logs keep track of exactly which user took what action and when—essential information for your team and for auditors alike.

To learn more about how to secure an FTP server, watch the on-demand webinar, Top 10 Tips for Securing Your FTP or SFTP Server.

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…


What You Need to Know about the California Consumer Privacy Act (CCPA)

October 30, 2018

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze…


The Best Cybersecurity Strategies for Banks and Financial Organizations

October 18, 2018

Banks and financial institutions, take note: though the year is almost over, no one is safe from a data breach. Industries across the board have seen 4.5 million records stolen so far in 2018—a…


What is Managed File Transfer (MFT)?

October 10, 2018

As companies recognize a need for a solution that meets their file transfer, automation, and encryption needs, the question often arises: what is managed file transfer and how is it different from my…