Filter by Category

FBI Issues Warning on FTP Servers

FBI warning for FTPThe FBI recently issued a Private Industry Notification to healthcare providers warning them of the dangers of unsecured FTP servers. According to the alert, the FBI is aware of criminal actors actively targeting FTP servers operating in “anonymous” mode, meaning a user can authenticate to the FTP server with a common username like “anonymous” or with a generic email address or password. The FBI notification cited a 2015 study from the University of Michigan that indicated over one million FTP servers were configured to allow anonymous access.

While the notification was intended for medical and dental facilities, inadequate FTP security is a concern across all industries. According to the FBI, “Any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals.”

The problems with FTP servers go beyond anonymous mode. For one thing, many organizations are running legacy FTP software that hasn’t been kept up-to-date with modern security concerns. Another widespread issue comes from granting excess permissions to trading partners or internal staff. Anyone given administrative access could change a setting on the server without realizing the potential security implications.

Hopefully it’s clear that you should be using encryption to protect your data. What some businesses fail to realize is that encryption methods vary greatly in strength based on factors like key size and type of encryption ciphers used. Many of the older ciphers and protocols have been broken and are now obsolete. Finally, a major problem with legacy FTP servers is a lack of alerts if anything goes wrong and the lack of detailed logs to help you maintain compliance with industry regulations.

These common pitfalls can be addressed with a robust managed file transfer (MFT) solution. Managed file transfer offers a variety of strong, up-to-date protocols and encryption methods, allowing you to replace standard FTP with something more secure like SFTP or FTPS. Software with role-based security gives you the option to limit any user or user group to just the permissions they absolutely need, and detailed audit logs keep track of exactly which user took what action and when—essential information for your team and for auditors alike.

To learn more about how to secure an FTP server, watch the on-demand webinar, Top 10 Tips for Securing Your FTP or SFTP Server.

Latest Posts


What is GPG?

February 23, 2021

What is GPG? GPG, also known as GNU Privacy Guard (GnuPG), is a different adaption, but popular implementation of the Open PGP standard as defined by RFC 4880. GPG in Depth GPG is an open-source…


Is Transferring Files Through Email Secure?

February 18, 2021

You know the feeling. That need to cross your fingers and hold your breath when you hit “send” on an email, or at the moment you click on a link within an email with a pang of regret. While a…


Encryption for Exchanging Files

February 16, 2021

You seal the envelope when you send a letter. You lock your car when you park at the big box store. You track your packages to make sure porch pirates don’t get them before you do. Your file…


How to Choose an MFT Vendor

February 11, 2021

Which MFT Vendor Should You Choose? Finding the right managed file transfer (MFT) solution for your organization can be a complex process, but it doesn’t need to be. Let us help you tackle the…


What is Safer Internet Day?

February 9, 2021