On its 35th anniversary, everyone knows what spam is and the effect it has on a business. Delivery rates have fallen, but spam’s damage potential is as strong as ever. Modern threats are more complex, convincing, socially engineered and difficult to recover from.
Powerful evidence demonstrating the threat spam still represents can be seen in the drastic increase (335%) in social-related spam in the first half of 2013. Phishing increased 10 fold in August 2013.
Spam like this is targeted to cause more than just network congestion. It phishes for corporate login details, delivers backdoor Trojans, malware and other malicious software, causes irrevocable data loss and wastes IT’s time, money and resources.
For many SMEs, challenges include a lack of dedicated IT resources, a staff knowledge gap and limited budget for spam prevention.
Today email takes up approximately 35% of the working day so spam’s impact on the workplace cannot be ignored. To begin, all businesses should follow these initial steps:
- Identify what spam is being delivered and the threat it poses
- Install robust, cost effective and resource-light anti-spam software (either locally or via the cloud) that blocks delivery, protects users and unclogs the network
- Inform your workforce about socially engineered threats and malware-carrying emails
Dropping Beneath The Radar
Spam that does make it through can be harder to distinguish, especially on mobile devices and messages that come via trusted contacts. Ensure regular reminders for your workforce so they stay alert. Implement a simple, easy-to-use reporting system and offer reporting incentives so the threat remains top of their mind and your IT department is informed.
Even after three and a half decades, spam has survived because of one simple fact – spam pays. For every spam botnet that is closed down, another rises. Implement spam blocking technology but do not rely solely on anti-malware developers to protect your business.
Be proactive in policy as well as in solution implementation. The best defence is a layered approach – technology, best practice, staff information and proactive attentiveness. It only takes one employee to open the wrong email to give access to sensitive company data or bring a whole company’s IT systems to a halt. Put the right prevention and control policies in place to negate both employee and employer risk.
Layers Of Protection
The cost of doing nothing is too high. Avoid experiencing one of these examples:
- The business that was not aware it had been infected and was spamming others with pornography
- The convincing alteration of the Delivery Status Notification
- The time spent identifying and deleting spam that adds up financially
Senior management may not realise the risks an unknowingly spamming employee can pose legally, financially and technologically, so make sure your IT department puts the threats of spam to them clearly, as well as providing updates as to the money saved from prevention – this will help legitimise the decision to invest in anti-spam technology.
After all, if they are not wise to the threat and do not follow advice, they might see a defrauding of staff, a crippling of the network, the loss of critical and sensitive data, and a reduction of staff productivity, not to mention a heavy financial impact.