Why businesses should take SPAM seriously.

April 3, 2007 at 2:36 pm | Posted in Technical | Leave a comment

I don’t think a day goes by the we don’t all get spam. For the most part, it is an annoyance; a mailbox full of ads for pharmaceuticals we neither want nor need. It’s that joke that everyone in our family forwards to us, or that sales list we accidentally joined when we signed up to win that free iPod.

First off, let’s consider the cost of spam if it somehow hits its target, and finds a willing victim. Spam is illegal in many states, because it is a method for committing  so many crimes. Email spam may have started out as an annoying sales tactic, but it has rapidly become  a vector for violating the law. It has been used in financial theft, identity theft, data and intellectual property theft, virus and other malware infection, child pornography, and fraud, to name a few.

The worst thing about spam is that it marches right through the front door and takes advantage of people’s desperation. Particularly evil spammers target people with serious illnesses, children, and drug addicts. If you think this isn’t a threat to your business, and that spammers usually target individual home users, think again. Your office assistant may not be a child, but he may click a link that appears to be related to his job. The newest trick spammers use is to hack legitimate web sites and continue the confidence game right up until the point where they’ve got access to your files, or your financial data. Even the savvy user may be suckered by a link, and thereby usher a trojan virus onto your network.

Although it has fallen from awareness and been labelled an annoyance rather than a threat, the sheer volume of spam is on the rise. This, in itself, is a problem.

MessageLabs, a New York based messaging and Web security company released a report yesterday finding spam levels jumped 76.3% in the first quarter the year. Small and medium-sized businesses are bearing the brunt, ending up with more than double the volume of spam than larger companies. This suggests that technical solutions employed by large companies are working, but lower-cost measures available to the smaller companies are either not effective, or not being put to good use. Either way, smaller and mid-sized businesses need to snap out of it and start taking spam seriously before it gets them into trouble.

I  believe that  many IT professionals have lost touch with the danger involved with spam, considering it a daily irritation, and a necessary side-effect of having an email system. Certainly  many companies do not have funds sitting around, earmarked for antispam systems. Mark Sunner, chief security analyst at MessageLabs, agrees with me. “The majority of small businesses… have given up on dealing with the issue, only to find that bad guys target them even more aggressively. If the first-quarter data tells us anything, it’s that malicious activity in the form of spam will only continue on an upward trend.”

Aside from its other criminal uses and annoyance, spam squashes worker productivity. A survey published yesterday by Nucleus Research and KnowledgeStorm reports it costs $712 per employee per year in wasted work time, or $71 billon to all U.S. businesses annually.

Spam can also serve as a denial of service attack, slowing your network or clogging your email server with thousands of unsolicited messages.

Absent any strong antispam legislation or any enforcement to protect us, all you can do is build in the most robust antispam measures you can afford. In the meantime, try not to throw your mouse across the room in frustration when you see your inbox each morning. I’m right there sympathizing with you in spirit.  

Advertisements

TrackBack URI

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: