The Awful Truth About Anti-Spam Solutions - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
Commentary
7/14/2009
06:57 PM
50%
50%

The Awful Truth About Anti-Spam Solutions

The most effective anti-spam tool doesn't sit on a server -- it sits between an employee's ears. And whether we like it or not, that will always be the case.

The most effective anti-spam tool doesn't sit on a server -- it sits between an employee's ears. And whether we like it or not, that will always be the case.Spam is the single most ubiquitous IT plague. Many end users know what malware -- viruses, trojans, or what have you -- are in a general sense, but they're often vague on the specifics. But if you show me a person who doesn't know exactly what spam is, then I'll show you a person who doesn't actually use a computer.

Clearly, many of the costs associated with spam are systemic. As many studies have pointed out, for example, the time and effort required to deal with spam impose significant costs due to lost productivity and wasted network bandwidth.

This is where a variety of spam-fighting tools, including real-time blacklists and new innovations such as Sender Policy Framework (SPF), an open standard for verifying a sender's email address, come into play. These tools aren't perfect, and they never will be. Companies that use these tools, however, are far better off than those that do nothing.

Yet as a recent article on SPF points out, the most sophisticated spammers always stay a step or two ahead of even cutting-edge anti-spam technologies. That includes spammers that eschew email altogether in favor of newer, less well-protected communications methods.

It's a dilemma that illustrates the importance of avoiding the other, far more significant, source of spam-related business losses: ignorance.

Anti-spam tools can't eliminate spam; they can only reduce the volume. Some spam will get through, and it always will. That makes your employees the ultimate line of defense against a potential security catastrophe.

Consider the marginal cost of a phishing email that gets through -- but gets deleted -- versus the cost of one that actually results in the loss of essential business data. The first is measured in pennies per message; the second is measured potentially in millions of dollars.

The first cost is, to some extent, an unavoidable cost of doing business online. The second is entirely avoidable, if a company's employees are properly educated and if a company enforces rigorous email acceptable-use policies.

Educating employees, first and foremost, means reminding them that they are the ultimate line of defense against spam-related business losses. Do they realize, for example, that clicking a single email link -- even in a message from a friend or legitimate business contact -- could land them on a malevolent Web site? Are they aware that using such a link to navigate to a Web site that asks for login credentials is never, under any circumstances, an acceptable act?

Are they trained to regard every email, from any source, as inherently insecure? Do they know that an IM or a Twitter link can be every bit as dangerous as an email link?

Most important, are they bound by an acceptable-use policy that holds them responsible for negligent lapses?

There are plenty of online options to help you help your employees answer these questions. One of the best is OnGuard Online, a site maintained by the Federal Trade Commission. It covers a lot more than just spam-related security threats, and it's a terrific resource with a wealth of hands-on educational content.

None of this has much to do with technology, yet many small businesses continue to believe -- or at least to hope -- that technology will give them an easier way to fix this mess.

It won't, and it almost certainly never will. Spam is a classic example of a problem that will only get worse when we assume that technology will save us from ourselves. That's a tough lesson to learn, but it's one that your small business needs to impress upon every employee before a daily nuisance turns into a fatal screw-up.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll