Minimising the impact of spam
According to ISBS 2004, one-third of UK businesses cited unsolicited email or spam as a major issue. While not a security breach per se, spam is clearly disruptive and IT security staff and legislators alike are grappling how best to address the problem.
There is little doubt that the volume of spam is increasing at an exponential rate. Spam currently comprises more than half of all incoming e-mail in 17% of UK businesses. One in ten now rate spam as a major business issue, causing significant time to be wasted. As a result, nearly one in four businesses (and nearly half of all large ones) filter incoming email.
The impact of spam is multi-faceted. In addition to the time-consuming inconvenience of wading through masses of spam to find legitimate email, spam is often used as the vehicle to transport and promulgate viruses. Spammers are increasingly targeting poorly secured mail servers, and, using worms and viruses, turn them into relays that spread spam to other people.
The DTI recommends the following course of action to limit the impact of spam:
- Discourage staff from engaging in online activities that tend to attract unsolicited emails
- Deploy and regularly update spam filtering tools
- Discuss what steps can be taken by your ISP to minimize the delivery of spam nearer its source
It’s interesting to note that one ISBS business respondent mentioned that a small number of the company’s users receive the vast majority of spam. Despite the best intentions of the Data Protection Act, users who have published their email address on a website or in a newsgroup posting tend to be targeted most.
As targeted and indiscriminate attacks become more commonplace, IT managers are being forced to deploy both integrated and point-based solutions to secure every part of their computing environments. It follows that the proliferation of security solutions brings new infrastructure and software management challenges.
In response to this demand, new software has been developed to centralize the management and provisioning of numerous IT security packages. This provides the IT team with a unified view of all PC users within the organization and allows the team to set up new users and allocate, which applications employees can access. There is an IT adage that stipulates ‘if you can’t see a device or software application on the network, you can’t manage it’ and this is particularly true of IT security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.