By Ross Walker, director of small business and distribution, Symantec UK & Ireland
Spam is a universal problem; however, it can be particularly detrimental to small and midsized businesses (SMBs).
Federal authorities have warned cyber criminals are increasingly targeting SMBs that do not have the resources to update their computer security.
Michael Merritt, assistant director of the U.S. Secret Service's office of investigations, recently pointed out that many of the attacks are being waged by international organized cyber groups that steal not only credit card numbers, but personal information, including cardholders’ Social Security numbers. This malicious activity could result in stolen identities and drained bank accounts. Cyber criminals that also fall into this category are spammers, who seek out the most lucrative means to steal users’ information.
Data from Symantec’s November 2009 State of Spam Report shows that spammers’ distribution networks abroad are becoming more dynamic as additional broadband connected targets are coming online every day. Distribution paths are also getting more complicated with spammers now sending messages directly from infected machines. In addition, many spammers are redirecting attention from their actual geographic location.
To intensify the spam issue, a recent SMB survey conducted by Symantec showed that 42 percent of small businesses do not have even the most basic mail protection. To shield themselves from cyber criminals, SMBs must become more security aware and deploy the proper email security solutions, including spam prevention that protects company reputation and manages risks associated with data loss, internal governance and regulatory compliance. The following tips can help SMBs protect their businesses as well as their employees and customers from malicious email.
It is essential to regularly:
1.Delete all spam and unsubscribe from legitimate mailings that you no longer want to receive.
2.Be selective about where you register your email address and avoid publishing your email address on the Internet. Consider alternate options—for example, use a separate address when signing up for mailing lists, obtain multiple addresses for multiple purposes or look into disposable address services.
3.Avoid clicking on suspicious links in email or IM messages as these may take you to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
4.Consider a reputable antispam solution to handle filtering across your entire organization and keep up on the latest in spam trends.
5.Always be sure that your operating system is up-to-date with the latest patches, and employ a comprehensive security suite.
Educating employees on how to deal with email security risks is essential. Here are some best practices for employees to implement when checking their email:
1.Do not open spam messages. In addition, never open unknown email attachments. These attachments could infect your computer.
2.Never reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.
3.Do not fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details via email. When in doubt, contact the company in question via an independent, trusted mechanism such as a verified telephone number, or a known Internet address that you type into a new browser window (do not click on or cut and paste from a link in the message).
4.Never buy products or services from spam messages.
5.Never forward any virus warnings you receive through email. These are often hoaxes.
As spammers become more creative with their attempts to lure users into clicking on their malicious emails, it is important to incorporate these tips into your small business security awareness plans. Spammers are using everything from current events to well known companies and brands to give users a false sense of security when navigating through their email.
With the combined use of reputable antispam technology and education, it will be easier for SMBs to stay out of the traps spammers are setting online.