Five Steps to Better Spam Defense

By Lauren Simonds | Posted December 16, 2004

Spam and viruses garner a lot of attention in the media — this site included — and it's no accident. According to the Yankee Group, spam and viruses are the top two security breaches for SMBs. Over 80 percent of SMBs fall victim to them and result in a major loss in business productivity.

We recently spoke with Karl Jacobs, the CEO of Cloudmark, a San Francisco, Calif.-based company that provides spam protection for over one million computer desktops in 72 countries. Jacobs said that defending a company against spam takes both education and technology, and he offered the following five steps to keep your business safer and more productive.

1. Educate Employees About Secure E-mail Usage
"When conducting business through e-mail, you can't always be certain that the person you're dealing with is actually who he says he is. Make sure your employees don't fill out forms they've received in an e-mail message that asks for personal, financial or corporate information. This goes for all employees, especially those in human resources or purchasing departments or for anyone booking hotels or travel. Legitimate companies will not ask for this information via e-mail."

"A common hacker trick involves fake Web sites. For example, you may receive e-mail from a company that contains a link directing you to a Web site. That site might look like your bank's home page, but it's an imposter. Generally, a pop-up message appears asking you to "verify your financial information." In the 30 seconds it takes to fill out and send that form, you've become a victim of identity theft."

"Instead of clicking on that embedded link, it's safer to use a secure Web browser and go to the site directly, or simply pick up the phone and call the company."

"If any of your employees need to transact business on an e-commerce site at work, and that transaction requires them to provide personal or financial information, make sure they know to look for indicators that the site is secure. In the checkout area of a reputable e-commerce site, the beginning of the Web address URL should read: "https:" (the "s" stands for "secure"). In addition, you should see an icon of a padlock on the bottom right-hand edge of the browser window."

2. Protect Your Employees Against Phishing
"Scammers rely on people who are new to the Internet. Phishing is a scam that uses spam, pop-up messages or counterfeit Web sites to deceive you so that you'll disclose your credit card numbers, bank account information, social security number, passwords or other sensitive information."

"These attempts — typically e-mail or online pop-ups — usually contain grammatical errors and general language that's inappropriate for corporation-to-customer communications. Err on the side of caution. Don't ever give out personal or financial information to anyone through e-mail."

3. Prevent Hackers From Impersonating Your Business
"If you host your own Web site, be sure to use a secure Web server, and if another company hosts your site, make sure it uses a secure Web server. Implement Send-ID or SPF so that no one can make it look like e-mail is coming from your company. ISPs offer SPF as a service for outbound e-mail. SPF guarantees that e-mail messages that appear to be from you really are from you."

"Educate your customers about the ways you will — and will not