Five Steps to Better Spam Defense

Spam and viruses garner a lot of attention in the media &#151 this site included &#151 and it’s no accident. According to the Yankee Group, spam and viruses are the top two security breaches for SMBs. Over 80 percent of SMBs fall victim to them and result in a major loss in business productivity.

We recently spoke with Karl Jacobs, the CEO of Cloudmark, a San Francisco, Calif.-based company that provides spam protection for over one million computer desktops in 72 countries. Jacobs said that defending a company against spam takes both education and technology, and he offered the following five steps to keep your business safer and more productive.

1. Educate Employees About Secure E-mail Usage
“When conducting business through e-mail, you can’t always be certain that the person you’re dealing with is actually who he says he is. Make sure your employees don’t fill out forms they’ve received in an e-mail message that asks for personal, financial or corporate information. This goes for all employees, especially those in human resources or purchasing departments or for anyone booking hotels or travel. Legitimate companies will not ask for this information via e-mail.”

“A common hacker trick involves fake Web sites. For example, you may receive e-mail from a company that contains a link directing you to a Web site. That site might look like your bank’s home page, but it’s an imposter. Generally, a pop-up message appears asking you to “verify your financial information.” In the 30 seconds it takes to fill out and send that form, you’ve become a victim of identity theft.”

“Instead of clicking on that embedded link, it’s safer to use a secure Web browser and go to the site directly, or simply pick up the phone and call the company.”

“If any of your employees need to transact business on an e-commerce site at work, and that transaction requires them to provide personal or financial information, make sure they know to look for indicators that the site is secure. In the checkout area of a reputable e-commerce site, the beginning of the Web address URL should read: “https:” (the “s” stands for “secure”). In addition, you should see an icon of a padlock on the bottom right-hand edge of the browser window.”

2. Protect Your Employees Against Phishing
“Scammers rely on people who are new to the Internet. Phishing is a scam that uses spam, pop-up messages or counterfeit Web sites to deceive you so that you’ll disclose your credit card numbers, bank account information, social security number, passwords or other sensitive information.”

“These attempts &#151 typically e-mail or online pop-ups &#151 usually contain grammatical errors and general language that’s inappropriate for corporation-to-customer communications. Err on the side of caution. Don’t ever give out personal or financial information to anyone through e-mail.”

3. Prevent Hackers From Impersonating Your Business
“If you host your own Web site, be sure to use a secure Web server, and if another company hosts your site, make sure it uses a secure Web server. Implement Send-ID or SPF so that no one can make it look like e-mail is coming from your company. ISPs offer SPF as a service for outbound e-mail. SPF guarantees that e-mail messages that appear to be from you really are from you.”

“Educate your customers about the ways you will &#151 and will not &#151communicate with them. For example, tell them that you will never ask for their credit card information in an e-mail. Or make sure they know you won’t ask for any information beyond what’s necessary to conduct a transaction, i.e., you won’t ask for their bank account number for a credit card purchase.”

“It’s important to have a solution that protects your company from being phished &#151 not only for financial reasons &#151 but to reassure your customers. You want them to know that they can trust working with your company whether in person, by e-mail or through your Web site.”

4. Spam Filtering &#151 Let Your Employees Have Control
“People who work in a small business often wear many hats and hold different responsibilities. That person will likely need different filtering capability than than a person with one job at a big company. Letting them have some control over what kind of e-mail they get makes their job(s) easier.”

“Also, decide how lenient you want to be when it comes to employees using your business systems for personal use. As your company grows, internal spam &#151such as forwarded jokes &#151 can become one of your biggest spam problems.”

5 Choose An E-mail Security Solution That’s Right For You
“When it comes time to choose an e-mail security system, most business owners tend to look at what the big guys use or what the woman across the street uses. But bigger solutions weren’t designed with the SMB in mind, and they typically need an IT person to keep them running properly.”

“Bells and whistles like content filtering may sound good, but they can require a lot of maintenance and updating, which takes a lot of time. Look at each feature and decide if it’s something that your business really needs. Often times, a smaller, cleaner program does the job without the added effort.”

Lauren Simonds is the managing editor of SmallBusinessComputing.com

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Must Read