Spam – Simply Annoying or a Serious Business Threat?

November 13, 2017 –

It’s November of 2017 and we honestly can’t believe we’re writing a blog post about spam. Yet spam-related issues are still a major problem…and it feels like it’s coming back in full force. Is it our imagination? Unfortunately not. Back in 2010 spam was hitting its peak. It was all over your inbox, and incredibly annoying. But for the most part it was simply that…annoying. The bulk of it just delivered ads you didn’t want. And occasionally you would hear about spam delivering viruses, and people got used to the idea of installing anti-virus programs on their machines. For users, you cleared out your inbox and moved on.

And over the past few years, we’ve all enjoyed a bit of respite from the spam deluge. New anti-spam software came on the market. Governments and private firms collaborated to take down spam-sending cyber criminals. It appeared to be a problem under control.

Spam is Back. And It’s Brought Some Friends Along

According to the latest Cisco Cybersecurity report*, spam has come back in a big way, rivaling levels we saw back in 2010. It is now estimated that nearly two-thirds of total email volume is spam, and the volume is growing. What is even more unfortunate is that about 8 to 10 percent is malicious, meaning it includes dangerous attachments. Often there are multiple malicious files included within a container zip-style file. Cyber criminals are experimenting with a wide range of file types to see which ones are more successful. They are flexible and dynamic in their approach, and quickly adjust as needed.

How to Protect Your Small to Midsized Business

Small and mid-sized businesses need just as much protection as large enterprises. Due to the nature of the threat, spam is an equal opportunity access point for hackers. It spreads far and wide, and is constantly changing. Businesses need to protect their systems by using an email defense solution, which filters out unwanted and dangerous spam, preventing it from infiltrating the organization. And it’s critical that your solution provider continuously updates their defense software with the latest protections from constantly changing threats.

However users often have one main complaint when using email defense and filtering solutions. Sometimes a legitimate email from a new customer or supplier gets “caught” in the email filtering software. Every few hours the email security software will send a notice about emails that are in quarantine, but by then you may have already wasted a lot of time trying to track down the missing email. However if you use Outlook to manage your email, one feature we recommend is getting a solution which includes a Microsoft Outlook plug-in. If you have a solution with an Outlook plugin, you can quickly check email messages which are quarantined and release safe ones right from the Outlook program. You get all the protection, without the inconvenience.

Email Defense and Filtering is a Must…but it can only go so far

You need a solution that continuously keeps your system up-to-date with the latest protections. This is because cyber criminals are continually adjusting their approach in order to circumvent these protections. They create a new malicious file and the email defense software hasn’t seen it before. The defense software quickly adapts, and within a few seconds or minutes it will begin blocking the new threat. The cyber criminals like to work in that window, sending out as much spam as possible. It is a constant race, and no defense software can keep every bit of spam out 100% of the time.

Your next best line of defense is the individual user. Training is essential so users learn how to spot and avoid interacting with spam emails. A strong email defense and filtering solution works almost like a magic wand, but you must strengthen every link in your chain. Each employee is potentially a vulnerable entry point, and you must give them a strong training program to provide the information, test their knowledge, and continually refresh the team to keep their skills sharp.

For more information on how to train your employees to stay vigilant, visit the Security Awareness Training portion of our website.

If you would like to start a data security training program, please call us at (866) 407-1284, email us at Info@ait2022.wpengine.com, or use the Contact Us page.