Defending Your Agency Against Spam, Spyware and Other Techno Threats
James Grundman is information systems manager for the City of Rohnert Park. He can be reached at firstname.lastname@example.org.
Did you know that while your agency is defending its information technology (IT) from spam, spyware and other threats, it could actually be saving money too?
Spam is generally described as unwanted e-mail. Spyware is software that can track where you go; log key-strokes such as account numbers, user IDs and passwords; and often redirects your web browser to unwanted websites. Other threats include “phishing” attacks that often use social engineering to get people to reveal account numbers, user IDs and passwords. This information is often obtained for identification theft purposes.
Protecting your agency from these attacks is cost-effective in several ways. First, by preventing such attacks, your agency’s IT staff spend less time and money on defensive technologies and management – a form of insurance. Second, consider the time and money not spent recovering from such attacks and the related loss of employee productivity. Third, if an employee feels offended by specific types of spam, they may sue the agency, so being proactively defensive helps reduce liability.
Filtering-out offensive e-mail and reducing in-box e-mail recovers the time employees otherwise take to open, assess and delete unwanted e-mail. Anti-spam vendors have cost-savings calculators on their websites; just enter your agency-specific data (number of employees, average salary and amount of unwanted e-mails), and it will calculate your estimated savings.
A couple of years ago, the City of Rohnert Park noticed a dra matic rise in spam. Staff researched anti-spam options and selected a local provider. Anti-spam solutions may be software on your network and/or PCs, an in-house appliance (specific-purpose server) or a service provider that filters e-mail before it gets to your agency. The city’s anti-spam service provider filtered out 66 percent of all e-mail directed to staff e-mail addresses. The estimated savings from using the anti-spam service was $48,000 in 2005 (the first year). In 2006, filtered spam rose to 83 percent and continues rising in 2007. As salary and benefit costs rise, so do the savings.
Finding an anti-spyware solution was more challenging. All ven dors claim their product is the best, so staff developed a simple test: They cleaned a test computer using a free shareware product, went online for 30 minutes, then shut down the browser and test ed the anti-spyware candidate. Most didn’t find anything. After shutting down the anti-spyware candidate, staff ran the shareware again to see if it found anything, and all too often it did.
After nearly two years of testing potential solutions, staff con cluded that “shield” solutions that automatically prevent downloading, installation and communication with spyware sites are a better solution than scanning, finding and deleting spyware because they require little or no IT staff support. In addition to staff cost savings, users’ PCs are not interrupted with undesirable effects caused by spyware.
The city now has a shield in place that reveals a far greater number of attempts than expected: 16 blocked spyware attempts in the past hour; 161 in the past day and 16,000 in the two weeks since the test period started.
Phishing Out the Bad Stuff
Other threats like phishing include e-mail that appears to be from your bank asking you to confirm your account number, user ID and password (usually for secu rity purposes). Banks don’t do that. If you respond, it tells them your e-mail address is valid and that you have an account at that bank. If you respond in any way, you are simply becoming a major target for such attacks.
For help preventing spam, spyware and other threats, you can search for anti-spam, anti-spyware and anti-phishing solutions. The businesses making money by using spam, spyware and other threats know you will search for solutions and often offer “free anti-whatever” solu tions that are, in fact, just the opposite. Search for double-blind studies that are not backed by any specific vendor. Most “awards” and “studies” are paid for by specific vendors, and are simply sales tools.
Check the following sites for current threats, remedies and prevention: