Spam has become more than a nuisance for many
organisations. With the proliferation of viruses piggybacking on
unwanted e-mails, it is a serious business management issue,
especially with regard to end-users.
A recent workshop on spam hosted by user group the Corporate IT
Forum, Tif, attended by senior IT managers, heard that simplicity
is the key to approaching the problem, with one major corporate
reporting success with an internal campaign to get end-users to
"think before they click".
Although the amount of spam varied widely among their organisations
- from more than 50% of e-mails to less than 10% - all the
attendees have policies and processes in place. The challenge to
both business and IT is to make them work.
For Tif members, spam is not considered unmanageable, but all agree
it is a nuisance. The meeting came up with some practical ideas for
tackling spam.
Those who can, should treat spam holistically, in the context of
general security and messaging management. Using this approach,
some have outsourced the problem effectively.
Overall there is very little measurement of spam in terms of time
and cost of resources needed to deal with it, and the importance of
creating a good business case to tackle it, backed up by real
numbers, was stressed.
The next step is to do a pilot study, measure it closely, and
publicise the results - you need to remind decision makers that you
are fixing a problem.
At all times you should involve the end-users, for example, in
drawing up a white list of those e-mail addresses that the
organisation accepts mail from - this can take two to three
months.
The post-pilot phase is labour-intensive too, and IT managers
should be careful about the language used with end-users. For
example, they should talk in terms of blocking e-mails, not
deleting e-mails.
There was confusion among Tif members about data protection and
freedom of information type issues. One perception was that it was
fine for the server to electronically attach a header warning a
user about a suspect e-mail, but you could fall foul of the law if
this was done manually.
No clear reason emerged as to why some companies are more badly hit
by spam than others, but in general those with less obvious e-mail
addresses, or where middle initials were included, were less
severely affected. Also, companies that do not have a high-profile
global presence are hit less badly, as are those with a ban on
personal e-mails.
The overriding consensus was that spam, although a nuisance, is not
unmanageable.
Think before you click campaign
The Corporate IT Forum has advised its members to embark on an
urgent end-user education programme to combat virus-laden spam,
focusing on four key recommendations for them:
- Ensure anti-virus software is up to date
- Think before you click - don't click on what you don't know,
and don't get duped duped by great e-mail offers
- Never reply to spam e-mails
- Think twice before forwarding an e-mail to a friend. "If you
open up a link in a spam e-mail it may be days or weeks before you
know you have a virus," said Tif chief executive David Roberts.
"You are not going to get flashing lights telling you what you have
done.
www.tif.co.uk