Thursday, November 13, 2008

Employee security training: Spam 101

Security researchers estimate that cyber criminals send between 3,000 and 10,000 unique pieces of malware - viruses and other types of malicious code - a day. The number of attacks on businesses is growing, with the amount of spam in the workplace expected to increase 300% from 2007.

Spam management costs U.S. businesses more than $71 billion annually in lost productivity, about $712 per employee, according to a study released last year by Nucleus Research.

With the rate at which cyber criminals develop malware, security software “really isn’t blocking a heck of a lot,” said Gartner Analyst John Pescatore in a Wall Street Journal article.

As soon as software developers find a way to protect businesses from spam, cyber criminals quickly find a way to get around it.

Until security software works perfectly, there’s only one surefire way for businesses to adapt to internet security problems - training employees on the dangers of spam.

“Make sure individual workers fully understand the value of the data they work with day in and day out, and the techniques that cyber criminals use to try to steal those data. Until then, security software will just be a Band-Aid on a gaping wound,” advises Ben Worthen in a WSJ blog.

Sophos, a developer and vendor of security solutions, advises businesses to follow a set of best practices to defend against viruses, spyware and adware:

  1. Use anti-virus software. Install anti-virus software on every computer in the office and ensure virus definitions are kept up to date. Also remember to protect computers used by employees working from home.

  2. Set filters. Set email filters to block files that often contain malicious code, including EXE, COM, PIF, SCR, VBS, SHS, CHM and BAT file types. Block files with multiple extensions, for example LOVE-LETTER-FOR-YOU.TXT.VBS. Route any code sent to your organization through your IT department to check and approve that the files are safe.

  3. Educate workers on the latest virus threats. Stay up to date on the latest virus threats and educate employees on the dangers of spam so everyone knows what to look out for.

  4. Use firewall protection. Every computer in your organization connected to the outside world should be protected from internet threats with firewalls, including computers used by remote workers.

  5. Install the latest software patches. Stay up-to-date on the latest patches issued by software developers that resolve security loopholes and issues.

  6. Develop a back-up system. Make regular backups of important work and company data and store it in a safe location, possibly off-site in case of a disaster.

  7. Establish an anti-virus policy. Develop a company-wide anti-virus policy as a preventative safety measure. Educate workers on the importance of following the policy and who they should go to with security questions.

For a full overview of how to protect your business from the dangers of malware and viruses in the workplace, read Sophos’ full article on ways to defend against viruses, spyware and adware.

Related posts:

Employee security training: How to catch ‘phish’

Disaster planning: Would your company sink or swim?

No comments:

Brought to you by