In July 2003, many analysis firms estimated that unsolicited commercial e-mails (UCE) or spam comprised 50 percent of all e-mail messages. Today, it is estimated that UCE is nearly 75 percent of all e-mail messages. “Since mid-2003, we have seen that the real problem is volume; it impacts corporate infrastructure and eats up bandwidth,” says Steve Ruskin, senior product and market analyst, MX Logic (www.mxlogic.com), Denver.
From get-rich-quick schemes to pornography, many companies initially viewed spam as a mere nuisance. As the amount of UCE has mushroomed, the understanding of the threat has grown as well. According to Boston-based Yankee Group, the cost unsolicited commercial e-mail consumes in corporate resources and loss productivity can add up to $4 billion annually.
The Threat Matrix
Along with impacting worker productivity, the sheer volume of unwanted e-mails demands an increase in the number of servers and consumes IT managers’ time. “If you are not prepared to handle the volume, it can take down your network,” says Ruskin. Increasingly, disruptive mass mailing programs, such as the recent SoBig worms, have hit corporate networks.
Denver-based MX Logic provides innovative e-mail defense solutions to ensure e-mail security. Founded in 2002 by messaging industry pioneers, the company, with its managed service offerings, serves over 1,500 organizations.
In addition to an ever-increasing torrent of spam clogging e-mail inboxes, MX Logic has discovered nearly 50 percent of UCE are bugged with spam beacons also known as Web bugs. These beacons, snippets of HTML code, inform spammers that an e-mail address is valid when an end-user opens a piece of UCE or even when the bugged e-mail is viewed in the preview pane.
Web beacons are not new and have been used in the past by Web marketing companies to measure page views and track Web surfing behavior. This code has been co-opted by unscrupulous advertising companies to obtain e-mail addresses; in fact, this spyware and adware are rivaling viruses as online dangers. “Spammers are enterprising and opportunistic,” says Ruskin. Companies that send out unsolicited commercial e-mails are becoming more invasive to end-users’ privacy and more deceptive to harvest valid e-mail addresses.
Unwanted e-mails have also been linked with viruses, which can cripple networks and turn unsuspecting employees’ computers into Trojan horses. Hackers and their confederates can record employees’ information and keystrokes from infected computers or use employees’ computers to send out more viruses. In response to this menace, security, IT, and facilities management departments are collaborating and focusing on electronic security. Adds Ruskin, “Spam is a no longer a bandwidth issue; it is a security issue.”
Because of the growing battery of tools and methods that spammers use, companies need a growing arsenal to combat this threat and the entire organization needs to get involved. There is a perpetual game of cat and mouse between the companies that fight unwanted e-mails and the companies that spew spam. Ruskin encourages businesses to recognize the threat to their business continuity and to partner with spam-blocking firms.
MX Logic, which integrates spam beacon blocking into its electronic security service, urges facilities managers to block spam, viruses, unwanted content and/or attachments, and denial of service e-mail attacks at the perimeter. The company provides online seminars to educate the marketplace about the latest threats in cyber terrorism.
“I define cyber terrorism as any occurrence that can compromise the integrity of electronic business operation,” says Joseph Gustin, author, Cyber Terrorism, a Guide for Facility Managers, Baldwinsville, NY. A noted lecturer and consultant, Gustin has a long background in human resources management, serving as director of training and development for a major healthcare system. For many years, Gustin worked in compliance, security, life-safety, and communications.
Gustin believes the best way to minimize the effects of cyber terrorism is for facilities managers to have a firm understanding of what needs to be done about computer security and to integrate cyber terrorism threats into a company’s overall disaster recovery plan. “It is important that facilities managers have a clear, basic understanding of the safety and security of their company’s operations,” says Gustin.
Gustin also stresses improved communication among the various departments, from upper management to labor to finance, and the creation of a multi-disciplinary planning team. “Every company should have an emergency response plan in place. If you have an emergency response plan for natural disasters, you have to take that step further and look at human engineered occurrences,” says Gustin.
Facilities managers should also reach out to local agencies to create a network of support and information. Gaithersburg, MD-based National Institute of Standards and Technology (NIST), for example, has a wealth of information and can help companies on the basics of setting up an emergency contingency plan. The Federal Bureau of Investigations and local universities also serve as good sources of information.
Stamping Out Spam
When it comes to spam and other cyber threats, Gustin recommends educating end-users, as well as enforcing strict policies on spreading and responding to unsolicited commercial e-mails. According to the Philadelphia-based Pew Charitable Trusts research, seven percent of Americans have ordered a product or service through unsolicited e-mail. As a low-cost/high-reach marketing campaign, spammers need only a few customers to turn a profit. Education is one of the biggest keys to diminishing the threat of UCE.
Companies need to educate their employees on the danger of supporting spammers. In addition to improving employees’ awareness of computer security, continual and comprehensive computer training will minimize computer errors and boost performance.
Too often, departments develop into separate fiefdoms, leading to misunderstandings and miscommunications. However, inboxes stuffed with unwanted pieces of junk e-mails demand a combined solution. Adds Gustin, “Some people say, ‘I have an IT department and they can handle it,’ but a facility manager can assist the IT department in minimizing any effects should an occurrence take place.
“No one department has all of the answers,” says Gustin. He urges facility managers to not be afraid to ask questions and to unravel confusing computer jargon: “I know it sounds cliché, but there is no such thing as a dumb question.”
Regina Raiford Babcock (email@example.com) is senior editor at Buildings magazine.
Continued on Page 2