Q

Curb the spam virus threat via information security awareness training

Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.

Like all organizations, we've been fighting spam for a long time. We have filtering technology in place, and we've

even given intensive email security awareness training to our employees -- including phishing and social engineering testing -- but spam keeps getting through and employees keep clicking on malicious links (like with the RSA SecurID attack, we had a user actually remove a malicious message from a spam folder and open it!). Is there anything else you'd recommend we do?

As you are finding out, there are limits to the effectiveness of information security awareness training. Security awareness is important when technical measures fail, but it should not be the only information security controls used. Your question doesn’t mention what types of security awareness or filtering technologies are in use, but you may want to re-evaluate the effectiveness of your security controls to prevent spam virus infections if users are not following the recommendations or the technology is consistently failing. You should determine exactly what is failing and ensure the control is working as expected, including your host-based security controls. For instance, if users are being infected by malware in spam messages retrieved from a spam folder, it's worthwhile to not only re-evaluate information security awareness training to ensure users are educated about the dangers of clicking on links in spam messages, but also examine host-based malware detection systems to determine why the malware was allowed to execute. You could also notify users of messages in the spam folder, but require an administrator to retrieve a spam message by a user.

While blocking email at the network perimeter is probably not a reasonable option in most cases, there are additional protections that could be used. You could strip all attachments, only allow plain text email, run your email client in a virtual machine, or use an alternative email client. None of these may be reasonable in your environment, but it may be worth testing one or more of these additional protections to see if it helps significantly reduce the infections vs. the effort that would be necessary to deploy the change. An easier change may be to add an additional check, by an appliance or service, in the SMTP stream that uses a different detection method than the one currently used. This could add some additional complexity, but also add some protections if the different method complements your current detections.

This was first published in January 2012

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close