Thwarting spam from the inside and the outside

By Shamus McGillicuddy, News Writer 11 Jul 2006 | SearchSMB.com

Digg This!     StumbleUpon     Del.icio.us

With limited IT resources, one midsized law firm has taken a multilayered approach to email security and spam protection.

"I realize that no system is 100% reliable because of the idiots out there that find ways to get by the systems to send their spam," said Bruce Hillier, IT director at Reminger & Reminger Co., a Cleveland-based tort and commercial litigation firm with 350 employees. "So, I like the idea that I have a twofold system in place to block about 98% of the spam."

And since spam messages often carry attached files with embedded viruses, Hillier has three levels of virus protection, beginning with licensed antivirus software on his servers and PCs.

Recent studies suggest that small and medium-sized firms are more vulnerable than ever to viruses and other forms of cyberattacks, yet until very recently weren't thinking much about how to product themselves. One study released last week from New York market data firm AMI-Partners Inc says that's changing, and in 2005 SMBs spent an estimated $9.3 billon on security products.

To stem the constant rush of spam, Hillier originally bought an antispam and antivirus product from Montreal-based GWAVA Inc., which works with Novell Inc.'s Groupwise email solution. But with a four-person IT staff, Hillier found that one layer of spam filtering and two layers of virus protection weren't enough.

"We were fighting spam just like everyone else, sending emails on a daily basis to let people know not to open emails unless they knew exactly who they were from," Hillier said. "I was able to block a lot of attachment files by extension through GWAVA, but then I would have to create exceptions for our clients and other attorneys so that their good attachments would get through."

To take the burden off his own staff, Hillier signed on with a hosted email protection service from Tokyo-based Trend Micro Inc.

"The decision to select Trend Micro was an easy one," Hillier said. "It was beginning to become a full-time job trying to block all the spam. With our limited staff, the decision was made by me to get a third party involved."

The multilayered approach has been a success for Reminger & Reminger. By combining in-house and hosted solutions, he is now blocking 98% of spam, a significant improvement since he had found that 87% of all incoming messages were spam.

"In our business, our attorneys, paralegals and secretaries cannot afford downtime associated with viruses and having to filter through all the 'garbage' emails that they were receiving as spam," Hillier said.

Natalie Lambert, an analyst at Cambridge, Mass.-based Forrester Research Inc., said hosted email protection solutions are a popular and effective way for smaller businesses with limited IT resources to protect their end users from viruses and spam overload.

"If you're a smaller enterprise, by taking this type of solution off site you no longer need to have the expertise in-house," Lambert said. "On the SMB side, we're seeing small businesses run to managed solutions."

Lambert said small and medium-sized businesses (SMBs) that turn to managed solutions for email spam and virus protection should ask vendors what other functionality they can offer, such as encryption, compliance scanning and archiving. She said companies should also consider whether managed service providers can help filter and monitor instant messaging as well.

Hosted email protection services can also be a part of a disaster recovery plan, Lambert said. If an SMB's internal systems go down in an emergency, the vendor can hold onto incoming messages and deliver them when the system comes back up.

Lambert cautioned that companies that go solely with a hosted email protection service should be careful to protect themselves from viruses that might originate internally.

This article originally appeared on SearchSMB.com.

Tags: Email Security Guidelines, Encryption and Appliances,  Email and Messaging Threats (spam, phishing, instant messaging),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email Security Guidelines, Encryption and Appliances How to confirm the receipt of an email with security protocols Best Email Security Products Can an IP spoofing tool be used to spam SPF servers? WatchGuard acquires email and Web security vendor BorderWare McAfee to acquire email SaaS vendor MX Logic What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision Email and Messaging Threats (spam, phishing, instant messaging) Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach FBI raids phishing crime ring, nearly 100 arrested Massive phishing scheme affects Microsoft Hotmail accounts Email and Messaging Threats (spam, phishing, instant messaging) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary asymmetric cryptography  (SearchSecurity.com) challenge-response system  (SearchSecurity.com) cryptographic checksum  (SearchSecurity.com) data encryption/decryption IC  (SearchSecurity.com) elliptical curve cryptography  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) MPPE  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) session key  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary