Working in IT can be extremely difficult at times. I am not talking about problem solving, troubleshooting or dealing with co-workers who still think its OK to install those goofy screensavers they downloaded for free.
The difficulty that permeates any IT shop, of any size, is trying to get management buy-in when their view is clouded by “what they read.”
Having a truly educated management team is a great thing. When they understand the nuances of technology, and yield to the experts when they don’t, all things connected work pretty well. However to many, educating themselves means reading an article or blog post here or there. This often fosters a sense of knowledge based on half-truths and opinion. Trying to get through to someone who is so entrenched in their beliefs because of what they read online is often an exercise in futility.
As an email administrator we know that myths surrounding spam, phishing and email security make for good headlines and you may have heard a few of them thrown back at you when trying to get approval for beefed up email security.
Sending marketing emails is illegal due to CAN-SPAM
It is frightening to think about, but I have seen instances where management feels that monies spent on anti-spam solutions should be reduced because increased legislation, or promises of tighter enforcement, will cause spam levels to drop.
CAN-SPAM has done a great deal to keep legitimate businesses from constantly pounding your inbox with junk mailings, but a few things about CAN-SPAM that are often overlooked are:
- It does not make it illegal to send that first email contact, it only regulates that there needs to be an opt-out feature easily available
- Most cyber-criminals don’t obey the laws
- Most spam is sent from outside of the legal jurisdiction of CAN-SPAM
Spam levels are declining
This is one of those half-truths that is going to come back and hurt a large number of organizations that let their guard down. The levels of blocked spam has declined, this is true. But what is almost never included in a headline that promotes this belief is that spammers are getting smarter and finding ways to avoid anti-spam filters and phishing attacks are at an all time high.
Yes, the obvious spam emails that send subject lines in all caps advertising for cheap pharmaceuticals and lower mortgages may be down, but that’s because even the most primitive anti-spam solutions can stop them.
Anti-spam solutions are way too expensive for SMBs
Yes, some are. If you are looking to employ a cookie cutter solution that is used by large corporations then you could easily find many solutions to be well out of your smaller organization’s reach. To compensate, some try to go the consumer protection route like they do with anti-virus solutions. This often results in a fail as well.
A little research will show that there are solutions custom tailored for small to medium sized organizations offering an easy to use management suite at a cost that meets most budgets. The key is, finding one that offers comprehensive protection – not just keyword filtering.
The firewall will stop any incoming illicit emails
Over the years the firewall has become the panacea for IT security in some people’s eyes. The firewall has been used as a content filter, an anti-malware solution and defender against vulnerabilities. The term has become a catch all for security.
But a close look at most organizations who have reason to be confident in their security employ multiple tools to address the variety of threats. The firewall is there to protect against illicit traffic, the web application firewall protects much of the web site, anti-malware defends against viruses, worms and Trojans, the web content filter keeps people off of dangerous web sites and the anti-spam solution stops dangerous and annoying emails.
I’m sure there are many other “facts” that have been thrown at you over the course of your attempts to better secure your resources. Please share any interesting beliefs you have heard over the years to counter your need to spend a little money when it comes to email security.