Spam used to be the domain of small time scammers and used to sell everything from university degrees to hair restoration potions to creams supposed to enlarge certain parts of the anatomy. These spams were relatively few in numder, didn't take up too much room in inboxes or place an excessive burden on email servers and were usually relatively easy to block. But times have changed. Today, while small time scammers are still responsible for some of those spams, the majority are the work of organized criminals. And they being are sent out via botnets in unprecedented numbers.
The profits of spamming can be enormous. Complex pump-and-dump scams in which spammed "hot stock tips" are used to artificially inflate share prices can net the perpetrators millions of bucks (example) and phishing scams can provide criminals with access to a mass of cardholder data and sensitive corporate information. Gartner estimate that $3.2 billion was lost to phishing scams in 2007.
The fact that so much money is at stake has driven the spammers to constantly hunt for new ways to get the emails past spam filters and to make their scams more appear more convincing (take SonicWALL's phishing test and you'll see how difficult some phishing scams can be to spot). And it has also served to drive an increase in the volume of spam – approximately 75 billion junk email messages are sent out each and every day.
The cost to business
There are a number of ways in which spam can cost your business money:
- Lost productivity: According to Ferris Research, it costs about $0.04 in employee time to delete a spam email. That may not seem like much, but if you have 20 employees each receiving 50 spams a day, it adds up to more than $14,000 over the course of a year. Additionally, spam will lead to calls to your Help Desk ("What should I do with this email?") which will require the attention of support staff, diverting them from other more productive tasks.
- IT costs: You pay for your bandwidth and you pay for your disk storage space and, to put it simply, spam sucks up both – especially now that spammers have resorted to using attachments in order to bypass spam filters.
- Security breaches: While the majority of malware i distributed via the web, email nonetheless continues to be a popular delivery mechanism. Should your systems become infected as the result of malware infection, you will be left facing a potentially expensive clean-up operation. Additionally, phishing emails can lead to the exposure of sensitive information.
What you can do about it
The best step you can take is to install a spam filter. See our article Finding The Right Spam Filter: How to Choose an Anti-Spam Solution for some practical advice (use Bright Hub's search facility and you'll also be able to find reviews of a number of popular spam filter).
The next best step is to educate your staff: if they know what the latest scams are, they are less likely to become victims. See our articles Security Basics – User Awareness and Training and Education: An Essential Ingredient of Small Business Security Strategy for additional information.