More and more businesses are looking for a good way to protect themselves against the litany of harmful viruses, spyware, and other malware that comes from the web. In my article Web & Spyware Defense I cover some of the technologies that are effective at defending your business from web-based threats. Here, I’d like to focus on the one of the products we believe balances effectiveness with cost, the best.
McAfee SaaS Web Protection is a service provided by McAfee (formerly MX Logic) that effectively “scrubs” incoming and outgoing web traffic to ensure web threats don’t get in or out of your network. It also provides options for limiting access to certain sites and can generate some valuable reports on web activity (by user, device, site, etc.). Additionally, it includes a simple, straight forward user interface and has a price point under $3 per device per month.
How it works
The architecture of the solution is very simple: your company’s Internet/web traffic is routed through McAfee SaaS’ servers and scrubbed for harmful software. Basically, it is a standard, cloud-based solution.
Effectiveness
We have deployed this solution for a number of our clients and it simply works. There is no substitution for seeing how a product or service works in an actual production environment and this is one that lives up to the hype.
Note: Cloud solutions are often incredibly valuable solutions, but like any technology, they aren’t for every business. At ITP we always recommend reviewing technology solutions within the context of your specific business goals, culture, processes and people. Of course, if you need some help with that we’ve got some great people here at ITP that can help.
It’s generally accepted that spam protection, is a requirement for the productive use of e-mail these days. Traditionally, businesses have used software to filter out the volumes of spam, but more recently, the use of local hardware appliances have become popular. Yet, there are drawbacks to both these solutions that have opened the door for more seamless solutions like cloud-based e-mail defense. In short, traditional solutions, whether hardware or software-based, allow spam to get to your network, using up your valuable bandwidth along the way.
Additionally, most (but not all) of these traditional solutions don’t:
- Provide e-mail continuity (retain e-mail when your e-mail server is unavailable)
- Provide the ability to securely view e-mails without downloading them
- Include the ability to send & respond e-mail if your mail server is down.
In essence, these are some of the greatest advantages of cloud-based spam protection. But there are other, less acute advantages, as well:
- Almost no upfront costs
- Zero internal costs for managing or administering the system
- Little to no training required
- Seamless deployment
- Integrated reporting
Like any technology, isn’t a perfect solution for every business and should be analyzed within the scope of your specific business needs, goals, and operations. However, the advantages are compelling enough that it’s worth taking a close look.
I ran across this article written for Tech Republic (a great source of all things technology) by Debra Littlejohn Shinder and thought it would be helpful to many businesses. Being in IT, I’m all too familiar with the scams businesses see in their e-mail boxes every day, but I know some (many) people still get confused. So, here’s a little quick information on what to look out for when you’re reviewing your e-mail in the morning…
1. Fake Facebook “friend” messages – these are e-mail messages that look the same as when someone posts to your Facebook wall or sends you a private message.
2. Fake Messages from “The Administrator” – these are messages that come from “The Administrator” of any number of given organizations (facebook, your bank, credit card, etc.). Here, there are two things that give away these “false” e-mails.
- First beware of the “To” address – it will be incorrect and you most likely won’t recognize any of the domain name(s).
- Secondly, if it’s not from your local IT administrator, you should immediately be wary. Because honestly, when is the last time you had an “administrator” send you anything valid that wasn’t as simple as “server reboot tomorrow” or “turn your system off tonight”?
3. Messages that play on our fears – these are emails that feed off of current events or high profile media events a good example would be the (H1N1 virus ) Swine flu, etc. Don’t panic, just don’t click on it.
4. Cancellation of an account Emails - these may show up even if you don’t have an account with them! These messages are usually chocked full of spelling/grammar errors and are often sent from another country.
5. Fake “Holiday Cards”- these cards are usually very generic, rather than saying that they are from a specific person’s name they say it is from “a friend”. Be careful, because when you open them, you could be putting your computer at risk without every being aware of it! To be on the safe side, only open Holiday Cards from friends, or better yet just don’t open them at all.
6. Notice of the “Mysterious” package message – these are e-mails saying that you have an UPS, FedEx or perhaps DHL package that was undeliverable due to incorrect/incomplete address information with an attached form that they need you to complete in order to get the package to you. Just as you may suspect, there really isn’t a package at all! They want you to open the attachment so they can infect your computer with a virus. Because some people may be aware of this kind of scam, they will try and infect your computer by sending you an email with a link to a Web page to open instead.
7. Government “Threat” Emails – these can be sent to you to notify you that either the FBI or Homeland Security has been notified of your alleged involvement in terrorist activities or money laundering. Just as you may suspect from a hoax like this… they have an offer for you to avoid prosecution, which could be a payment of a few hundreds made to the Economic Financial Crimes Commission Chairman. If it would be an official threat, they would contact you in person, without asking for a payoff to buy your way out.
8. Fake “Census Survey” email – here again they will use the Federal Government to get you to respond to their emails. The Federal government does require you by law to fill out a census survey every 10 years, and yes, they may send you an online request for your participation in a census surveys, but they don’t ask for your personal information unlike email scams.
9. Abuse of “Trust” in software and hardware manufacturers – these e-mails are basically fake security warnings with a “quick fix” attachment, dubbed to look like it was sent from Microsoft or another familiar company. These “quick fixes” are really malware to fake special offers to payment requests which require you to download and install a transaction inspector module if you want to decline to have payment charged to you credit card.
10. The “Fake” You-are-a-Winner E-mail – You just won a prize, how awesome is that? Well, the only problem is you didn’t enter into any contest to win the prize. These e-mails want you to fill out a form to claim your prize, complete with your social security number so “the value of your prize can be reported to the IRS.” Remember to check out the legitimacy of any email notification. If you need to send any sensitive information, remember to email it encrypted if you don’t have an alternative method in which to submit it.
Keep in mind, if you’re unsure just don’t open it. It’s just that simple. Instead, call your helpdesk, administrator, or IT manager and let them figure out whether it’s valid or not. Trust me, they’d rather you call them than open it.
Tags: e-mail abuse, e-mail problems, e-mail scam, email defense, fake e-mail, identity theft, Microsoft Office, spam
Law Practice Management, Security, Technology Mangement | Joe Ulm | 
December 28, 2009 8:30 pm | 
Comments (0)
Spam Management
I ran across a client today that was just getting hammered by spam – like two hundred time-wasting messages every day. Just listening to his frustration with it all got me thinking…why are people still suffering with spam problems? Why don’t they just do something about it? I think the answer is that they don’t know that something can be done about it. Thankfully, today there are a number of effective options for combating spam. First, however, it’s important to establish a few truths about spam:
- Spam is expensive! It costs you time. It costs you money. It costs you business (ever accidentally delete that important e-mail in the midst of deleting all your spam?).
- For the foreseeable future, spam is here to stay. It is just part of the growing behemoth that is the Internet; one of the bad aspects of cheap, easy communications.
- Spam is a problem that can be significantly minimized, if not completely solved, without a ton of expense.
The good news is you don’t have to just sit there and take it. Here’s a good, basic blueprint for fighting the spammers… Read more »
Subscribe