Companies looking to provide the best defenses for their email users have a number of choices available out there. While many admins will prefer to implement a solution within their own datacenter, others are finding that hosted email security solutions are a great way to go. If you are looking to reduce your hardware sprawl and take advantage of the power of the cloud, a hosted email security solution may be just what you are looking for. If you are trying to decide if it’s right for you, here are seven reasons why it could be the email security solution that best suits your company needs:
1. Effective Protection
Hosted email security providers focus on one thing; email. They have the processing power to run multiple engines for filtering spam and malware without slowing down the data flow or skipping over anything. The volume of messages they process enables them to quickly identify new spam campaigns and protect their customers from the latest phishing campaigns.
2. Bandwidth Savings
If you look closely at how much bandwidth you use on processing mail and compare it to how much legitimate mail gets to your users’ inboxes, you may be amazed by just how much of your limited bandwidth is used up moving spam. Hosted email security filters out all the junk before it ever hits your network, saving tons of bandwidth for more important things.
3. Lower Your Costs
Hosted email security is a very cost effective way to protect your users. Many services offer varying payment terms, keeping your costs low and letting you pay only for what you need.
4. Better defense against attacks
Hosted email security providers have the bandwidth and capacity to handle even the largest spikes in volume from the latest bot-net attacks that could take smaller networks down from the sheer volume of spam. With a hosted email security system in place, your network won’t even notice the spam storms that can strike without warning.
5. Extend the useful life of your existing systems
What could you do if each of your mail servers was suddenly twice as powerful as it is now? Could you handle more or your current users with fewer servers? Hosted email security breathes new life into your server by greatly reducing their workload. It’s like an instant hardware upgrade.
6. Added Fault Tolerance
Hosted email security providers have redundant Internet connections, datacenters, and servers, but that’s not the only fault tolerance they provide. If your servers or Internet circuit is down, they can store mail for delivery to you once your system is back online, and some even offer a web portal your users can access to send and receive email, even when your systems are offline.
Archiving is becoming a major requirement for many companies, either from a compliance requirement or just to preserve intellectual property. Hosted email security solutions already process all your email, so it is a natural fit to add email archiving into the service offering.
So if you are planning to add email filtering to your messaging system, consider these seven reasons to go for a hosted email security solution and see whether it better fits your company budget and needs..
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using hosted email security.
All product and company names herein may be trademarks of their respective owners.
Spam may not be the headline-grabbing topic it once was, but as our research friends in the GFI Labs continue to point out, spam and phishing attacks are still a preferred tactic of cybercriminals.
To get a better sense of how businesses are coping with spam, we conducted a survey this month of 200 US and 200 UK IT decision makers at businesses with between five and 1,000 employees. While we assumed businesses continue to struggle with spam, we were surprised to learn how many businesses are not taking advantage of the latest technology available to them to combat these threats and better defend their networks.
An overwhelming majority of survey respondents—72% in the US and 75% in the UK—state they receive too much spam. Not a terribly surprising stat, but when asked about the volume of spam they were dealing with over the last year, more than 80% of respondents in both regions reported no decrease in the amount of spam plaguing their networks. In fact, 53% of US respondents and 61% of UK respondents report that spam volumes actually increased during the last year. Only about 15% of respondents saw a decrease in spam.
Seeing those numbers, it’s no surprise that 70% of respondents rate their anti-spam solution as either marginally effective or not effective at all. So what solutions are these businesses using to defend their networks? Here’s a breakdown:
|Rely on anti-spam capabilities of an antivirus suite|
|Rely on an anti-spam software solution|
|Rely on a cloud-based solution|
|Rely on an anti-spam gateway appliance|
|Do not use an anti-spam solution|
There are some interesting findings revealed here.
First, while the heavy reliance on the anti-spam capabilities of an antivirus security suite is nearly identical in both regions, it is not among the smallest businesses where that is most prevalent. The highest percentage of businesses (about 65%) in the US and UK saying they rely on their antivirus suite for spam protection was among businesses with 50 – 99 employees. It was not among businesses with fewer than 50 employees, where one would expect less robust IT security awareness and expertise.
Second, it appears that US businesses have been quicker than their UK counterparts to adopt cloud-based solutions to battle spam and phishing attacks before they reach their network. More than 14% of US businesses are already using a cloud-based solution to combat spam compared to only 8% of businesses in the UK.
GFI Software is a strong proponent of a multi-layered approach to mail security. A comprehensive anti-spam solution incorporates a combination of defenses located on premise and in the cloud, which GFI Software provides through its GFI MailEssentials™, GFI MailSecurity™and GFI MailEssentials Complete Online™ product offerings. GFI MailEssentials Complete Online is the latest addition to GFI Software’s mail defense suite. This cloud-based service delivers fast, accurate response against inbound and outbound spam attacks and full defense against viruses, Trojans, spyware, worms, bots, rootkits, zero-hour exploits and other threats.
Businesses Know The Dangers of Spam
When asked about their top concerns about spam, security clearly topped the list. In the US, 29% of respondents say their top concern was malicious links and files often harbored in spam, while 22% cite how spam leaves their company and employees vulnerable to phishing attacks. In the UK, 23% and 22% of respondents cite malicious links and files, and potential phishing attacks, respectively, as their top concerns. Additionally, 20% of UK IT decision makers say spam’s impact on the responsiveness of their mail servers was their top concern.
Finally, nearly 90% of all respondents in both regions say they regularly educate employees about the risks of opening spam that arrives in their inbox. But are they doing enough? 40% of businesses in the UK and 44% of businesses in the US say their networks have been compromised as a result of employees opening malicious links or by responding to information requests contained within spam. Until businesses take full advantage of the latest technologies available to them to better block spam, they’re going to have to rely heavily on a well-educated employee base. We can probably all agree that is not enough.
How do you combat spam? Do any of these findings surprise you?
Here’s our infographic visualizing the survey’s US data:
The independent blind survey of 200 US and 200 UK IT decision makers organizations with between five and 1,000 employees was conducted by Opinion Matters on behalf of GFI Software. Download the full survey results.
By Jarred LeFebvre @ www.gfi.com/blog/
Posts on your wall, comments from friends, status updates. These are the tools that help you build your online social interactions. But don’t forget that your online social life relies on a crucial ingredient: your friends’ trust in you. So why let infected links, spam or deftly crafted scams step in and spoil your fun? After all, we’ve all had enough of the “see who viewed your profile” tricks and of its countless siblings.
Using in-the-cloud scanning, Bitdefender Safego protects your social network account from all sorts of e-trouble: scams, spam, malware and private data exposure. But, most importantly, Safego keeps your online friends safe and …close.
To install the app Click Here
I’m increasingly being asked by folks on Facebook if it’s possible to tell who has been viewing their Facebook profile. A number have been attracted to webpages and Facebook applications that claim to be able to give you a secret insight into who is spying on your profile.
Well, if you’re one of those people who are curious about who might be watching you online, take care.
Right now we’re seeing a significant number of Facebook users posting messages such as:
OMG OMG OMG... I can't believe this actually works! Now you really can see who views your profile!!! WOAH
See who views your Facebook profile in real-time!!!
However, like the “Justin Bieber cell phone number” scam and the “This mother went to jail for taking this pic of her son!” scam, the links pointed to in your friends’ status updates are not to be trusted.
If you make the mistake of clicking on the link to one of these pages offering to tell you who is viewing your Facebook profile, you will find that the people behind the “services” want you to do a few things first.
For instance, they’ll ask you to “Like” their pages (which means you are spreading the link to friends in your social network), and they will ask you to advertise their site by posting an “OMG” message (with a link) to at least five different places on Facebook.
After all that hard work you would hope that they would give you access to the powerful Profile Spy app wouldn’t you? But I’m afraid your luck is out.
They’ll next ask you to hand over your personal information by taking numerous surveys – before ultimately trying to trick you into handing over your cellphone number which they’ll sign up to an expensive premium rate service.
Remember, this scam doesn’t work as the result of clickjacking, or a vulnerability on Facebook. The scammers are achieving their ends because of human gullibility – pure and simple. If people considered what they were doing and thought twice about the possible consequences then we would see nothing like as many of these attacks occurring, and our news feeds on Facebook would see less spam.
One that I have seen crop up a lot, is appearing in the status updates of Facebook users with phrases like:
This horrific photo forced photographer to kill himself! http://tinyurl.com/VerySadPhoto
This horrific photo forced photographer to kill himself! http://tinyurl.com/HorriblePic
Clicking on links like these can take you to Facebook pages which names such as “Man Commits Suicide 3 Days After Taking This Photo”.
These Facebook pages force you to first “Like” them and then republish the link on your own Facebook page (advertising it to your online friends) before you eventually get to see the photograph.
Just ask yourself this – do you really want to recommend a page to your friends, before you know what lies behind it? For all you know, you could be passing on a link which will ultimately take your online pals to a phishing page or malware.
As it happens, the pages are lying in any case.
The photograph – of an emaciated young girl in Sudan – was taken in March 1993 by prize-winning South African photo-journalist Kevin Carter. Carter did kill himself – but it was over a year later in South Africa, not three days after the photo was taken as claimed by the Facebook links.
You can probably imagine, however, that people would easily agree to publish the link to all their friends – in their morbid interest to see the photo – and thus help it spread quickly.
In fact, it’s no surprise that links like these are spreading so quickly and virally across Facebook, when popular pages such as “I like your makeup…LOL JK, it looks like you got gangbanged by Crayola” (currently 1.7 million fans and counting) have republished it to all of their followers.
Is your computer safe from online threats? The Security Scan performs the following tests and offers recommendations based on the results:
Hacker Exposure Check
Checks whether your computer allows unknown or unauthorized Internet communications.
Windows Vulnerability Check
Checks whether basic information about your computer, including your PC’s network identity, is exposed to hackers.
Trojan Horse Check
Checks whether your computer is safe from Trojan horses.
Warnings are being posted all across Facebook suggesting that users who have received multiple friend suggestions are really infected with a computer virus.
A typical version of the warning reads as follows:
VIRUS WARNING: ANYONE WHO HAS GOTTEN A TON OF FRIEND SUGGESTIONS BE CAREFUL! IT IS A VIRUS! IF YOU ACCEPT THEM THEN YOUR ACCOUNT WILL SEND OUT ABOUT 85 TO SOMEONE ELSE!!! WARN YOUR FRIENDS NOW! This is a new virus that is sending requests to spread. DO NOT ACCEPT FRIEND SUGGESTIONS AT THE MOMENT!
The reality, however, is somewhat different. Most importantly, the behaviour and sightings of more than the usual number of Friend Suggestions are not a sign of a computer virus infection.
Instead, it appears that Friend Suggestions on Facebook now go to both parties, rather than just the one you specifically suggests takes up your suggestion of a new online connection.
So, imagine you are Tom, and you think that your friend Dick should become Facebook friends with Harry. You visit Dick’s Facebook profile, scroll down to where it says “Suggest friends for Dick” and choose Harry’s name.
Your suggestion that Dick should become friends with Harry doesn’t just go to Dick, but it will also now go to Harry as well. Presumably Facebook has made this change in order to encourage more users to interconnect.
But there’s more.
As Facebook reveals on its help pages about Friend Suggestions, Facebook can alsosuggest possible friends for you to connect with.
It does this by automatically examining “the networks that you are a part of, mutual friends, work and education information, contacts imported using the Friend Finder, and many other factors.”
Aside from the mysteriously ambiguous “many other factors”, the thing I find concerning there is the reference to Friend Finder.
What Facebook means is that they can suggest friends based upon email addresses that you may have imported into Facebook from your email account address book, perhaps when you first set up your account.
What many people may not realise is that even if you didn’t add everyone you imported from your address book as a Facebook friend, Facebook can still use those contacts imported from Outlook, Gmail, Hotmail, Yahoo, etc, in order to make future recommendations.
Therefore, Facebook may also see your email address in other people’s contact lists, and determine relationships based upon that.
If this bothers you (and I can perfectly understand why it would), then Facebook says you can tell it to remove the contacts from its suggestions system. Of course, it might have been better if you hadn’t offered up your address book to Facebook in the first place..
Facebook also says that you can change your privacy settings to prevent your profile from being visible to everyone as a potential friend suggestion.
More information about Facebook’s Friend Suggestions system can be read online here.
No doubt most of the souls forwarding and reposting this latest Facebook security scare to their profiles are oblivious to all these fine details, however, and are still believing that a virus is behind the suggestion messages that they are viewing.
Of course, it should still go without saying, that whether you receive a friend request or a friend suggestion, you should exercise caution about who you befriend on a social network – as it could be a cybercriminal rather than a long lost chum who is trying to access your profile.
Oh, and don’t forget. If you’re on Facebook you might want to become a Fan of Sophos on Facebook to ensure you are kept up-to-date with the latest security news.
By Graham Cluley, Sophos
Amid all the usual attacks posing as delivery notices from DHL and FedEx this morning, I spotted some malware that had been spammed out posing as an Apple iTunes certificate for $50.
The emails read as follows:
Subject: Thank you for buying iTunes Gift Certificate!
From: "iTunes Online Store" <[email protected]>
Attached file: iTunes_certificate_997.zip
You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.
Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.
Running the attached malware can infect Windows computers. Clearly the hackers are hoping that in your excitement about receiving a $50 iTunes gift certificate that you will throw caution to the wind and open the attachment.
By Graham Cluley, Sophos
Facebook has taken down its instant messaging-style system which allows members to chat real-time with each other after claims that the system suffers from a serious security problem.
According to a report by TechCrunch, a security flaw allows your Facebook friends to secretly spy on your private live chats as well as any see any pending friend requests that you have made.
In the past Facebook has insisted that privacy is its “highest priority”, but there isgrowing concern that the site has played fast and loose with the personal information of its 400 million users, encouraging them to share too much private data online and changing privacy settings to be more “open”.
A video has been posted on YouTube which allegedly demonstrates the security hole:
The news that Facebook has disabled its chat system suggests that they are working on fixing the security problem. Hopefully it will be resolved quickly.
But even if this security issue is fixed promptly there are other security issues on Facebook, as with any other social network, that need to be considered if you plan on continuing to use the site. Make sure you read our guidelines for better security and privacy on Facebook.
Oh, and you might want to become a Fan of Sophos on Facebook too to ensure you are kept up-to-date with the latest security news.
by Graham Cluley, Sophos
At the beginning of this month I received an email telling me about someone new who had started following me on Twitter.
Their name was @canadianshop, and it was immediately apparent that they were promoting a Canadian online pharmacy via their account. These kind of websites are frequently promoted in email spam.
Like every other time you receive a new follower on Twitter, the service reminds you that you can report them for spam:
If you believe canadianshop is engaging in abusive behavior on Twitter, you may report canadianshop for spam.
But for once I decided not to. After all, this account was clearly spammy and I was curious to see how long it would take before someone else reported them and their account was suspended.
That was 24 days ago. And despite the @canadianshop account making no attempt to hide who they are – even their background wallpaper uses familiar imagery used in hundreds of thousands of emails to promote medications like Viagra and Cialis – they remain active on Twitter.
At the time of writing the account is following over 2000 people, and has 589 folk following it back.
In addition to its activities on Twitter, the account has also created a number of custom bit.ly links to promote its online stores which redirect to Canadian Pharmacy websites like the one below:
So, let’s hope the account gets shut down soon. I’ve reported it to Twitter now, and also dropped a line to the folks at bit.ly about the links in case they want to take action against those.
As if anyone needed reminding let me say it again – if you buy drugs online you’re not only putting your personal information at risk (remember these guys are prepared to spam and use scummy tactics to promote their sites, they possibly wouldn’t flinch at doing something naughty with your credit card details), but you’re also potentially putting your health in jeopardy.
By Graham Cluley, Sophos