Computer viruses have traditionally stolen the headlines and, consequently, there are now less e-mail users unaware of the dangers that lie in their wake. Viruses enjoy a certain infamy that grows every time a new outbreak occurs (OnTheFly, who wrote and released the Anna Kournikova virus almost exactly a year ago, couldn’t have believed his luck when his exploits were plastered all over the press for days on end). Viruses are most definitely the e-mail pests we love to hate.
While some IT security managers quake in their boots when the newest viral contender shows its colours, others will observe with interest to see how bad matters become. Are they all missing a trick, though? When it comes to e-mail security, there are other less glamorous foes beginning to threaten business productivity throughout the UK.
E-mail porn and unsolicited e-mail – or ‘spam’ – increasingly impinge on today’s workplace productivity levels. Though they don’t have the same reputation and exposure as PC viruses, they are nonetheless highly effective at wasting both company time and resources. Looking at the problem as a whole, approximately 20-30% of all business e-mails carry either a virus, spam or porn.
The subjectivity of spam
While viruses – whether high profile or not – are always intended to corrupt or clog, and are rightly perceived as dangerous entities in their own right, porn and spam are far more subjective. They don’t delete files, infect our colleagues’ PCs when they’re not looking or send our private documents around the world, but they do have other less obvious implications. In fact, service provider Star Internet estimates that spam and porn costs the UK some GB pound 3.2 billion every year. An astonishing sum of money considering the current economic climate.
Spam – the e-mail pest that has established itself on the other side of the pond – is essentially e-mail rubbish. Marketing junk. The online equivalent of a double glazing salesman. Our previously neat and tidy inboxes are now increasingly being inundated with unbeatable offers on herbal viagra and ‘bone fide’ university diplomas, not to mention the ubiquitous get-rich-quick schemes.
Belying its comic name, spam has begun to cause real problems. A recent MessageLabs survey shows that 28% of all e-mail is currently described as ‘useless’ by employers. A figure supported by the Gartner Group survey suggesting that 34% of all e-mail received in the workplace is unwanted.
Pornography on the Web
In contrast to spam e-mails, the proliferation of e-mail porn and its ensuing cost to business is not something that can be blamed on other people. There’s no getting away from the fact that a good many employees would rather gaze upon bare flesh on a Friday afternoon than finish off the strategy document that’s been sitting on their desk for the past week.
Unlike viruses and spam – which are both impersonal and inconvenient – e-mail pornography is highly subjective and emotive. It can cause certain members of society real distress. In recent tests, we discovered that 5% of all workplace e-mails boast an attachment. Of these images, 10% are hardcore porn and a further 15% could be construed as being pornographic. Most alarmingly of all, perhaps, MessageLabs also discovered that over 90% of all e-mail image attachments are in no way business related.
We’ve also mapped the peak times for ‘pornographic traffic’. Porn levels are low until 6.00 am, peaking at around 10.00 am. By this time staff have arrived at work, rummaged through their inboxes and forwarded any favoured attachments to friends and work colleagues. Traffic levels then decrease, not rising again until 3.00 pm – the peak time of the day – when post-lunch restlessness kicks in and employees seek something mindless to distract them from the tasks at hand. This pattern is fairly static from Monday through to Thursday, doubling on Friday as minds begin to wander towards the weekend.
Damage to corporate reputations
All of this leaves employers and their security managers in something of a quandry. Although they don’t want to govern the company with a rod of iron, neither can they turn a blind eye to people distributing pornography which is losing the company money, possibly causing offence to other staff members and damaging corporate reputations.
So what’s to be done? How can employers begin to take control without their employees thinking that they’re taking liberties? The crucial factor when dealing with subjective issues such as spam and (in particular) porn is flexibility. Organisations and the people that make them are all unique. Measures that are right for one company will not be so for the next, and any e-mail filtering measures in which that company invests must reflect this.
As far as porn is concerned, past attempts at trying to scan e-mail for dubious images have largely proven ineffective. Why? They’ve taken a black-and-white approach, resulting in high numbers of false positives. Historical porn filters have traditionally relied on flesh tone, URL blockers and text analysis. Consequently, success rates span anything from 20-70%.
Scanning at the Internet level
More recent attempts at tackling the problem have been far more successful and rational. Cutting edge technology has the ability to differentiate between pornographic images and those which are completely harmless, such as holiday snaps and even ‘artistic nudes’. Success rates here are around the 95% level.
Internet service providers are now offering filters such as SkyScan AP (Anti-Porn), with the choice of ‘high’, ‘medium’ or ‘low’ settings to suit the end users’ organisation, while the SkyScan AS (Anti-Spam) service allows them to set up their own filtering criteria for junk e-mails by selecting blacklists and whitelists based on IP address or domain.
Public blacklists of known spammers are also checked by such services. Therefore, when a pornographic or spam e-mail is detected, the customer can decide whether they want it to be tagged, redirected or simply deleted.
The e-mail problem, then, is widening. Security and IT managers should be aware that they have more to lose than merely a crashed server. They stand to lose brand reputation, valuable employees and – possibly most important of all – money. Don’t let it happen in your organisation.
