How big is the Spam problem?

To start by showing my hand, I really dislike Spam. I could live without offers of pirate software, contact from someone pretending to be a young Russian woman, offers of all sorts of pills and potions and of course, the enhancements to my anatomy. 

My guess is that there must be a return on their effort - in other words enough people must click-through to make spam worthwhile.

On one level they are a nuisance, but if there are enough spam emails, they are clogging your Internet connection. So, are there enough? 

Here is real data from a Spam Filter here in Australia - you decide.

Total Emails received = 9.5 million

"Genuine" Emails = 2 million

Spam Emails = 7.5 million

This means more than 80% of the email arriving at this domain is spam. 

Having an absolute fix for spam is difficult, as it involves technical and legal remedies. That said,  I notice that Spam Filters are now doing a great job. For example, I have a Hotmail account and the Spam arriving in my inbox is zero. If more and more spam is blocked, then hopefully, the sources will diminish. 

Is all Data created equal?

How many places do you have data stored? Excluding the data you have residing on servers, what about the data you have stored on your personal devices?

You may have multiple data stores. Your laptop of course, your PDA, mobile phone, USB sticks and removable hard drives. Any more?

In most organisations, “corporate” data, such as accounting information and even email, is secured, protected and managed for back-up.

So, are your spreadsheets and presentations any less valuable to you? The business won't stop trading if they are lost, but what about your productivity? What would happen if they were all lost tomorrow? Are you relying on email as your archive?

This raises three questions
1. What is the security and protection for data on mobile devices, if they are lost or stolen?
2. What is the back-up process for this data?
3. Should this data (documents) be treated differently to other data (accounting)? If so, is that explicit in policy?

Mobile Security

Mobile computing is important. The proliferation of notebook computers has changed the way we work, and that change has been accelerated by mobile-connected PDAs. They are great business tools, but are they opening a gap in your security?

Wireless mobile computing found popularity in real-time data collection, often customer-facing (sales order taking, delivery confirmation, logistic tracking) and at the senior executive level, with mobile email as the driver. We are now seeing more applications, often from a Web interface, being available to mobile devices, with an example being CRM.

So back to my original question – are these devices creating a hole in your security? I must declare my hand here – I am a big fan of mobility. Making information and functionality available at the point where it is of most benefit, is a good thing. So, this isn’t about slowing mobility, its about making mobile computing as secure as possible (within the risk parameters of the organisation), and working to review and improve that security on a very regular basis.

To state the obvious, these devices are computers even though they sit in your hand. They run operating systems and applications, so they should be secured like other computers. In addition, they are using wireless connectivity, which itself requires more security focus.

For example, devices retrieving email are virtually connected (through the outbound connection) to the internal network and will remain in an always on, always connected state. This is not how other remote access devices would connect, and this could create a vulnerability if a rogue user, wirelessly connecting to the PDA, used the PDA’s connections to enter the Corporate LAN.

The good news is that there are some innovative tools available to help; they just need to be deployed and managed.

This is a quick checklist to get started;
• Anti-Virus – would you have a Notebook without AV? Do you have AV on your mobile computing fleet?
• Firewall – is the device protected from wireless attack?
• Lost or Stolen – what can you do to protect the data if the device is lost or stolen? What process do you have in place?
• Encryption – is the data encrypted in transmission? Is it encrypted on the device?
• Authentication - is the data/access important enough to be protected by two-factor authentication?
• Device change – what process do you have in place to securely remove data when the device is returned, or passed on to another user?