The objectives of this project will result in a reduced security risk due to incoming spam and junk email messages. Achievement of the objective will be difficult to measure because it represent something that will not happen if the project is successful. A reduction in threats due to the actions or inactions of employees will result in achievement of these objectives. An employee questionnaire or survey would be useful in determining if the policies result in a greater awareness and adherence to prescribed policies regarding how to treat spam in the company. Increased awareness and willingness to take actions to increase security, as measured by a survey conducted some time after the policies are in place will provide insight into the success or failure of the prescribed measures.
There are several contributing factors that will affect the outcome of the project and the ability to achieve the intended objectives of the study. The first factor will be the willingness of managers to disclose the real risks associated with spam. They may have differing perceptions of the real risks. They may tend to minimize or overstate the real risks involved in the amount of spam or junk email that they receive. They may not be aware of the real risks involved with spam and the affect that it is having on their company, which may have an impact on their interview and questionnaire answers.
The impact of spam on companies will have to be considered in terms of the quality and level of spam security that the company has installed. It would be expected that companies with no spam or junk email protection would be inundated with unwanted email to a higher degree than companies that have installed sophisticated spam protection packages.
The key strategy that will be used to achieve the objectives will be careful analysis and identification of the root cause of the problems with security. For instance, if the interviews and questionnaires indicate that the problem is more software related, these issues will be at the forefront of the solution and more efficient software, or perhaps layers of software will be used to target the problems. However, if people are found to be the problem, then training and policies will be used to address the issues. For instance, if it is found that employees are engaging in activities during lunch that involve accepting solicitations from sponsors to play a game or take a quiz, then these issues will have to be addressed in order to reduce the amount of spam coming into the computers.
Interviews and questionnaires will be the key tools to evaluate the risks and root causes of problems found during the study. Ecommunication within the company will be used to evaluate the number and threats associated with spam and junk mail within the company. It might be noted that employee perceptions regarding email risks and threats may be different than the information revealed through the actual examination of the email itself. This analysis will serve as a comparison to the perceived threats and risks associated with spam and junk email within the company.
The strategy to be implemented in an attempt to reduce bandwidth usage and improve security protocols will entail a comparison of the perceived vs. The actual risks associated with spam and junk email will be to identify the causes of these problems. The solution to the problem will be to devise a published set of protocols to help reduce the amount of email coming into the company and to help improve security. Increased security will be achieved through a combination of action and awareness of the potential problems associated with spam. Employees will have a set of actions that they can take to help increase security and decrease spam and junk email within the company.
This study will be directed towards department managers and those within the company that are responsible for helping to reduce operating costs and increase profits within the company. The primary audience will be managers who wish to take positive steps to help reduce the security risk and operational problems associated with spam and junk emails. It is intended to provide them with a strategy for helping to reduce their associated risks within the department. The target audience of the study will also be part of the sample population as well, but not all of them.
Chapter 2: Literature Review
The problem of spam began as a minor annoyance, mush on the same level as junk mail through the post office. It was easy enough to just delete it or ignore it. However, spam and junk email have grown in proportion to the increase of ebusiness and now represents a major loss of productivity. Recently, this topic has caught the attention of the academic community and studies indicate that this problem is more than an annoyance. It represents a major cost and security risk for companies. The following will examine relevant literature regarding spam and issues of bandwidth and security issues due to spam and junk email.
The Affects of Spam and Junk Email on Business
Several studies examined the costs and other losses associated with the high number of spam that companies typically receive. The costs of spam can be divided into tangible and intangible costs. Tangible costs include the costs to purchase anti-spam software and hardware to combat the problem (Edwards 2007). Lost productivity due to the time it takes to read each email could be viewed as either a tangible or an intangible cost (Edwards 2007). Waster storage is another tangible cost, particularly if it results in the purchase of extra storage space or devices (Edwards 2007). One of the more difficult intangible costs is the amount of cost that is passed onto the customer from ISPs (Edwards 2007). Spam harms business and can lead to damage to their reputation, especially if it was their computer that acted as the zombie and sent out a virus to everyone in their customer base.
How does Spam Work?
Spam and junk emails are a form of direct marketing. This marketing technique relies on the statistical assumption that if one sends out enough ads, most people will reject it, but a certain number will respond (McCusker 2005). Unlike bulk mailing, which entails printing costs, stuffing envelopes, labels, and the costs of mailing, spam is a low cost alternative. Cost estimations indicate that the cost of sending an email is between U.S.$0.000082 and U.S.$0.000030 (McCusker 2005). This amounts to upwards of U.S.$0.50 to over a dollar for conventional bulk mail through the Post Office. As one can see, spam is the cheap alternative to the old fashioned version of direct mail. Companies can send out millions of emails and they can do it repeatedly every day. One case reported that a response rate of 0.0023 led to a sales of $1,500.00 (McCusker 2005). This venture only cost the spammer $350.00 (McCusker 2005). Almost 1/3 of all email respondents will click on the email and at least read it (McCusker 2005). This is a very lucrative marketing technique.
Spam can only be sent to valid email addresses. Spammers obtain these lists from internet sites, such as chat rooms, blogs, or other means. They may use corporate email addresses, as these sites are often designed to build customer relations (McCusker 2005). Spammers use software that tracks back to them to confirm that a recipient has read the email.
The most noxious of the techniques used to obtain valid email addresses is called a "directory harvest attack" (McCusker 2005). In this strategy, the spammer will attempt to deliver emails to corporate addresses using any number of possible name combinations. They send them out and see how many come back rejected. Those that do not bounce will be considered valid email addresses and can be used to target the marketing campaign (McCusker 2005). As one can see, spammers use a number of strategies to obtain valid email addresses. One might note that this approach does not represent a targeted audience.
One source of spam that is often not considered in spam threat analysis is the "friendly fire" spam where employees and their families send jokes and other such links through the company email for mass distribution. Internally generated email spam can be devastating for a large company (McCusker 2005). Companies that allow this type of behavior and do nothing to stop it risk liability, should damages arise from actions within their company.
Spam is filled with chain letters, bogus business opportunities, advance fee fraud, and get-rich-quick schemes (McCusker 2005). Although, some legitimate offers do arrive through spam, many are too good to be true and filled with empty promises that the originator cannot deliver. The art of "phishing" is another offshoot of email fraud. In this scam, an official mock (spoof) email is sent to the person.…