Question: How competitive has the email security Managed Service Providers market become?
Smith: The market has definitely become more competitive over the past four years. We have started to see the beginnings of some mergers and acquisitions, but there is still a lot of growth potential. We plan to stay ahead of the competition by continuing investment in proprietary technologies that complement our core spam and virus protection service, by working closely with our growing network of channel partners, and by providing a range of programs to support their needs. We also plan to expand our email-related managed service offerings to cater to a wider range of needs among our existing customer base.
Question: What can an email security MSP do that an in-house IT department can't?
Smith: Either way, companies still have to spend time and money to protect their systems from spam and viruses. They can either purchase an in-house solution and spend time managing it or outsource the function, but both require expenditures. One advantage of an MSP is that threats and bandwidth-intensive services are offloaded from company servers so systems function better. Also, the administrator can focus on daily operations rather than spending time fine-tuning spam filters to keep up with changing spam campaigns. Due to the high volume of e-mail coming into their servers, MSPs have the benefit of a shared threat matrix from which they get a global view of varying campaigns and can quickly write rules to combat the efforts of spammers.
Question: What new email security threats do companies have to deal with?
Smith: We are starting to see a trend toward highly targeted phishing campaigns. For example, scammers will start sending campaigns posing as a local credit union or government organization rather than a large, brand-name company, exploiting an element of trust that email users may have with their local businesses.
Overall, the best way for a company to ward off any phishing attacks is to educate its employees. Make sure employees second-guess anything that looks "official," such as banking information, password requests, credit card inquiries and payroll data. We suggest implementing the "don't click and tell" method, meaning deter employees from clicking on miscellaneous links and discourage them from filling in forms that ask for private or security information.
This 3 Questions originally appeared in a weekly report from IT Business Edge.
This was first published in September 2006