If you use email or instant messaging, your business is under attack every day. Spam is no longer just an annoyance, but certifiably dangerous. A primary conduit for viruses and malware, it’s also a productivity vampire that represents a constant drain on your IT staff, end users, network bandwidth, and computer systems—not to mention the morale of employees who are routinely bombarded by offensive messages.

Consider the other side of the coin: the risk of sensitive, confidential, or obscene messages leaving your organization, either maliciously or accidentally. Compliance and legal concerns are forcing many companies to take control of outbound messaging, while other organizations are doing so voluntarily, out of concern for their reputations. Indeed, do you really know what’s leaving your SMTP gateway?

With that in mind, smart SMBs are working with their technology partners to minimize messaging security risks and reclaim productivity with the least amount of management overhead and capital expense.

Calculate the true cost of spam

In the war on spam, now is not the time to be weak—but if you are, you’re not alone. Many SMBs are still in denial about the true cost of spam, yet they are even more at risk than larger organizations.

“SMBs are more vulnerable to spam and email-borne threats because they generally don’t have the time, money, or IT resources to implement the security infrastructure that a typical enterprise environment has,” says Brian Burke, program director, security products & services, IDC. “So whether it’s a virus infection that knocks out their network for a few hours or days, or an information leak via email, although these things can be costly to a company of any size, they’re much more of a risk to smaller businesses because the bottom line is that much more sensitive.”

The bulk of the cost of spam to SMBs, however, is likely to arise from a less dramatic, yet very regular occurrence—the daily exercise of identifying and deleting spam messages from inboxes. Many companies can save thousands of dollars per year simply by freeing employees from this drudgery.

Besides, with spam accounting for more than 90 percent of email volume at most companies, paying for servers, bandwidth, storage, and IT staff to support data you don’t want doesn’t make much sense.

Minimize complexity with a single-vendor solution

There’s no one-size-fits-all solution for messaging security, even for SMBs, but using security products from a single vendor can be helpful from an integration standpoint. “Security vendors are now developing products that are focused on the SMB market to meet the need for cost-effective, easy-to-manage, integrated messaging security solutions,” notes IDC’s Burke. “And a single-vendor solution can strengthen overall business continuity by combining traditional messaging security with data loss prevention and archiving technologies.”

Bertelkamp Automation is a Knoxville, Tennessee-based representative and stocking distributor for manufacturers of industrial automation components. The company has experienced firsthand the disadvantages of a piecemeal security solution.

“We used to just block everything and then had to manually edit firewall configurations to let the good stuff through. It was very labor intensive,” recalls Sean Adams, IT manager. “Despite this, we had an incident where one of our workstations got infected by an emailborne virus, and we basically became an email spam relay for this virus. This thing probably came in through an email from a trusted source. Once it was in, of course, it was too late.”

Working with Symantec Partner Jensen Information Technologies, Bertelkamp integrated a Symantec Brightmail Gateway Small Business Edition appliance into its Multi-Protocol Label Switching (MPLS) cloud network. Symantec Brightmail Gateway Small Business Edition was the right fit for Bertelkamp,” says John Jensen, systems architect at Jensen IT. “It’s cost effective and easy to deploy.”

Now, Adams is getting back the 30 to 40 minutes a day he used to spend on firewall white-list management, and he no longer worries about messaging security. “The accuracy of Symantec Brightmail Gateway is unbelievable,” he says. “We’re blocking around 25,000 spam messages a day, and we haven’t had one false positive. We’re also able to grant certain users access to instant messaging and know we’re doing so securely. In addition, with the outbound message filtering, I finally have control over the content that leaves our organization—from now on, email around here is going to be monitored very conservatively.”

Although Bertelkamp chose a physical appliance, many companies are opting for virtual appliances to conserve power and space. “SMBs have a strong interest in virtual security appliances,” says IDC’s Burke. “The benefits of increased scalability and data center consolidation combined with hardware cost savings can easily be explained to management. And the use of virtualization is very compatible with Green IT initiatives, which can actually be a key driver depending on an executive’s personal philosophies.”

Reclaim your workforce

Putting an effective messaging security strategy in place can result in enormous productivity gains for SMBs. One example is J.A. Kennedy Real Estate Co. in Las Vegas, Nevada, which decided to outsource its entire IT infrastructure to local managed services provider Kortek Solutions, a Symantec partner. A previous IT consulting arrangement had resulted in widespread damage from a virus received via email and multiple instances of data loss.

“We had projects and lots of information to manage, we were adding employees, and we couldn’t afford to lose any more valuable time to spam and viruses,” says Joe Kennedy, founder and president.

Kortek Solutions hosts a single Microsoft Exchange-based server for J.A. Kennedy, which also runs Symantec Mail Security for Microsoft Exchange software with Symantec Premium AntiSpam, an add-on subscription service that offers a high accuracy rate against critical false positives.

“False positives were a real problem before,” Kennedy recalls. “Our previous antispam software was not very effective at distinguishing spam from legitimate email. It was causing us to miss business-critical emails. This has not happened since we switched to Symantec Mail Security.”

In addition, spam email used to be a major productivity challenge for Kennedy and his staff, draining hours a week per employee. Now the company is saving more than 1,000 hours a year previously spent sifting through email and deleting spam, or hunting down information from accidentally deleted emails.

“We’re able to reduce the number of hours we spend on unproductive tasks, which contributes directly to the bottom line,” Kennedy confirms. “And we’re mitigating risk as well—we haven’t had any instances of data loss since using Symantec Mail Security.”

“Small businesses are deeply affected by any kind of productivity loss, and messaging is a key area where IT can give that time back to the business,” observes Lyle Epstein, president and CEO of Kortek Solutions.

Consider a hosted services approach

A growing number of organizations are choosing hosted, software-as-aservice (SaaS) solutions for messaging security, a trend that IDC’s Burke expects to continue. “By utilizing SaaS, the initial capital expense of the software or appliance investment is eliminated and replaced with a monthly or annual subscription service fee,” he notes. “SaaS can also significantly reduce soft costs related to ongoing maintenance, upgrades, and staff training. There’s less need for capital investments to replace aging technology. We’re seeing more and more SMBs gravitate toward hosted mail security solutions, and the main driver is cost savings.”

For TWM Solicitors, a Guildford, U.K-based law firm that operates from seven locations in the south of England, cost was what drove its decision to outsource email security. “Nearly 90 percent of our email traffic was spam, and I didn’t want to filter within our network because the hardware and bandwidth demands would be cost prohibitive,” explains Alan Barrett, head of IT.

The firm now uses MessageLabs Hosted Email Security from Symantec for virus and spam protection, as well as outbound content control. “By outsourcing our spam filtering to MessageLabs Hosted Email Security, we’re paying a fraction of what it would cost us to manage messaging security in house, and we’re handing it off to experts,” says Barrett.

The firm is also using MessageLabs Hosted Email Archiving from Symantec to ensure that all emails sent or received are retained, and to enable nontechnical users to retrieve old email without assistance from IT.

“We have an appliance in our data center that acts as the retriever,” Barrett explains. “Everything gets journaled to a mailbox on both of the [Microsoft] Exchange servers, and then gets picked up by the archiving box, encrypted, and sent off to the external archive in the cloud. So we have a complete history of communication. And because the archive is hosted off site, there are disaster recovery benefits as well.”

Staking your reputation—every day

IT professionals who pay close attention to messaging security are also making a savvy career move. The CEO probably won’t know if the server didn’t get patched on time, but every spam that lands in her or his inbox makes her or him wonder why IT isn’t doing a better job.

“Before, enough spam was getting through to impact my image as a savvy IT professional who can stop these kinds of things,” says Bertelkamp’s Adams. “Now I don’t get any complaints.”

TWM Solicitors’ Barrett agrees. “The effectiveness of our messaging security and archiving strategy is ultimately communicated out to our clients,” he concludes. “It demonstrates professional excellence.”

Ken Downie is Senior Writer at NAVAJO Company. His work has appeared in Business Finance, Business Credit, and CIO Digest magazines.