The basics of spam filtering

Unsolicited marketing and scam emails are called spam, and it is a big business with around 45% to 50% of emails sent being spam. Experts estimate that the top 100 cybercrime groups involved in spam are responsible for 80% of the total volume.

Different groups have different motives for sending out such emails. Some groups are trying to sell fake products or drugs; other groups are trying to find targets for larger financial scams or phishing attacks to harvest details for future cybercrime.

There are many different methods to protect yourself from spam, and they can be client side in your email client or server side on your domain’s email server.

Client-side filtering is the most flexible and can be trained based on a user’s requirements. Email clients such as Microsoft Outlook or Mozilla Thunderbird include a spam filter which can send suspected spam to a quarantine folder for inspection. If you know a sender is good, you can whitelist them, or if you don’t want email from someone, you can blacklist them.

Server-side filtering is a bit different as the filters live on the mail server you connect to for email. They are less flexible as you will need to contact your administrator if you want to whitelist or blacklist anyone. Filters on a mail server are often tuned to try, and best fit the needs for an entire domain or organization rather than individual users and as such can filter out the bulk but not the entirety of spam email.

Email services such as Google’s Gmail and Microsoft’s Outlook.com include spam filtering which you can train per an account basis, but the downside is you get a generic email address rather than something like johnsmith@companyname.com which can better stand out to clients.

Email headers are easy to forge as security was not in mind when Email was created back in the 1980s. Since then new extensions to the standards have been created so that spammers can’t send email while pretending to be someone else.  These technologies are called Sender Policy Framework and Domain Keys Identified Mail.

These two additions ensure that only the email servers specified in a Doman’s DNS records can send email from that domain, an imposter pretending to be from that domain will have their messages dropped by the receiving server or automatically flagged as spam depending on how the administrator configured the filters.

If a spam email is sent from a server in Australia or is representing an Australian company, you can report it to the Australian Communications And Media Authority using this web link: https://www.acma.gov.au/theACMA/make-a-spam-enquiry-or-provide-information-to-the-acma

While you may receive only a small number of spam emails per day, experts estimate that email spam costs the global economy over 20 billion dollars per year in lost time and fraud.

A properly configured and trained spam filter may save you five minutes per day but that time adds up over a year especially if you have multiple email addresses or employees.

Three Reasons Your Small Business Needs A Website

Laptop

Introduction

Having a website for your business is essential to showcase your business to new customers while building credibility. You may think that your business is too small to have a website, but the truth is that no business is too small to have a website. A website can be affordable, is easy to set up and build yourself and will improve your business.

Availability

Today’s world has moved past shopping between the hours of 9 to 5 on weekdays and many customers like being able to shop for items at a time that suits them. A website is available 24/7/365 and is with modern smartphones is available to the 9 to 5 office worker or the night shift worker.

An E-Commerce website can take orders from your customers 24 hours a day for a convenient shopping experience no matter if they are at work or the beach then ship the product directly to their door.

Professionalism

Having a good-looking website can go a long way in making your business look professional. Trades and craftspeople can show a portfolio of previous work and shops can show off their range of products.

Another advantage of having a website is having your domain name be a part of your email addresses. There are other benefits such as not having to update marketing material and customers if you change ISPs or deal with being blocked by spam filters if you use a free email service.

Sales & Marketing

Being able to take orders online opens your business to a potentially worldwide audience. With an E-Commerce site, you can sell directly to customers online without them even being in the same region as your physical store. Even if you decide not to sell online having a showcase of your products can give potential customers a taste for what you sell and give them enough information to save your staff time in answering customer inquiries.

Other advantages of having a website are that you can add it to your social media presence, use tools like Google Analytics or the Facebook Pixel to see demographic information such as customer’s interests, where they are from or how they found your website to determine where to focus your marketing budget.

Overall

We at Small Space IT can sit down with you and discuss any questions you have about an online presence for your business. We can help you with creating a website, setting up an E-Commerce store, product photography and all your other business and personal IT and computer needs.

Some Password Tips

Security is an important consideration as a password could be the difference between staying safe and having your savings plundered or identity stolen.

 

  • Never use just a single password for everything. – If that one password gets stolen, cracked or phished the attacker will have access to everywhere that you have used that password from social media to online banking to even workplace logins.
  • Ensure Your Devices Are Secure – Having up to date antimalware protection and keeping your operating system and other important programs updated will help protect your devices from keyloggers and other malware that can steal saved passwords and other data such as pictures from your devices.
  • Longer Passwords are better – Each extra character for a theif to have to brute force ads exponentially more time to the cracking process. I suggest a minimum of 12 characters these days but longer is better.
  • Use Passphrases – Passphrases are several words strung together with a mixture of upper and lower chase characters, numbers and special characters added, it’s easier to remember passphrases. An example of a passphrase is: laUghing&l0bster<wheel
  • Use a Password Manager – A password manager such as Lastpass can store your passwords safely on your computer in a way where they are encrypted using a master password. A password manager allows you to use a separate strong password for each site that you can unlock with a strong password or passphrase that you can remember. You should treat it like a digital post-it note though and keep the master password secure.
  • Keep it out of plain site. You should keep your password out of view. If you must write it down don’t stick it on a post-it note on your monitor. Keep it somewhere safe like in a wallet, lock box or safe where only you have access to it.
  • Use multifactor authentication – These days many services offer the ability to verify your identity using a second factor such as SMS message, email, hardware token or mobile app to provide a code which you must enter to be able to log in. Once a device is known you may not have to use a second code to login again from that device but if someone does get your password they will not be able to log in without the multifactor code sent to you which can also let you know that someone is trying to hack your account.

There are online passphrase and password generators that can help generate secure passwords such as http://www.dinopass.com/ and https://xkpasswd.net/s/ if you want to use random characters in passwords another site you can use is https://www.grc.com/passwords.htm

What is Ransomware and How to avoid it?

Many of you have probably heard of something called Ransomware on the news and are wondering what it is and how it can affect you. Ransomware is a type of malicious software or malware as it is known that after infecting your computer will search for many kinds of files including documents, videos, game saves amongst many other types of file and encrypts them with a key known only to the creators of the malware then attempts to get you to pay the creators to get your files unlocked.

You can get ransomware from infected emails, compromised websites, dodgy internet advertisements and even potentially from infected USB drives. Most decent antivirus software will pick up most variants of ransomware but not all variants. New malware is created as fast as the antivirus companies can detect and block it in an everlasting arms race between security professionals and criminals. In another guide I will be providing reviews of various antivirus software with the pros and cons for each but for now I will be just helping you deal with the risk of ransomware.
The best way to avoid having to pay up after getting your files locked is to keep regular backups. Regular backups will also protect your data from other problems. The most common form of backups is to just copy your files onto a USB drive. If you have Windows 8, 8.1 or Windows 10 then you are in luck as Microsoft have a backup application called File History which is able to automatically backup your files to an external USB flash or hard drive. File History can also backup to a Network Attached Storage also known as a NAS box. Apple computers are also at risk of ransomware but not as much as windows computers. Apple includes a backup program called Time Machine which can back up to an external drive or a NAS.

USB flash drives are cheap and easily obtainable even many supermarkets stock them in this day and age. USB hard drives cost more but are able to store far more then USB. USB drives also have the advantage of being able to be easily disconnected when you are not actually using them which helps a lot in protecting the backup from also being compromised by ransomware. Network Attached storage has the advantage of being able to backup multiple computers at once, always on for constant backups and able to easily share your media with all your devices but has the disadvantage of being vulnerable to malware able to scan the network for files to lock.

If you are infected with ransomware and your files are locked your options are either to start from scratch, restore from a backup if you have one or pay the criminals for your files to be unlocked. If you are in the unfortunate situation where you have to pay for precious family photos or important business documents to be released you will likely have to pay the criminals in what is known as bitcoin, a semi anonymous internet equivalent to cash making the criminals hard to track down and often they are in countries that place them out of reach of the Australian authorities. It is still a good idea to report them to the police though because something may be able to be done in the future. You may get lucky and be able to negotiate down the fee to get your money back as to the criminals some money is better than none at all but it is not guaranteed.

In conclusion the best defence against ransomware is to mitigate your risk using good antivirus software and have regular backups so that if you happen to get infected not much is at risk of being lost. Small Space IT can help you pick what backup strategy best suits your needs.