continued from previous page

On the Internet there are 30-odd sites that monitor spam test servers. Operated as nonprofits, people belong to these sites and report junk e-mail activity. They create a blacklist (or block list as some are called) that includes real companies on real servers that spit out garbage. (See sidebar "Don't get listed here" for examples of some sites.)

"If your company made a mistake in network security and you find yourselves on those lists, it is nearly impossible to be removed," Ziogas says.

And it may have happened purely by accident. For example, your e-mail server can receive and send e-mail, and it also can relay e-mail. If you have neglected to shut off the relay on your e-mail server (as described in the introduction), you may have opened your network to spammers and hackers to send outside e-mail to your server and then have their spam sent out under your server and your company name.

"A spam company may have five different server IP addresses, but if all have been blacklisted for sending spam, the company has to get creative," says Ziogas. "Now it has access to software that looks for servers with open relays and uses other servers to send its spam. Only now the spam company's name is hidden, but its e-mails go out and likely get through," he says.

"We're not talking about one e-mail every now and then," Ziogas says. "We're talking about 200,000 e-mails every 10 minutes going out through e-mail relay sites under your company's name. Pretty soon the CEO is not getting his e-mails and within two to three months your company is blacklisted—all for not protecting your server."

Often companies need to call clients to be removed from their spam filters, but the problem potentially can be worse, according to Ziogas. You may have to completely change IP addresses. "When you can't get off the blacklists, you need to change your IP address and all your user names. Someone's going to get your old address. I don't want it to be my client," he says.

Protect yourself with policies

The Internet has been the great equalizer for small business, allowing it to compete with larger companies for business. But small business owners must recognize that it would not take much for a malicious piece of code to wreak havoc on its network and its business, according to Price.

"Small- and medium-size businesses are going to have to spend more money on network security and virus/intrusion protection. It's going to be the cost of doing business, similar to workers' compensation," he says.

The balance comes in making sure that you're not doing such a good job protecting your system that you block e-mails from customers, vendors and prospects.

Here are some recommendations from Price and Ziogas to can the spam:

• Invest in good quality virus protection and anti-spam software such as McAfee or Symantec. It won't be 100-percent foolproof, but it will help decrease the amount of spam that gets through. These programs run about $50 to $100 per computer; however, companies may be able to get a multi-user cost break.
• Companies such as Network Box sit in front of a firewall to monitor your server for you. You may have to contract with someone to serve in a support function with such a program.
• Don't have a cowboy mentality when it comes to network security. You must have a controlled process. You don't give your house key to everyone you know, so why give access to your network.
• Never overlook training your employees. They need to be trained on what to do with spam that gets through (hint: don't open, simply delete). If you don't know the sender, don't open the e-mail.
• Every month, it's helpful to conduct a virus penetration review to determine the vulnerability of your system.
• Use secondary or hotmail (free) accounts when conducting company purchasing or registering on Web sites.
• Implement filters, policies and procedures for dealing with spam as soon as possible.
• Use freeware/shareware to remove Spyware. e