Cisco Blogs

The big cost of spam & viruses for small business

August 3, 2010 - 2 Comments

Protecting your network against spam and other Web threats can save you plenty

The Web is a wondrous place filled with valuable information and harmless entertainment. It’s also a dark place filled with phishing scams, malware, viruses and spam (unsolicited or “junk” email). It’s kind of like walking around in a new city, you never know when you are going to cross “that street” and find yourself in an unsafe neighborhood. We all know not to send our banking information to the “kind gentleman” in a foreign country who needs help exchanging his royal inheritance; but it’s not always that obvious that you encountering a criminal.

I’ve had my own experiences with spam and viruses, but when writing this post I wanted to do a little research to find out the real costs and I was stunned, to be honest. Every year Cisco puts out an annual security report based on independent research and our own data. The 2010 Midyear Security Report was just released.


According to the Cisco report; in 2010 the volume of global spam is expected to be 30-40% higher than it was in 2009. Spam can be a mere black hole of productivity, or it could be much more; it could viruses or malware that steal information or shut down your operations.

One way criminals are luring victims is by taking advantage of global events. Take the death of Michael Jackson as an example. During the days surrounding the announcement Internet traffic spiked with searches on his past and what happened. Many of the highest-ranking search results related to his death were actually malicious websites. Within hours of the first report of Jackson’s death, a wave of email spam with subject lines such as “Confidential–Michael Jackson” was unleashed worldwide. Much of this spam contained links to viruses. Cisco researchers identified eight different botnet organizations using the Michael Jackson lure, including the Zeus Trojan which infected nearly 4 million computers worldwide in 2009.

According to a Network World online calculator , a 100 person business could be losing as much as $55,000 per year on spam (using the calendar above, I changed the employee number to 100 and left all other assumptions at the defaults)


In 2009, FBI Director Robert Mueller fell prey to a phishing scheme when he responded to an email that purported to be from his bank asking him to verify details. If it can happen to him, it can happen to any of us. According to the FBI, the costs of online fraud such as phishing schemes more than doubled between 2008 and 2009from $265 million to almost $560 million in 2009. If you or one of your employees falls victim to one of these scams there could be evident direct costs, but what about the time to fix the issue? I’m pretty sure if all my bank accounts were compromised I wouldn’t be 100% focused on work until I fixed it — which could take weeks!

What can you do to protect your employees and your business?

Educate your employees. Securing your network is obvious, but if your employees aren’t trained on the products and policies you put in place, you’re still leaving your business open to attack. They need to know about keeping their passwords safe, keeping their personal data safe (social networks are a cyber-criminal playground) and avoiding it won’t happen to me syndrome. An official security policy can be very helpful.

For more information read this Cisco article on Small Business Network Security Considerations

Consider a security appliance. These tools combine firewall, VPN, and optional intrusion prevention system (IPS), email, and web security capabilities to protect your business from threats. Any appliance you select should fit into your existing network plan and be able to grow with your business.

Determine remote access policies and ensure you have a secure VPN. Enabling employees to access your network remotely can be critical to improving productivity but can create risk. Make sure the VPN technology you are using is up to date and easy to use. If it’s too hard for users they’ll circumvent the system and open you up to risk.

Work with a professional. I’m sure it’s a little repetitive at this point but I can’t stress enough how helpful a certified technical partner can be. Network security is constantly evolving as cyber-criminals think of new ways to attack victims. This is when you need an expert watching out for you. Find a local partner here.

If you find the task of securing your business against Web threats overwhelming, consult a local certified expert . We recently published a post on how to work with a partner, and it’s filled with good advice.  Trained partners can make selecting, installing, and maintaining a security solution easy.

I’ve had a lot to say about security, but listen to what employees and owners of small businesses we work with have to say about their experiences.

How much can you afford to risk?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Almost to the day, three years ago I published an article encouraging readers to make a projected annual spam count, so they would know the amount of spam they deal with annually. My own projection at that time yielded almost 16,000 pieces of spam received annually into a single business email account of mine.

    I think it’s good to understand the total volume of spam received. It’s FAR more than most people realize. Any spam received is a potential revenue stream for spammers/criminals as well as a drain on valuable business resources.

  2. That’s a great point! I just checked my email and found I had recieved 268 pieces of junk email OVERNIGHT. I’m so happy I don’t have to sift through all of that – it would probably add a half hour to my day.

    Thanks for commenting!