Fighting online abuse is M3AAWG’s mission. But in reality, how do messaging and web professionals identify and root out abuse? At last month’s M3AAWG 57th general meeting, members addressed key aspects of an effective abuse desk and how to make a business case for building and maintaining this critical function.
Abuse desks may report under a security operations center (SOC), customer operations (COPS) or legal departments and will vary depending on the type of company or product, such as internet service providers, email service providers, hosting channels, or security vendors. But their mission is the same: mitigating online abuse.
M3AAWG experts from Mimecast, Iterable and Comcast recommended taking time to strategize and develop a plan that considers:
- Goals and objectives
- Audience
- Resource approval
- Minimum requirements to build a successful Abuse Desk
- Consensus and support from key functional areas, including legal, engineering, customer operations and others
- A clear plan that anticipates roadblocks
The team then spoke on the topic of how to turn data into intelligence. They recommended defining the data that is vital to building your business case, and realizing that in some cases it may not available. Also, staff needs to be aware that they will be competing for internal resources and the demands of the business. The speakers recommended being specific with data demands and leaning on your data experts to help tell your story.
Critical to building a successful business case is taking the time to assess and inventory roles and responsibilities. These might include vetting and risk assessment, internal and client education, policy creation, monitoring and feedback, and customer compliance. Collaboration with other teams such as legal and engineering is often required. Knowing and promoting all the areas that an abuse desk touches will only help your business case.
The group also addressed developing a cost-benefit risk analysis that addresses human resources, hardware, and software needs as well as travel, training, and related costs. Benefits typically might include abuse prevention and savings for the company, education, and reputational benefits.
Defining risk is a huge part of the abuse desk exercise. The M3AAWG speakers recommended considering the risk of inaction, legal risks for non-compliance, employee attrition, and loss of reputation and revenue to the company.
Once a business case has been developed, the speakers offered presentation tips. They recommended developing your case into a compelling story and keeping the story simple.
M3AAWG offers several guidance and recommendation tools for the industry on various abuse-related topics and on public policy related to security, networking, infrastructure and more.
M3AAWG also welcomes topics for future meetings, including the 58th meeting in June 2023. See here for the form and info.