Last May 2011, we conducted an analysis of Canada’s cyber security risk profile, which led to the discovery of a disturbing trend. Canada had become the newest breeding ground of cybercriminal activity.

In the hopes that things would get better, we conducted an exact comparison of the same cybersecurity stats one year later. And we were even more disturbed to see that in Q1 2012, hackers are still taking advantage of Canada’s “squeaky clean” cyber reputation and remotely controlling Canadian servers to carry out their criminal attacks.

Across the board, we’re seeing all types of malicious content coming out of the Great White North. For example...

Before we begin, I recommended reading Getting Ready For Data Loss Prevention (DLP). Go ahead, I’ll wait for you…

Back? OK, now let’s talk what comes after; the “How” to implement DLP part.

As a next step, and at the risk of blowing my own horn, consider watching the recording of a webcast I did on April 5 here. You’ll get recommendations on how to deal with issues that are often overlooked in DLP deployments as well as some critical “how to” advice. This I position as an antidote to the all-too-common and none-too-helpful “just do it” approach to DLP advice. Because, on the path to DLP success, there are two deadly pitfalls to watch out for: 

The first is in understanding where to start your data protection strategy using DLP (and why). Where to start influences your program’s effectiveness compared to how much risk you are hoping to eliminate from the business.

The second pitfall is in understanding how to execute. The "how" may be the most important  part as it ultimately determines how soon you will benefit from DLP and determines the amount of resources that are required.

Surviving one of the pitfalls is hard enough, but trying to get through both on your own is nearly impossible.

Unfortunately, much of the historical “how” started with massive data-discovery projects, which usually meant at least six-months of project consulting before any data is protected.

Not every DLP vendor has the same vision for how to make DLP work, so make sure that you understand your vendor’s approach and agree with it.

Have a listen and let me know what you think.

Ever been to a webinar that tells you what to do, but fails to say how? Well, this week I’m determined to change that. I’m hosting a webinar that will help eliminate DLP fears and provide a guide on managing risk. As a Websense expert on DLP, I’m going to give real-world practical advice on how anyone can understand, apply, and realize real measurable DLP results. 

Here’s the webinar link. Join me on Thursday, April 5th at 10 a.m. PST/1 p.m. EST. You’ll learn:

- Guiding principles of security and risk management

- Data breach trends from the last six years

- Nine-step DLP methodology and execution strategy

- Success factors in addressing the web DLP challenge 

While CIOs don’t need to be convinced that data loss protection is important—many are afraid of failure. They have heard horror stories about deployment complexities and operational nightmares. Recent high-profile data breach headlines have also made them question the true value and effectiveness of DLP. Could you blame them? Well, this webinar is designed to give you a road map to DLP success.

Register for the webinar here: http://www.websense.com/content/brighttalk-webcast.aspx

If you have any questions on DLP or the webinar, feel free to post a comment. 

This Sunday at 2:00 a.m. many of us will be moving our clocks ahead one hour to “spring forward” for daylight savings time. We’ve all heard the suggestion that daylight savings is a good reminder to check your smoke detector or carbon monoxide detector batteries. I’d like to add to that—this is a great time of year to remind yourself to change your passwords for your email, social media, banking accounts and mobile phone.

Also, remember to change the passwords of any application or API that plugs into your credentials, like HootSuite, Tweetdeck or Twitpic.

Here are a few guidelines to get your passwords in the most secure shape:

According to several organizations, on February 22, 2012, the National ICT R&D Fund, representing the government of Pakistan, placed an advertisement in the press calling on companies to submit proposals “for the development, deployment and operation of a national level URL Filtering and Blocking System.” 

Broad censorship of the internet by governments, and restricting citizen access runs counter to Websense Policy on Government-Imposed Censorship and the principles of the Global Network Initiative (GNI), which we are an active member of.

Websense will not submit a response to this request for proposal (RFP), and we call on other technology providers to also do the right thing for the citizens of Pakistan and refuse to submit a proposal for this contract. Broad government censorship of citizen access to the internet is morally wrong. We further believe that any company whose products are currently being used for government-imposed censorship should remove their technology so that it is not used in this way by oppressive governments. 

Websense will work with the GNI and other interested parties to continue to pressure our peers to not only refuse this RFP, but to adopt general policies so that they will also refuse to support government-imposed censorship of the internet in the future.