Earlier this week, the federal government launched the CyberSecure Canada program for small and medium sized enterprises (SMEs) with under 499 employees to demonstrate that they meet minimum cybersecurity standards.

To be certified, an organization must implement security controls in the following 13 areas, as outlined in the Baseline Cyber Security Controls for Small and Medium Organizations:

  • Develop an incident response plan
  • Automatic patches
  • Essential security software
  • Secure configuration of devices
  • Strong user authentication
  • Cybersecurity awareness training
  • Backup and encrypt data
  • Mobile security
  • Establish basic perimeter defences
  • Secure cloud and outsourced IT services
  • Secure website(s)
  • Implement access control and authorization
  • Secure portable media/storage (USBs) devices

 

{

71% of data breaches happen to small businesses and nearly half of all small businesses have been the victim of a cyberattack.

⁠—StaySafeOnline.org

Section 2 of the guide outlines a series of organizational controls that must first be assessed. It is recommended that all organizations:

  • Make a list of all technology assets (whether owned or contracted)
  • Know the value of their information systems and the scale of risk of injury to information systems and/or data
  • Know their cyber security threat level
  • Know the cost of IT and have in place someone in a leadership role overseeing IT security

These guidelines and the new certification program are a direct government response to the alarming rates of cybercrime in all sectors and echoes broader concerns around the level of resilience and security of SMEs in Canada.

Over and over again we meet with leaders of SMEs on Vancouver Island who undervalue technology and cut corners when it comes to their cybersecurity investment. On the other hand, we get the opportunity to work with and strengthen the technology of so many outstanding business leaders in our community. Our motive is to lessen the gap between mediocre technology and great IT. 

If you are concerned about the baseline cybersecurity controls at your business or organization, please contact us to arrange a meeting.