The federal government has officially launched CyberSecure Canada, a cybersecurity certification program for small and medium-sized organizations.
The spread of COVID-19 has led to a global shift towards doing business online and remote working. As a result, cyber attacks are more common than ever before and organizations of all sizes and any industry are being targeted. Without a proactive risk management strategy and the necessary policies, procedures and protocols in place, the aftermath of a cyber attack can be catastrophic. According to the latest Ponemon Institute Cost of a Data Breach Report, the average cost of a data breach in Canada is now $6.35 million CAD.
The CyberSecure Canada certification program is designed to help organizations assess their cybersecurity risks and implement measures and controls to protect their sensitive data while minimizing the potential impact of a data breach.
To begin, you can access free e-learning modules to help you and your employees:
- identify cybersecurity risks and threats
- identify and implement the most appropriate cybersecurity best practices for their business
- define opportunities to improve and manage their cybersecurity and resilience
To obtain certification, you must implement the following 13 cybersecurity controls:
- Develop an incident response plan.
- Automatically patch operating systems and applications.
- Enable security software.
- Securely configure devices.
- Use strong user authentication.
- Provide employee awareness training.
- Backup and encrypt data.
- Secure mobility.
- Establish basic perimetre defences.
- Secure cloud and outsourced IT services.
- Secure websites.
- Implement access control and authorization.
- Secure portable media.
See the Canadian Centre for Cyber Security website for more thorough explanations of each control.
The pilot phase of CyberSecure Canada launched in August 2019. The federal government has now officially launched the program with a web portal that connects organizations to accredited certification bodies to conduct an audit. Upon passing the audit, your organization can be registered as CyberSecure certified with Innovation, Science and Economic Development Canada and you can begin using the CybersSecure Canada logo. Certifications will be valid for two years, after which the organization must apply for recertification.
Being certified also indicates to customers, investors, partners and suppliers that you take the safety of personal and sensitive data seriously. Visit the CyberSecure Canada website to learn more.
For information and resources on cyber liability insurance and risk management, contact a CapriCMW Risk Advisor.