On August 12, 2019, the Government of Canada launched CyberSecure Canada, a cybersecurity certification program targeted to small and mid-sized businesses.
Cyber attacks are more common than ever before and organizations of all sizes and across all industries can be targets. Although we generally only hear of high profile cases where data is stolen from large, multinational enterprises affecting millions of people, small and mid-sized companies are being targeted more frequently due to a lack of resources available for cybersecurity. Without a proactive risk management strategy and essential policies, procedures and protocols in place, the aftermath of a cyber attack can be catastrophic. According to the latest Ponemon Institute Cost of a Data Breach Report, the average cost of a data breach in Canada is now $5.8 million CAD. Could your business withstand the impact?
CyberSecure Canada is a certification program designed to make cybersecurity more accessible to SMEs. To begin, you can access free e-learning modules to help you and your employees:
- identify cybersecurity risks and threats
- identify and implement the most appropriate cybersecurity best practices for their business
- define opportunities to improve and manage their cybersecurity and resilience
To obtain certification, your business must implement the following 13 cybersecurity controls:
- Develop an incident response plan.
- Automatically patch operating systems and applications.
- Enable security software.
- Securely configure devices.
- Use strong user authentication.
- Provide employee awareness training.
- Backup and encrypt data.
- Secure mobility.
- Establish basic perimetre defences.
- Secure cloud and outsourced IT services.
- Secure websites.
- Implement access control and authorization.
- Secure portable media.
See the Canadian Centre for Cyber Security website for more thorough explanations of each control.
You can then select from a list of accredited Certification Bodies to conduct an audit. Once the company passes the audit, it will be registered as CyberSecure certified with Innovation, Science and Economic Development Canada and you can begin using the CybersSecure Canada logo. Certifications will be valid for two years, after which the organization must apply for recertification. Although targeted towards SMEs with up to 499 employees, the program is open to organizations of all sizes and for both for-profit and non-profit organizations.
In addition to helping your business and employees reduce the potential for cyber attacks and breaches, being certified also indicates to customers, investors, partners and suppliers that your business takes the safety of personal and sensitive data seriously. Visit the CyberSecure Canada website to learn more about the certification program and access the free e-learning tools.
For information and resources on cyber liability insurance and risk management, contact a CapriCMW Risk Advisor.