CyberSecure Canada - What Is It & Why Should You Consider It?

16.09.22 03:24 PM By renee.foster
Nearly a quarter of businesses have experienced cyber attacks since March 2020, with 5% overall saying the attack against them was successful. Relative to the whole economy, this means that about 61,000 small and medium-sized organizations were victims of cyber fraud. (Report by the Canadian Federation of Independent Business). That is why the Government of Canada has established CyberSecure Canada, a certification program that helps Canadian organizations protect themselves against cyber threats. CyberSecure Canada Certification is Canada’s only government-backed cyber security program for organizations. 

So, what exactly does CyberSecure Canada Certification require? It requires that organizations implement 13 baseline security controls that were established by the Canadian Centre for Cyber Security. These controls are what help organizations reduce the risk of cyber security incidents and data breaches.

Here’s a quick overview of the controls:

•Develop an Incident Response Plan
•Automatically Patch Operating Systems and Applications
•Enable Security Software
•Securely Configure Devices
•Use Strong User Authentication
•Provide Employee Awareness Training
•Backup and Encrypt Data
•Secure Mobility
•Establish Basic Perimeter Defences
•Secure Cloud and Outsourced IT Services
•Secure Websites
•Implement Access Control and Authorization
•Secure Portable Media

Each control has specific requirements that the organization will have to provide policy and evidence for. CyberSecure Canada Certification is a virtually audited standard, so it is important that you include all requirements for each control and that it’s clear and concise in order to pass.

Once you are certified, it is valid for two years. At the one-year mark you will have a review meeting with an auditor to ensure policies and certification is being kept up to date. After two years you can go through the certification process again.

Cyber Security Canada is an accredited certification body for the CyberSecure Canada Program, and we also have a separate division for consultants who can work with you every step of the way through the certification process. If interested in starting the process or if you have any questions, contact us at [email protected]