Cyber attacks can have a serious impact on small and medium-sized enterprises (SMEs). In addition to financial losses and reduced operations, victims of cyberattacks often experience a trust crisis from clients and employees. Since 2019, the CyberSecure Canada program supports SMEs that want to improve their cybersecurity practises and protect themselves from current threats. After completing the process, they receive a recognized certification that not only gives them peace of mind, but also a competitive advantage beyond borders.
13 criteria for certification
The federal certification program is the result of a collaboration between Innovation, Science and Economic Development Canada and Communications Security Establishment. Basically, the program offers measures adapted to the reality of companies with fewer than 500 employees. All of this is in line with Canada’s National Cyber Security Strategy.
In order to be certified, companies must apply 13 safety controls developed by the Canadian Centre for Cyber Security, which allow for solid foundations.
- Develop an incident response plan;
- Automatically patch operating systems and applications;
- Configure devices for security;
- Enable security software;
- Use strong authentication;
- Provide employees with awareness training;
- Backup and secure data;
- Secure mobility;
- Establish basic perimeter defences;
- Secure cloud and outsourced services;
- Secure websites;
- Implement access control and authorization;
- Secure portable media.
Once the 13 criteria implemented, the company can submit its formal certification application. It is strongly recommended to work with an accredited certification body, such as Bulletproof Solutions, Cyber Security Canada, SourcetekIT and WatSec Cyber Risk Management. They will ensure that the company meets the criteria and will assess the implementation of safety controls and the costs associated with obtaining certification. Certification is valid for two years and can be renewed if the company continues to meet the criteria.
The Cyber Secure program is part of Canada’s desire to create a climate of digital trust, including strengthening the cybersecurity of SMEs, promoting the application of international standards, and helping companies stand out from the crowd through the adoption of best practices.