Paul’s Top Ten Cybersecurity Measures
Imagine you are working at a reputable company. One day, you receive an email from what appears to be your company’s reliable IT Department. That email urgently requests you to click on a hyperlink to update your password due to a security breach. That email looks legitimate with your trustworthy company’s logo and proper formatting. What should you do in such a situation? Firstly, do not click on the hyperlink. Instead of clicking on the hyperlink, hover over it to see the actual URL. Quite often, phishing emails have URLs that look similar but are slightly different. Secondly, double-check the sender. Verify the sender’s email address. Phishing emails frequently come from digital addresses that are analogous to legitimate ones but have slight variations. Thirdly, contact directly your company’s dependable IT Department. Use a known contact phone number or email address to validate the so-called urgent request. Do not use any contact information provided in the suspicious email. Fourthly, report the mistrusted email. Duly inform your company’s accountable IT Department about the doubtful email so that they can take appropriate action and warn others. What are the key facts that you should remember from such a true-to-life scenario? Be skeptical. Always be cautious about unsolicited emails, especially those requesting sensitive information. Verify all requests. Double-check any unusual requests by contacting the sender through known and trusted channels. Report suspicious activity. Promptly report any suspicious emails or activities to your company’s IT Department.
For the enlightenment of our Canadian SMEs, the above real-life scenario, describing a workplace phishing attack, has been written within the framework of the Cybersecurity Awareness Month. Celebrated every October, the Cybersecurity Awareness Month is a joint effort by governmental authorities and industry stakeholders to raise awareness about the significance of cybersecurity. Its main objective is to educate people about how to protect their personal data, recognize and avoid cyber threats, and promote safe online practices. Initiated in 2004 by the National Cyber Security Alliance1 and the Cybersecurity & Infrastructure Security Agency2 of the U.S. Department of Homeland Security, and locally adapted across Canada by the Canadian Centre for Cyber Security3, it has grown nowadays into a worldwide initiative encompassing a diversity of events, television and radio talk shows, conferences, advertising campaigns, on-the-job trainings, resources and activities dedicated to foster a sheltered and more secure Internet environment. In a nutshell, the Cybersecurity Awareness Month serves as a global reminder that even our digital lives need appropriate seatbelts and airbags. Within such a framework of the Cybersecurity Awareness Month celebrated every October, we have chosen – amongst other lists – an adaptation of Paul’s Top Ten Cybersecurity Measures and how they can be beneficial to thousands of Canadian SMEs contributing to the economic development of Canada.
What Are Paul’s Top Ten Cybersecurity Measures?
The related explanations, duly verified facts and knowledgeable data describing Paul’s Top Ten Cybersecurity Measures have been synopsized from the four fundamental monographs4,5,6,7 referenced in the footnotes below.
[1] National Cyber Security Alliance (NCSA). https://staysafeonline.org/programs/cybersecurity-awareness-month/
[2] Cybersecurity & Infrastructure Security Agency (CISA). https://www.cisa.gov/cybersecurity-awareness-month
[3] Canadian Centre for Cyber Security (CCCS). https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month
[4] Ravi Jay Gunnoo. Cybersecurity Education Compendium: Harnessing Digital Safety Best Practices Across the World. 1st Edition published in Paperback – Large Print Format and e-Book Version. Publication date: the 18th of September 2024. Publishing Company: Amazon Publishing, Seattle, State of Washington, USA, 728 pages. https://www.amazon.ca/CYBERSECURITY-EDUCATION-COMPENDIUM-Harnessing-Practices/dp/B0DF6NPLFS/
[5] Joseph Steinberg, Kevin Beaver, Ira Winkler & Ted Coombs. Cybersecurity All-in-One for Dummies. Paperback Edition published on the 7th of February 2023. John Wiley & Sons Inc., Hoboken, New Jersey, USA, 720 pages. https://www.wiley.com/en-ca/Cybersecurity+All-in-One+For+Dummies-p-9781394152872
[6] Carl F. Kelley Jr. Cybersecurity 101: Protecting Yourself in a Digital World – Your Personal Guide to Navigating the Digital Threat Landscape. Paperback Edition published on the 31st of July 2024. Staten House Publishing Company, New York City, State of New York, USA, 187 pages. https://www.amazon.ca/Cybersecurity-101-Protecting-Yourself-Digital/dp/B0DD3Y1K2N/
[7] Shawn Walker. Cybersecurity Bible: The Complete Guide to Detect, Prevent and Manage Cyber Threats. Publication date: the 20th of August 2024. Publishing Company: Amazon Publishing, Seattle, State of Washington, USA, 222 pages. https://www.amazon.ca/Cybersecurity-Bible-Complete-Practical-Specialists/dp/B0DDT7XRHX/
1
Cybersecurity Measure 1
Why is it important to install anti-virus or anti-malware software on every desktop computer and mobile devices?
Anti-virus or anti-malware software1 is crucial for several reasons:
- Real-Time Protection: It constantly scans your system for malicious activities, offering immediate detection and response to cyber threats.
- Prevention: It helps to stop malware, viruses, and other malicious software from infecting your computer and other mobile devices in the first place.
- Quarantine: If it does find a cyber threat or suspicious invader, anti-virus or anti-malware software can isolate and remove that cyber threat before it causes damage.
- System Performance: By removing malicious software, it ensures your computer runs smoothly and efficiently.
- Safe Browsing: It can block access to harmful websites and hyperlinks that might attempt to steal your personal information or infect your computers.
- Data Security: It protects sensitive data such as personal information, logging credentials, financial details and business secrets from being compromised.
- Peace of Mind: Knowing that your IT system is safeguarded allows you to use your computers and mobile devices with more confidence.
Anti-virus or anti-malware software can be compared to a digital guardian or protector, standing watch over your IT system to ensure it stays secure and healthy. Consider using Endpoint Protection Platforms (EPP) that provide enhanced functionality beyond basic anti-virus or anti-malware solutions, along with a centralized management view of all your devices. Have you ever had a cybersecurity scare that made you appreciate more the advantages of anti-virus or anti-malware protection?
[1] For further practical knowledge about Anti-Virus or Anti-Malware Software, please see the following reference: IN-SEC-M. The Canadian Cybersecurity Cluster. December 2023 Newsletter – The Evolution of Cybersecurity: From Antivirus to EDR Solutions. https://insecm.ca/en/newsletter/the-evolution-of-cybersecurity-from-antivirus-to-edr-solutions/
2
Cybersecurity Measure 2
Have a patch policy and ensure it is followed so that systems, software, routers, firewalls, etc. are regularly reinforced
What is the importance of having and implementing a patch policy for your IT systems?
Regular patching is essential for multiple motives, some of which are summarized as follows:
- Security: Regularly patching systems, software, routers and firewalls addresses vulnerabilities that could be exploited by cybercriminals. Patches often include fixes for newly discovered cybersecurity flaws.
- Performance: Updates can improve the functionality and performance of your systems, ensuring they run smoothly and proficiently.
- Compliance with Standards: Many industries have regulatory requirements for security, and maintaining a patch policy helps ensure compliance with such standards.
- Stability: Patches can resolve bugs and issues that might cause systems to crash or behave unpredictably.
- Protection Against Novel Cyber Threats: Cyber threats are evolving rapidly. Keeping all systems updated with the latest patches helps protect new forms of viruses, malware and cyber attacks.
- Data Integrity: Data integrity ensures that data remains safeguarded, accurate and uncorrupted, thereby reducing the risk of data loss and data theft.
In essence, the implementation of a patch policy produces the same outcome as regular maintenance for a car: it keeps all components of the vehicle operating safely and smoothly. Have you ever had a system crash because it was not up-to-date?
3
Cybersecurity Measure 3
Use Multi-Factor Authentication (MFA) as much as possible – most email systems and Web accounts offer MFA
How can the use of Multi-Factor Authentication (MFA) be advantageous for Canadian SMEs?
Multi-Factor Authentication (MFA) is like adding multiple locks to your front door. It is a cybersecurity practice that requires users to provide two or more identification before accessing an account or system. Below are some reasons why it is crucial:
- Increased Security: Even if one authentication method (e.g.: password) is compromised, the additional factors add levels/layers of security, making it significantly harder for unauthorized users to gain access.
- Protection Against Phishing: MFA can thwart phishing attacks by requiring not just a password but also something physical that the user has (like a mobile device receiving a code).
- Mitigation for Password Weaknesses: People often reuse passwords or choose weak ones. MFA helps protect accounts even if the password is not strong.
- Conformity with Standards: Many regulations and standards require MFA for certain types of data access, helping organization1 stay compliant.
- Peace of Mind: Knowing that there is an extra layer or level of protection can provide reassurance that your accounts are more protected.
Having and using MFA is like owning a double-check system to ensure that only authorized individuals can access sensitive information or systems. Have you ever had to use MFA and felt more secure because of it?
[1] For the purposes of this newsletter, “organizations” is an umbrella term comprising “companies” & “SMEs” as delineated within the Canada Labour Code (R.S.C., 1985, c. L-2)
4
Cybersecurity Measure 4
Conduct regular cybersecurity training for staff – at least annual cybersecurity training for regular staff and mandatory cybersecurity training for new staff
What is the importance of methodical cybersecurity training for regular and new staff? Abridged below are some motives for which staff cybersecurity training1 is paramount for SMEs across Canada:
- First Line of Defense: Employees are often the first point of contact with potential cyber threats like phishing emails. Cybersecurity training helps them recognize such cyber threats and respond appropriately. Organizing regular phishing simulation exercises is a good way to help train staff on how to identify phishing emails.
- Reducing Human Errors: Human mistakes can lead to security breaches. Educating staff on best practices helps minimize such cybersecurity risks.
- Creating a Cybersecurity Culture: Cybersecurity training fosters an environment where security is a shared responsibility, thereby increasing overall vigilance.
- Agreement with Standards: Many industries require cybersecurity training to meet regulatory standards, avoiding penalties/fine, legal issues and costly court litigation.
- Incident Response: Trained employees can respond quickly and effectively to cyber threats, reducing the impact of potential data breaches.
- Protecting Sensitive Data: Ensuring staff understands how to handle and protect sensitive data helps prevent data leaks, data loss, data theft, as well as unauthorized accesses.
- Building Mutual Trust: Customers feel more confident when they know a company prioritizes cybersecurity.
Basically, well-informed and well-trained staff are like digital bodyguards, fundamental for defending against the ever-evolving landscape of cyber threats. Have you ever experienced a cyber scare at work and how much did it impact you?
[1] For a deeper dive into Cybersecurity Training for Staff, please consult the following reference: IN-SEC-M. The Canadian Cybersecurity Cluster. July 2023 Newsletter – Why Cybersecurity Awareness Training? https://insecm.ca/en/newsletter/why-cybersecurity-awareness-training/
5
Cybersecurity Measure 5
Establish a policy on how to share in a secure manner sensitive information to internal staff and external third parties, and train staff about such a policy
Firstly, why is it imperative to execute a policy specific to information transfer, ensuring all relevant parties are informed? The rules, procedures and agreements for protecting information in transit should align with its classification. According to ISO, when transferring information between an organization and third parties, you must establish and maintain transfer agreements, including recipient authentication, to safeguard information in all forms during transit1. Secondly, why is it a necessity to apply Role-Based Access Control (RBAC) as a way for ensuring least privilege? Implementing a least privilege policy, like Role-Based Access Control (RBAC)2, is imperative for the following reasons:
- Risk Minimization: By limiting access to only what is necessary for a user’s role, you reduce the potential attack surface for cyber threats.
- Insider Threats Prevention: Restricting access helps prevent unauthorized actions by insiders, whether they are intentional or accidental.
- Fulfilment of Standards: Many regulatory frameworks require strict access controls to protect sensitive data.
- Damages Alleviation: If some users’ logging credentials are compromised, the impact is contained to only the resources they have access to.
- Operational Management Efficiency: RBAC streamlines user management by assigning and updating roles rather than individual permissions.
- Audit and Accountability: It is easier to track and audit actions because access is well defined and monitored.
- Cybersecurity Culture: RBAC aligns with cybersecurity best practices, thereby promoting a culture of cybersecurity within an organization.
In a few words, implementing a least privilege policy (Role-Based Access Control – RBAC) is similar to giving your employees keys to the right doors only – thereby ensuring everyone can do their job while keeping everything else locked and secured. Would you give the keys to your house front or back doors to anybody?
[1] ISO – International Organization for Standardization. Headquarters: Geneva, Switzerland. Online Browsing Platform (OBP). Information Security, Cybersecurity and Privacy Protection — Information Security Controls – ISO/IEC (EN) 27002:2022. https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27002:ed-3:v2:en
[2] To dig deeper into least privilege policy (Role-Based Access Control – RBAC), please consider the following reference: IN-SEC-M. The Canadian Cybersecurity Cluster. November 2023 Newsletter – Navigating Roles and Responsibilities in Cybersecurity: A Comprehensive Perspective. https://insecm.ca/en/newsletter/navigating-roles-and-responsibilities-in-cybersecurity-a-comprehensive-perspective/
6
Cybersecurity Measure 6
Make sure that all devices (desktop computers, laptops, tablets, Wi-Fi routers, firewalls, IoT units, cell phones, etc.) are configured for optimum security
What is the significance of ensuring that all devices (desktop computers, laptops, tablets, Wi-Fi routers, firewalls, IoT units, cell phones, etc.) are configured for optimum security? Configuring all devices for optimum security is vital because it generates a holistic defense system. Summarized hereafter are some core reasons:
- Wide-Ranging Protection: All devices (i.e., desktop computers, laptops, tablets, Wi-Fi routers, firewalls, IoT units, cell phones, etc.) can be a potential entry point for cyber threats. Safeguarding all devices guarantees no weak links.
- Data Integrity: Protecting all devices helps to secure the data stored on them from being tampered with or stolen.
- Network Security: Insecure devices can be exploited to launch cyber attacks on other devices within a given network, thereby making network security crucial.
- Privacy and Discretion: Properly secured devices prevent unauthorized access to personal and sensitive information.
- Business Continuity: Ensuring cybersecurity reduces the risk of downtime caused by cyber attacks, thereby guaranteeing that business operations are running and being managed smoothly.
- Adherence with Standards: Optimum security configuration for all devices meets regulatory requirements for data protection and cybersecurity standards.
- Malware Spread Prevention: Adequately configured devices can help prevent the spread of viruses and malware across a given network.
- Safe Connectivity Guarantee: Making sure that computers, laptops, tablets, cell phones, routers, Wi-Fi networks, firewalls, IoT units and cell phones are secured protects all connected devices and the data they respectively transmit.
Optimum security configuration for all devices is equivalent to the fortification of a gigantic castle – every point of entrance, every drawbridge, every gate, every wall, and every watchtower must be secured to protect against invaders. Have you ever had a situation whereby a misconfigured device has caused you trouble?
7
Cybersecurity Measure 7
Ensure that all remote working staff who connect to your organization IT infrastructure are doing so by using a Virtual Private Network (VPN)
Why is it a necessity for all remote working staff to connect to your organization IT infrastructure by using a Virtual Private Network (VPN)? Using a VPN is critical for remote working staff1 because of the following reasons:
- Data Encryption: VPNs encrypt data transmitted between the user’s device and your organization IT infrastructure, thereby protecting sensitive information from being intercepted by cybercriminals.
- Secure Access: A VPN provides a safe connection to your organization IT infrastructure, ensuring that employees can access resources securely, even from potentially insecure environments such as public Wi-Fi.
- Privacy and Discretion: VPNs conceal the users’ IP address, making it harder for third parties to track their online surfing and confidential transactions.
- Bypass Geographical Restrictions: A VPN allows employees to access a company’s network from any location in the world by bypassing any regional and geographical restrictions.
- Consistency: A VPN ensures that all data traffic between remote workers and the company’s network are subject to the same cybersecurity policies as on-site workers.
- Cyber Threats Mitigation: A VPN helps alleviate cyber threats like man-in-the-middle attacks, whereby cyber-attackers could intercept and alter communications between a remote employee and a company.
For example: the cloud computing connection to Software as a Service (SaaS) such as Microsoft 365 or Google Workspace is secured by using cyphered communications channels. When it is used from a protected network such as home Internet protected network, that cloud computing connection is also considered to be safe. Remote working staff who connect to your organization IT infrastructure by using a VPN is like providing a secure tunnel for your data to travel through that tunnel, thereby protecting your data from prying eyes. Have you ever used a VPN before and did you notice the difference it made?
[1] For further practical knowledge revolving around remote working staff and VPN, please see the following reference: IN-SEC-M. The Canadian Cybersecurity Cluster. April 2024 Newsletter – BYOD Workplace Realities: Navigating Across the Ever-Changing Cybersecurity Landscape. https://insecm.ca/en/newsletter/byod-workplace-realities/
8
Cybersecurity Measure 8
Configure DKIM, SPF and DMARC protocols to protect the email system of your SME
To protect the email system of your Canadian SME, why is it significant to configure DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting and Conformance)? Configuring DKIM, SPF and DMARC protocols is significant for protecting the email system of Canadian SMEs because such protocols work together to authenticate and preserve your emails from being tampered with or spoofed. Hereunder is how SPF, DKIM and DMARC protocols contribute to shield your email system:
- SPF (Sender Policy Framework): SPF allows domain owners to specify which email servers are authorized to send emails on behalf of their domain. This helps prevent spammers and scammers from falsifying your domain to send malicious emails.
- DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to your emails, which is verified by the recipient’s email server to ensure that the email has not been altered in transit. This conveniently helps to detect and block emails tampering.
- DMARC (Domain-based Message Authentication, Reporting and Conformance): DMARC builds on SPF and DKIM by providing instructions for receiving email servers on how to handle emails that fail SPF or DKIM checks. It also offers reports on email authentication attempts, thereby helping you monitor and improve your email security.
When they are altogether implemented, the above SPF, DKIM and DMARC protocols – combined with an anti-spam filter – help ensure that your emails are legitimate and trustworthy, hence reducing the risk of phishing attacks, email spoofing, and other email-based cyber threats. Such protocols are like layers of cybersecurity audits to ensure only genuine emails get through the IT infrastructure of your organization. Have you hitherto implemented any of these protocols within your email system?
9
Cybersecurity Measure 9
Be cautious about connecting Internet of Things (IoT) devices to the IT network of your SME
Why is it highly recommended to be cautious about connecting IoT devices to the IT network of your Canadian SME? Connecting without caution IoT1 devices to your IT network is like leaving the windows of your house opened while you are not at home. Hereafter is why you should be careful:
- Security Vulnerabilities: Many IoT devices have weak security protocols, making them easy targets for cyberattacks.
- Data Privacy: IoT devices often collect and transmit personal and confidential data which can be intercepted if not properly safeguarded.
- Network Congestion: Too many IoT devices can strain your SME IT network, causing performance issues and potential disruptions.
- Entry Points for Cyber-Attackers: Each IoT device represents a potential entry point for hackers and scammers to access your SME IT network.
- Lack of Updates: several IoT devices are frequently not updated regularly, leaving them defenceless to known vulnerabilities exploits.
- IoT Devices Control: If compromised, cyber-attackers could take control of IoT devices, leading to unauthorized actions and breaches within your SME IT infrastructure.
- Proactive Cybersecurity: Be circumspect of connecting IoT devices to your SME network. Only connect IoT units from tier ones that are reputable, trusted vendors who prioritize cybersecurity. Enable automatic updates and change default passwords immediately.
By the end of the day, it is all about ensuring that these smart technological gadgets do not become an Achilles’ heel within your digital fortress. Have you ever worried about an insecure IoT device connected to your Canadian SME IT network?
[1] For a deeper dive into IoT Devices, Vulnerabilities Exploits and SMEs IT Network, please consider the following reference: IN-SEC-M. The Canadian Cybersecurity Cluster. July 2024 Newsletter – Vulnerabilities Exploits Troubling Realities: Precautionary Measures for Securing Your Business Operations. https://insecm.ca/en/newsletter/vulnerabilities-exploits-troubling-realities/
10
Cybersecurity Measure 10
Implement an Automated Backup Process (ABP) to strengthen the safety of your SME
How and in what ways is the implementation of an Automated Backup Process (ABP) beneficial for the digital safety of your SME? An ABP process safeguarding your SME is indispensable for the reasons shortened below:
- Data Protection: ABP ensures all essential business data are securely backed up and can be restored in the event of a cyber attack, data loss or data theft.
- Business Operations Continuity: ABP helps you maintain business operations without significant downtime if data is lost or stolen due to a cyberattack, hardware failure, or human error.
- Cost Efficiency: Automating data backups reduces the need for manual intervention, thus saving time and resources that can be better allocated elsewhere.
- Execution of Standards: ABP meets legal and regulatory requirements for data protection, thereby helping to avoid penalties, legal challenges, and litigation court proceedings.
- Recovery from Ransomware: ABP provides you a way to recover sensitive data without paying ransoms if your SME is hit by a ransomware attack.
- Protection of Customer Trust: ABP demonstrates to customers that their personal data is secure and well managed, thereby maintaining trust and credibility.
- Data Accommodation Scalability: As your business operations grow, complete automated backups can easily scale to accommodate more data without needing more significant changes to the process.
Think of comprehensive automated backup process as having an all-embracing insurance coverage or large-scale safety net that ensures your organization can easily bounce back from any data disaster. Remember to test your data backups regularly to ensure they are complete and that the ABP is properly configured. As an entrepreneur, you ever faced data loss at your SME because you did not implement proper backups?
Conclusion
Dedicated to the Cybersecurity Awareness Month, we have circumscribed – as concisely as possible – Paul’s Top Ten Cybersecurity Measures through the pages of our October 2024 Newsletter. In actual fact, why is cybersecurity of great magnitude when it comes down to the daily operations of SMEs across the vast territorial expanse of Canada? Amongst multifarious reasons, summarized hereafter are ten specific motives1,2,3 why cybersecurity is a must for Canadian SMEs.
Motive 1: Safeguard of Sensitive Data. SMEs doing business across all ten provinces and three territories of Canada manage personal, confidential, financial and proprietary data – making them attractive targets for cybercriminals. Adequate cybersecurity practices protect such sensitive information.
Motive 2: Avoidance of Financial Loss. Cyber-incidents can lead to monumental financial losses, involving expenses for recovery, regulatory penalties/fines, customers’ distrust and lost of business. Strong cybersecurity procedures do help in the alleviation of these damaging risks.
Motive 3: Conservation of Business Endurance. Well-organized cybersecurity ensures that Canadian SMEs can continue to operate smoothly even when they are confronted with cyber threats – thereby decreasing business activities stoppage and disruptions.
Motive 4: Building of Invaluable Customer Trust. Whoever they are and wherever they are located in Canada, all clients trust SMEs that take cybersecurity seriously. Protecting clients’ valued data promotes trust and loyalty which are vital for business growth.
Motive 5: Fulfillment of Regulatory Protocols. Many industries formulate particular regulatory standards regarding sensitive data protection. A forceful and all-inclusive cybersecurity culture helps SMEs avoid legal issues, penalties and costly court litigation by complying with these regulations.
Motive 6: Protection of SMEs Reputation. Whatever its scope, a cybersecurity breach has the potential of damaging your SME’s reputation. By applying conscientious cybernetic processes, you can assuredly assist yourself in protecting your highly esteemed brand image.
Motive 7: Prevention of Intellectual Property Theft. Intellectual Property encompasses elemental creations of the human mind such as literary and artistic works, inventions, designs, symbols, brand names and images extensively used in commerce. Intellectual Property is protected by law – for example: patents, copyrights and trademarks – which enable people to earn recognition or financial benefits from what they invent, design or create. By putting into practice well-established cybersecurity habits, Canadian SMEs can proactively protect their ideas, inventions, blueprints, concepts, products and innovations from theft and stay competitive in the market.
Motive 8: Decrease of Insider Threats Risks. Vigorous cybersecurity measures are helpful in counteracting both accidental (i.e., non-intentional and not premeditated) and malicious (i.e., intentional and premeditated) insider threats from affecting your day-to-day business endeavors.
Motive 9: Defence Shield Against Ransomwares. Unfortunately, SMEs around the world are often nowadays cash cows for ransomware attacks. There is not one single day during which a ransomware attack does not make the news headlines in any geographical regions of the world. Consistent and unyielding cybersecurity practices can foil such cyber-attacks and, consequently, minimize their impacts.
Motive 10: Logistical Support for Growth and Expansion. Thanks to secure cybersecurity systems in place and unrelented best cybersecurity practices, SMEs all across Canada can confidently expand their business operations, adopt and deploy new technologies, and explore new local, regional and international markets. To sum up, in our day and age of ever-changing digital realities, putting into practice strong cybersecurity measures is like armouring yourself with a sturdy defence shield guaranteeing your SMEs throughout Canada remain resilient and thriving.
[1] Patrick Acheampong. CyberSafe: How to Protect Your Online Life – A Simple Guide for Individuals and SMEs. Paperback Edition published on the 14th of July 2018. ACM Digital Library, South Carolina, USA, 296 pages. https://www.acm.org/publications/digital-library/cybersafe+how-protect-online-life+simple-guide-smes/
[2] Ignitia Motjolopane et al. Business Models and Innovative Technologies for SMEs. 1st Paperback Edition published on the 21st of December 2023. Bentham Science Publishers Pte. Ltd., Singapore, 265 pages. https://www.eurekaselect.com/business-models-innovative-technologies-SMEs
[3] IN-SEC-M. The Canadian Cybersecurity Cluster. November 2022 Newsletter – Ransomware: A Threat to Your Organization. https://insecm.ca/en/newsletter/ransomware-a-threat-to-your-organizations/
Resources and Bibliographical References
National Cyber Security Alliance (NCSA). https://staysafeonline.org/programs/cybersecurity-awareness-month/
Cybersecurity & Infrastructure Security Agency (CISA). https://www.cisa.gov/cybersecurity-awareness-month
Canadian Centre for Cyber Security (CCCS). https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month
Ravi Jay Gunnoo. Cybersecurity Education Compendium: Harnessing Digital Safety Best Practices Across the World. 1st Edition published in Paperback – Large Print Format and e-Book Version. Publication date: 18th of September 2024. Publishing Company: Amazon Publishing, Seattle, State of Washington, USA, 728 pages. https://www.amazon.ca/CYBERSECURITY-EDUCATION-COMPENDIUM-Harnessing-Practices/dp/B0DF6NPLFS/
Joseph Steinberg, Kevin Beaver, Ira Winkler & Ted Coombs. Cybersecurity All-in-One for Dummies. Paperback Edition published on the 7th of February 2023. John Wiley & Sons Inc., Hoboken, New Jersey, USA, 720 pages. https://www.wiley.com/en-ca/Cybersecurity+All-in-One+For+Dummies-p-9781394152872
Carl F. Kelley Jr. Cybersecurity 101: Protecting Yourself in a Digital World – Your Personal Guide to Navigating the Digital Threat Landscape. Paperback Edition published on the 31st of July 2024. Staten House Publishing Company, New York City, State of New York, USA, 187 pages. https://www.amazon.ca/Cybersecurity-101-Protecting-Yourself-Digital/dp/B0DD3Y1K2N/
Shawn Walker. Cybersecurity Bible: The Complete Guide to Detect, Prevent and Manage Cyber Threats. Publication date: the 20th of August 2024. Publishing Company: Amazon Publishing, Seattle, State of Washington, USA, 222 pages. https://www.amazon.ca/Cybersecurity-Bible-Complete-Practical-Specialists/dp/B0DDT7XRHX/
ISO – International Organization for Standardization. Headquarters: Geneva, Switzerland. Online Browsing Platform (OBP) Information Security, Cybersecurity and Privacy Protection — Information Security Controls – ISO/IEC (EN) 27002:2022. https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27002:ed-3:v2:en
From IN-SEC-M Website:
- December 2023 Newsletter – The Evolution of Cybersecurity: From Antivirus to Endpoint Detection Response (EDR) Solutions. https://insecm.ca/en/newsletter/the-evolution-of-cybersecurity-from-antivirus-to-edr-solutions/
- July 2023 Newsletter – Why Cybersecurity Awareness Training? https://insecm.ca/en/newsletter/why-cybersecurity-awareness-training/
- November 2023 Newsletter – Navigating Roles and Responsibilities in Cybersecurity: A Comprehensive Perspective. https://insecm.ca/en/newsletter/navigating-roles-and-responsibilities-in-cybersecurity-a-comprehensive-perspective/
- April 2024 Newsletter – BYOD Workplace Realities: Navigating Across the Ever-Changing Cybersecurity Landscape. https://insecm.ca/en/newsletter/byod-workplace-realities/
- July 2024 Newsletter – Vulnerabilities Exploits Troubling Realities: Precautionary Measures for Securing Your Business Operations. https://insecm.ca/en/newsletter/vulnerabilities-exploits-troubling-realities/
- November 2022 Newsletter – Ransomware: A Threat to Your Organization. https://insecm.ca/en/newsletter/ransomware-a-threat-to-your-organizations/
Patrick Acheampong. CyberSafe: How to Protect Your Online Life – A Simple Guide for Individuals and SMEs. Paperback Edition published on the 14th of July 2018. ACM Digital Library, South Carolina, USA, 296 pages. https://www.acm.org/publications/digital-library/cybersafe+how-protect-online-life+simple-guide-smes/
Ignitia Motjolopane et al. Business Models and Innovative Technologies for SMEs. 1st Paperback Edition published on the 21st of December 2023. Bentham Science Publishers Pte. Ltd., Singapore, 265 pages. https://www.eurekaselect.com/business-models-innovative-technologies-SMEs
Contributions
Special thanks for the financial support of the National Research Council Canada and its Industrial Research Assistance Program (IRAP).
Executive Editor: Alan Bernardi,
Professional Writer & Certified Translator-Reviser: Ravi Jay Gunnoo (C.P.T. ISO 17100)