The Canadian Center of Cyber Security earlier this year published an excellent resource named Baseline Cyber Security Controls for Small and Medium Organizations V1.1. The publication is intended for small and medium organizations with recommendations to improve their security posture. This is part of the response to the need expressed in the National Cyber Security Strategy, for the Government of Canada to support small and medium organizations by making cyber security more accessible.

According to the National Cyber Threat Assessment (2018), small and medium organizations are most likely to face cyber threat activity in the form of cybercrime that often has immediate financial or privacy implications. Cyber threat actors target Canadian businesses for their data about customers, partners and suppliers, financial information and payment systems, and proprietary information. Cyber security incidents can also result in reputational damage, productivity loss, intellectual property theft, operational disruptions, and recovery expenses. We believe that organizations can mitigate most cyber threats through awareness and best practices in cyber security and business continuity. This document presents a condensed set of advice, guidance, and security controls on how organizations can get the most out of their cyber security investments.

At Thinknology, we encourage and can help organizations to implement as many of these baseline controls as possible, and we understand that not every organization can implement every control. If the majority of Canadian organizations implement these controls, however, Canada will be more resilient and cyber-secure.