The Canadian government quietly launched CyberSecure Canada, a national cybersecurity certification for small and mid-sized companies. This program is a huge step toward securing Canada from cyber threats – it is a pity more business leaders do not know about it.
CyberSecure Canada is the only federal program that certifies that your business is taking the necessary steps to protect against cyber threats. This program is designed for companies with less than 500 employees and is the successor to CyberEssentials out of New Brunswick.
It is not easy, and that is a good thing. There is too much snake oil in the cybersecurity industry, so take comfort that this is legit. CyberSecure certification is not as onerous as a SOC2 Type II audit, but you will have to work for it.
To get certified, you will first want to put in thirteen controls published by the Canadian Centre for Cyber Security. Then apply for certification at canada.ca/cybersecure. Finally, you will work with an accredited certification body that audits your organization. Once you are certified, you can proudly display your certificate for two years.
The cost to get CyberSecure Canada certified will depend on your needs. Typically, you will need to pay a few hundred dollars for registration and then you will need to pay for the audit. Therefore, check with a few certification bodies listed at canada.ca/cybersecure. Feel free to reach out to F12.net; we are happy to share our experience getting CyberSecure Canada certified.
The COVID-19 pandemic overtook the program launch. Still, it is disappointing this has not received the awareness campaigns or public outreach it deserves. Since ransomware, funds transfer fraud, and digital theft is running amok across Canada, what a shame that this excellent program is hidden under a bushel.