What is CyberSecure Canada, and why is it a secret?
The Canadian government quietly launched CyberSecure Canada, a national cybersecurity certification for small and mid-sized companies. This program is a huge step toward securing Canada from cyber threats – it is a pity more business leaders do not know about it.
What is the CyberSecure Canada Certification?
CyberSecure Canada is the only federal program that certifies that your business is taking the necessary steps to protect against cyber threats. This program is designed for companies with less than 500 employees and is the successor to CyberEssentials out of New Brunswick.
Why get CyberSecure Canada certified?
- Protect your business from disaster
- Prove to yourself that your security is adequate
- Show others that you are not risky
- Lower your cyber insurance premiums
- Qualify to bid for business opportunities
Is it hard to get certified?
It is not easy, and that is a good thing. There is too much snake oil in the cybersecurity industry, so take comfort that this is legit. CyberSecure certification is not as onerous as a SOC2 Type II audit, but you will have to work for it.
To get certified, you will first want to put in thirteen controls published by the Canadian Centre for Cyber Security. Then apply for certification at canada.ca/cybersecure. Finally, you will work with an accredited certification body that audits your organization. Once you are certified, you can proudly display your certificate for two years.
What are the 13 Security Controls?
- Incident response plan – how you plan to recover from a cyber attack
- Automatic patching – your software patch management
- Device configuration – how you securely configure your devices
- Security software – the agents you install and monitor
- Authentication – your multi-factor authentication controls
- Training – your ongoing team education on cybersecurity
- Data Protection – your backup and data encryption
- Mobility – controls to secure mobile devices
- Perimeter – firewall defences at connections into your network
- Outsourced IT services – the security posture of your IT partners
- Websites – the security of your website
- Access controls – limitations you place on access to data and services
- Portable storage – the security, encryption, and disposal of your storage media
How much does it cost?
The cost to get CyberSecure Canada certified will depend on your needs. Typically, you will need to pay a few hundred dollars for registration and then you will need to pay for the audit. Therefore, check with a few certification bodies listed at canada.ca/cybersecure. Feel free to reach out to F12.net; we are happy to share our experience getting CyberSecure Canada certified.
Why is this a secret?
The COVID-19 pandemic overtook the program launch. Still, it is disappointing this has not received the awareness campaigns or public outreach it deserves. Since ransomware, funds transfer fraud, and digital theft is running amok across Canada, what a shame that this excellent program is hidden under a bushel.