CyberSecure is a federal program designed to help small- and medium-sized businesses (SMBs) develop their cybersecurity. Unveiled in August 2019, it has allowed SMBs to protect themselves from the growing number of cyber threats. Companies may seek certification through the federal program, provided that they meet certain minimum requirements.
What is a CyberSecure Canada Certification?
The CyberSecure Canada certification is a voluntary program that outlines the steps that businesses can take to protect themselves against cyberattack. Organizations that don’t take the appropriate steps to guard against cyberattack endanger their consumer data, intellectual property, and more.
Cyberattacks can severely damage a business by disrupting their operations, stealing data, and inflicting damage upon their reputation. With businesses storing more and more of their data online, the potential for serious harm only increases.
The CyberSecure Canada certification instructs businesses on how to keep their networks, sensitive data, and customers safe and minimize the risks posed by cyberattacks.
Why Did EC Managed IT Get the CyberSecure Canada Certification?
As a leading Vancouver managed it services provider, EC Managed IT makes protecting the sensitive data of our customers our number one priority. Obtaining the CyberSecure certification is one of the best ways of demonstrating our commitment to protecting current and future customers from all cyber threats.
Trust is a crucial part of what we do. If you can’t trust your IT specialists, then you need to consider why you are working with them. At EC Managed IT, your trust is everything to us, and becoming certified is your guarantee that we are keeping you safe.
Canadians At Risk of Cyber Attacks
Virtually anyone with an online presence faces some risk of cyberattack, but cyber criminals have become adept at targeting businesses. In 2019, more than one-fifth of Canadian businesses reported that they had been impacted by cyber security incidents. These incidents can include attempts to steal information, demands for ransom payments, and more. In other cases, the motives remained unknown.
In May of this year, Ikea confirmed that they had suffered an internal security breach in which the personal information of at least 95,000 Canadians was made vulnerable, requiring the company to notify the customers who were impacted and take prompt action to prevent the use or sharing of the data with any third parties.
An even worse privacy breach took place in June 2019, though it took nearly two years to be noticed. Financial services firm Desjardins suffered the breach when an employee stole personal information regarding customers, including the customers’ names, dates of birth, social insurance numbers, emails, phone numbers, home addresses, and transaction histories. Desjardins only became aware of the breach when they were notified by the federal Privacy Commissioner. In all, the data of 9.7 million Desjardins users was compromised. The result was a $200.9M settlement of a class-action lawsuit against the firm.
Bell Canada suffered multiple attacks, announcing in May of 2017 that the data affected included almost 1.9 million customer email addresses, along with 1,700 names and phone numbers. Eight months later, Bell reported another breach affecting up to 100,000 customers.
The average cost of a data breach to Canadian firms is now $7 million. Because of attacks like these, Canadian businesses reported spending more than $10 billion on cyber security in 2021, and awareness training has become an important part of employee training.
Who Needs Cyber Security?
Data has shown that every industry has some vulnerabilities, and all are potentially at risk. A major mistake of too many businesses is thinking that they would never be targeted. Virtually every organization could find ways to increase their security and should do so.
There are certain industries, however, that have a higher risk profile. These include:
Business
This is a broad category, representing many types of companies, such as those in retail/ e-commerce. These companies may find themselves vulnerable through supply chain networking and omnichannel access. While larger brands may be equipped to deal with cyberattacks, small- and mid-sized ones might lack the necessary resources for proper security, or in some cases, may simply not prioritize it.
In many cases, these businesses require greater network security to keep their assets safe.
Healthcare/Medical
The healthcare/medical industry is a common target for cyberattack because it is very information intensive. Healthcare records contain extensive personal information that needs to be kept secure and well optimized. Hospitals can benefit greatly from managed IT services that can help optimize the patient information database, perform preventative maintenance, provide 24/7 emergency services, and more.
Education
Educational institutions may not appear to be prime targets for cyberattacks, but they sometimes fall victim to those seeking to steal intellectual property, research, or student and employee information. Hackers may also try to access their computer processing power.
Losing important research data or having it held for ransom could be extremely damaging. With appropriate data protection, information is backed up and kept available in case of emergency.
The Certification Process for CyberSecure Canada
In order to be certified by CyberSecure Canada, candidates must perform the following:
Familiarize Yourself with the Requirement
You can learn more about the program by using the free tools developed by Innovation, Science and Economic Development Canada (ISED) and the Cyber Centre.
Start the Certification Application
You can do this by contacting CyberSecurity Canada. Select CyberSecurity Canada as your certification body.
Implement Security Controls
You can have a Gap Analysis performed by CyberSecurity Canada to determine a business’ current level of cyber security. This will reveal which controls need to be added or improved prior to the certification audit.
Submit Completed Documentation
Once information is submitted to CyberSecurity Canada, it will undergo a conformity assessment.
Receive Certification
Provided the organization has successfully implemented and documented the necessary controls, they will be awarded certification.
Certification is Valid for 2 years
After this period, the organization will need to recertify.
Be aware that in January 2023, there will be an update to program requirements.
FAQ
Here are some frequently asked questions about the CyberSecure Canada Certification
How can I get into Cyber Security in Canada?
You start by completing a diploma or degree program at university or college. This will teach you about cyber security measures, designing network infrastructures, providing support for computer systems, and how to stop hackers.
Which certification is best for Cyber Security beginners?
Some of the best IT security certifications include:
- CompTIA Security+
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Certified Cloud Security Professional (CCSP)
Why is there Cyber Security in Canada?
Cyber security is in demand with the number of jobs available growing each year. With Canadian businesses spending more than $10 billion each year on cyber security, there are many positions available for cyber security specialists.
What is baselining in Cyber Security?
In cyber security, baselining refers to a method of assessing a network’s performance. It is important to anomaly detection and behaviour analysis.
What kind of Cyber Security training can Canadians take?
There are many types of cyber security training available to Canadians, including EC-Council Certified Security Analyst (ESCA), Certified SOC Analyst (CSA), Certified Ethical Hacker (CEH), and many more.