Canada gained a strong cybersecurity advocate last year with the creation of The Canadian Centre for Cyber Security (CCCS). Announced as part of the 2018 Federal Budget, the CCCS helps organizations in Canada by sharing the latest threats, providing valuable resources, and promoting cybersecurity best practices.
Recently, the Centre unveiled a new report, Baseline Cyber Security Controls for Small and Medium Organizations, in which it outlines some of the steps businesses can take to protect their networks, data and customers.
Their recommendations provide guidance on everything from recommended spending, incident response, patching, admin rights, authentication, mobility and perimeter defences. The good news is that this approach is manageable by most small businesses without a huge investment in time or money. It also serves as a great checklist for managed service providers (MSPs) and others that serve the small business market.
While the report is exhaustive and covers everything from training to response management, here are a few of their minimum security recommendations for the perimeter:
- A dedicated firewall between corporate network and internet.
- A DNS firewall to protect outbound traffic from accessing malware (i.e. through clickbait).
- Activate software firewalls on devices.
- Secure authenticated connectivity to corporate network and VPN with two-factor authentication for remote users.
- Only use secure Wi-Fi.
- Never connect to public Wi-Fi.
- Follow PCI DSS standards (for those using PoS terminals) to isolate payment systems from the internet.
- Implement DMARC on email services.
While we may be biased here at CIRA, we were pleased to see the CCCS come out strongly in favour of a DNS firewall. How common is DNS firewall usage today? We recently polled more than 2,000 of our .CA domain registrants in an opt-in survey and found that while 40 per cent use a third-party DNS of some sort (mainly for privacy), only about 10 per cent identified using it for security purposes.
Moreover, in a recent article on DNS traffic on the internet we see that only about 15 per cent appears to come from a third-party DNS provider, and of that, 13 per cent is from Google's 22.214.171.124. service which provides no malware protection.
So why does this matter? Well, in addition to privacy concerns, the DNS layer is very effective at helping business owners and IT managers keep malware and ransomware at bay. And if privacy is a concern, CIRA is the only provider of a DNS firewall that is architected to help keep DNS traffic exclusively in Canada and any information (for cybersecurity analysis) stored on Canadian servers.
By building D-Zone DNS Firewall on a backbone of Canadian nodes, we take our commitment to data sovereignty very seriously. It is great to see the Canadian Center for Cyber Security also standing up for Canadian businesses and providing them with another ally against cyber criminals. Well done!