The CyberSecure Canada certification, established by ISED and the CSE, is a voluntary program for SMEs. Drawing from the CCCS’ Baseline Cyber Security Controls for Small and Medium Organizations which were released a few years ago, it outlines some of the steps businesses can take to protect their networks, data and customers.
CIRA is a not-for-profit organization with a goal to build a trusted internet for Canadians. We offer several cybersecurity solutions – including employee training and a DNS firewall – which help cover some of the requirements for the government’s CyberSecure Canada Certification. Here’s what SMBs in Canada should know about this certification program and how CIRA can help protect your organization.
Why should businesses get the CyberSecure Canada certification?
The number one reason to get certified is that following all of the recommendations will help reduce cyber risk in your business. This means more protection against cyber attacks, breaches and hacks that result in downtime, lost revenue, loss of customer trust and data.
A secondary benefit is that certified businesses can proudly share their certification, giving them a competitive advantage which shows their commitment to cybersecurity.
How do businesses get certified?
- Implement 13 security controls
- Apply for certification
- Work with a certification body
More details are available on the CyberSecure Canada webpage.
What are the 13 security controls?
- Develop an incident response plan
- Automatically patch operating systems and applications
- Enable security software
- Securely configure devices
- Use strong user authentication
- Provide employee awareness training
- Backup and encrypt data
- Secure mobility
- Establish basic perimeter defences
- Secure cloud and outsources IT services
- Secure websites
- Implement access control and authorization
- Secure portable media
More details are available on the CCCS website.
How can CIRA help with your CyberSecure Canada certification application?
CIRA offers a couple of cybersecurity services designed by Canadians, for Canadians which fall under two of the security controls required for the CyberSecure Canada certification.
CIRA Cybersecurity Awareness Training – Provide employee awareness training
We’ve partnered with Beauceron Security (based in Fredericton) to deliver a comprehensive employee training platform.
Employees will take engaging courses developed for Canadians (e.g. content mentions Canadian laws like PIPEDA and organizations like the Canadian Anti-Fraud Centre) and receive ongoing training through automated phishing email simulations. IT admins can analyze reports, including aNIST Readiness Report, to determine next steps for processes and tools that will help further reduce cyber risk in their organization.
CIRA DNS Firewall – Establish basic perimeter defences
We offer a DNS Firewall, a great complement and additional layer of protection to your existing firewall.
We’ve partnered with Akamai and others to incorporate threat feeds that block access to malicious websites. And by building our DNS Firewall on a backbone of Canadian nodes, we take our commitment to data sovereignty very seriously.
We’re helping protect millions of users across Canada with our cybersecurity solutions – with over 260 education institutions (representing over 2 million staff and students) using CIRA DNS Firewall and 50 municipalities using our training platform.
Book a meeting with us to learn how CIRA can help you get affordable, enterprise-level cybersecurity services for your organization.