How can I protect my business?

From: Innovation, Science and Economic Development Canada

What can I do to minimize cyber threats?

In todays continuously evolving cyber environment it is difficult for businesses to completely protect themselves against all cyber threats. However, recommended security controls are available to improve your businesses ability to minimize a cyber threat.

A more detailed explanation of each of these security controls can be found on the Canadian Centre for Cyber Security Website.

Business owners and their employees can become more cyber aware by completing the free online e-learning modules. These modules provide businesses with the knowledge and resources to:

What products and services are available to help my business become cyber secure?

Free e-learning tools

Business owners and their employees have access to free online e-learning modules. These modules provide them with the knowledge and resources to:

CyberSecure Canada certification

Your business can become certified through a Certification Body that evaluates your implementation of the security controls using audit criteria developed in collaboration with our partners.

If implementing all the cybersecurity controls is not currently feasible for your business, any improvements you can make for your cybersecurity will help minimize your risk of cyber threats.

Additional Resources

You can access the Get Cyber Safe program developed by Public Safety and Emergency Preparedness to improve your cybersecurity knowledge or you can go the National Institute of Standards and Technology (NIST) webpage. NIST is an agency of the United States Department of Commerce has developed a Small Business Cybersecurity Corner that provides users with information about cybersecurity basics and guides for small business owners on cyber security.

Eligibility

CyberSecure Canada is targeted at small- to medium-sized businesses (maximum of 499 employees) owned and operated within Canada. However, all for-profit and not-for-profit organizations are eligible to apply for certification.

For larger companies with operations and supply chains that are more complex or those that operate in sectors such as aerospace or defence, they may require more specialized cyber protection. Depending, on your businesses level of risk and the complexity of the business, may want to consider extra precautions are necessary.

How can I get started if I want to make my business cyber secure?

1. Use e-learning tools

Free online e-learning modules are available to help business owners and employees learn about cybersecurity risks and threats, and how to be more cyber secure.

2. Start certification application

You can go to the Get Certified page to find more information on how to particpate.

3. Select a certification body

A list of accredited Certification Bodies will be available on the Certification Bodies webpage.

Your selected Certification Body will evaluate your implementation of the security controls based on the audit criteria (a checklist to evaluate your implementation of the security controls).

4. Implement security controls

You must implement all 13 security controls.

5. Audit by Certification Body

Your selected Certification Body will evaluate your business's implementation of the security controls using the audit criteria (a checklist to evaluate your implementation of the security controls).

After the evaluation there are two options:

  1. Your business is declared certified by completing the audit process.
  2. Your business does not complete the audit process and therefore requires continued improvements to your cyber security, more information will be provided to you by your certification body.

6. Certification

Innovation, Science and Economic Development Canada will register that your business is certified and provide you with a package of promotional materials.

7. Share your certification

Once certified you can promote your business as cyber certified to your customers, investors, supplies and partners by using the promotional materials on your website, business cards, store front etc.

Learn more about the CyberSecure Canada certification mark on the What is the CyberSecure Canada certification mark webpage.

8. Recertify

Due to the continuously evolving nature of cybersecurity, your business will need to recertify after a specified period.

Our partners

ISED has engaged with other federal departments, including the Canadian Centre for Cyber Security, the technical expert, in the development of the security controls, and the Standards Council of Canada (SCC), the expert on National Standards and the sole accreditation body in Canada, in the development of a National Standard of Canada for certification.

Date modified: