The Canadian government recently announced the CyberSecure Canada Certification Program. This program was designed “to raise the cyber security baseline among Canadian small and medium-sized enterprises (SMEs), increase consumer confidence in the digital economy, promote international standardization and better position SMEs to compete globally.”
Organizations that choose to obtain this voluntary certification will need to implement security controls designed to protect from the most common cyber threats without creating a significant burden on the organization. While the program is aimed at organizations with fewer than 500 employees, all Canadian organizations are eligible to apply for the certification.
First and foremost, becoming certified through this program makes an organization less likely to fall victim to a cyber threat. A cyber attack can otherwise be costly and time-consuming, and, in some cases, may even permanently damage an organization and its reputation. Certification only requires baseline protection, however, and does not guarantee immunity from cyber risks.
Additionally, certified organizations could potentially increase business as a result of standing out as officially recognized by the federal government for following baseline security controls. Potential customers, investors, partners and suppliers will be able to easily identify an organization’s cyber security competence and the associated risk to do business with the organization based on whether or not they hold this certification.
In order to be certified and permitted to use the CyberSecure Canada logo, an organization must be able to prove that it has implemented 13 basic security controls developed by the Cyber Centre. These controls range from procedures such as developing an incident response plan and providing employees with awareness training, to technical requirements such as using strong user authentication and securing portable media.
To ensure that certified organizations remain secure, certification is valid for two years, after which time organizations must reapply for certification.
The CyberSecure Canada Certification Program is currently in a pilot phase that will continue until a national standard is established. During the pilot phase, CyberSecure Canada will be working with interested businesses to fully develop the certification process. For more information on the program, click here.