Introduction to the baseline controls

Small and medium organizations: Introduction to the baseline controls

The cyber security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. needs of small and medium organizations are unique and not always addressed in existing cyber security advice and guidance. Small and medium organizations often lack the resources needed to follow existing enterprise advice and guidance. Our baseline cyber security controls address this gap.

Why the baseline controls?

Our National cyber threat assessment states that Canadian small and medium organizations are most likely to face cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. activity in the form of cybercrime which often has immediate financial or privacy implications. Cyber threat actors target these organizations to gain access to data about customers, partners and suppliers, financial information and payment systems, and proprietary information. Cyber security incidents don’t just affect data; these incidents can also result in reputational damage, productivity loss, intellectual property Intellectual propertyLegal rights that result from intellectual activity in the industrial, scientific, literary, and artistic fields. Examples of types of intellectual property include an author's copyright, trademark, and patents. theft, operational disruptions, and financial loss due to large recovery costs.

Smaller organizations can use the baseline controls, which are a set of lower-cost and lower-burden controls, to get the most out of their cyber security investments. By adopting basic cyber security practices, these organizations can thwart cyber threat actors and reduce their exposure to cyber threats. These controls are the first step towards making cyber security more accessible for Canadians, as called for by the National Cyber Security Strategy.

The controls

• Develop an incident response plan
• Automatically patch operating systems and applications
• Enable security software
• Securely configure devices
• Use strong user authentication
• Provide employee with awareness training
• Back up and encrypt data
• Secure mobility
• Establish basic perimeter defences
• Secure cloud and outsourced IT services
• Secure websites
• Implement access control and authorization
• Secure portable media

Next steps

We encourage your organization to browse through the baseline controls and consider implementing them for all of your information systems and assets.

Long description - next steps

Adopting even basic cyber security practices can help thwart cyber threat actors and reduce the threats to Canadians and Canadian businesses.