Introduction to the baseline controls

From: Canadian Centre for Cyber Security

Small and medium organizations: Introduction to the baseline controls

The cyber security needs of small and medium organizations are unique and not always addressed in existing cyber security advice and guidance. Small and medium organizations often lack the resources needed to follow existing enterprise advice and guidance. Our baseline cyber security controls address this gap.

Why the baseline controls?

Our National cyber threat assessment states that Canadian small and medium organizations are most likely to face cyber threat activity in the form of cybercrime which often has immediate financial or privacy implications. Cyber threat actors target these organizations to gain access to data about customers, partners and suppliers, financial information and payment systems, and proprietary information. Cyber security incidents don’t just affect data; these incidents can also result in reputational damage, productivity loss, intellectual property theft, operational disruptions, and financial loss due to large recovery costs.

Smaller organizations can use the baseline controls, which are a set of lower-cost and lower-burden controls, to get the most out of their cyber security investments. By adopting basic cyber security practices, these organizations can thwart cyber threat actors and reduce their exposure to cyber threats. These controls are the first step towards making cyber security more accessible for Canadians, as called for by the National Cyber Security Strategy.

The controls

Next steps

We encourage your organization to browse through the baseline controls and consider implementing them for all of your information systems and assets.

Long description immediately follows
Long description - next steps

Adopting even basic cyber security practices can help thwart cyber threat actors and reduce the threats to Canadians and Canadian businesses.

Date modified: