Small and medium organizations: Introduction to the baseline controls
The cyber security needs of small and medium organizations are unique and not always addressed in existing cyber security advice and guidance. Small and medium organizations often lack the resources needed to follow existing enterprise advice and guidance. Our baseline cyber security controls address this gap.
Why the baseline controls?
Our National cyber threat assessment states that Canadian small and medium organizations are most likely to face cyber threat activity in the form of cybercrime which often has immediate financial or privacy implications. Cyber threat actors target these organizations to gain access to data about customers, partners and suppliers, financial information and payment systems, and proprietary information. Cyber security incidents don’t just affect data; these incidents can also result in reputational damage, productivity loss, intellectual property theft, operational disruptions, and financial loss due to large recovery costs.
Smaller organizations can use the baseline controls, which are a set of lower-cost and lower-burden controls, to get the most out of their cyber security investments. By adopting basic cyber security practices, these organizations can thwart cyber threat actors and reduce their exposure to cyber threats. These controls are the first step towards making cyber security more accessible for Canadians, as called for by the National Cyber Security Strategy.
The controls
- Develop an incident response plan
- Automatically patch operating systems and applications
- Enable security software
- Securely configure devices
- Use strong user authentication
- Provide employee with awareness training
- Back up and encrypt data
- Secure mobility
- Establish basic perimeter defences
- Secure cloud and outsourced IT services
- Secure websites
- Implement access control and authorization
- Secure portable media
Next steps
We encourage your organization to browse through the baseline controls and consider implementing them for all of your information systems and assets.
Long description - next steps
Adopting even basic cyber security practices can help thwart cyber threat actors and reduce the threats to Canadians and Canadian businesses.