Cyber Security Awareness Month: Where Canada’s SMBs should start

Small and mid-sized businesses make up the majority of companies in this country and employ about 90 per cent of the workforce, yet many have valuable intellectual property, personal information on customers or direct direct computer links to large firms.

All three are valuable targets for criminals and unfriendly countries. Yet many SMBs still think they don’t have to worry.

SMBs include convenience stores, dry cleaners and gas stations and manufacturing plants, but also law firms, accountants, financial advisors, engineering consultants and architects.

This being Cyber Security Awareness Month in many countries it’s a good time to remind infosec pros who manage or advise owners of these firms of a valuable resource offered for them by Public Safety Canada. Called the Get Cyber Safe Guide for Small and Medium Businesses, it’s aimed at helping managers understand the cyber security risks their organizations face, and provide them with practical advice on how to better protect their business and employees from cyber crime.

If you don’t know where to start this 46-page PDF is a useful document.

There’s a section on employee awareness, which we’ll get to in a minute. But for the heads of these firms who aren’t sure where to start, try the 15-question self-assessment test.

Among other things it asks if  cyber security a priority for the business, if it has cyber security plans and policies, a disaster recovery plan and some technical things, like if the firm uses encryption to secure data. Most answers are yes/no, with a point for yes and a zero for no.  “If your score was 0-to-15 then you should consider reading this whole guide, as soon as you can,” it advises. “Then, consult with others in the business to begin planning and implementing cyber security in your business.”

The guide is divided into 11 chapters, covering management issues, Web security, point of sale security, email security, data security, remote access security, mobile and physical device security.

As for the awareness section, it includes this advice:

You should put at least one person in your business in charge of cyber security. This person would be responsible for the following:

  • Learning about threats, trends and security options.
  • Planning, acquiring and implementing security safeguards.
  • Helping other personnel understand cyber security best practices and policies.
  • Enforcing cyber security best practices and policies with management support.
  • Maintaining and updating the security safeguards used by your business.

Even with a clear person or group in charge of cyber security, their success within a business of any size relies on management support. The support you provide will depend on the size of the business, but some of the things all managers are responsible for include the following:

  • Providing guidance to all employees on the importance of cyber security as part of operations, including policies to outline accountability for cyber security.
  • Supporting and monitoring cyber security projects.
  • Consulting with experts, such as legal counsel, for any external obligations such as provincial or federal law.

At fewer that 50 pages the guide is not an exhaustive framework for cyber security. It is a good beginning. Infosec pros who want more in their arsenal should at least add the Center for Internet Security’s 20 security controls, which includes links to best practices.

For those who may find 20 controls unnecessary, the CIS has a shortened version of six prime controls for SMBs.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs