8 June 2018 | by Zach Smith

Blog

Avoiding Catastrophes with Cyber Essentials Canada

A cyber attack on a business can be catastrophic. It can lead to the theft of information or money, loss of credibility and, ultimately, the end of an organization. The truth is, cybercrime is at an all-time high and it’s very easy to become a victim of a cyber attack. Whether an employee clicks on a malicious link, or a hacker holds all of your information hostage in search of ransom, businesses need to have safeguards in place to protect themselves. Cyber Essentials Canada enables businesses to adopt safeguarding best practices and awards them a certificate to prove it.

Making it Easy for Small and Medium Businesses

Cyber Essentials Canada is a cybersecurity standard and set of best practices that organizations can be assessed and certified against. It identifies the security controls that an organization must have in place within their IT systems in order to have confidence that they are addressing cybersecurity effectively and mitigating the risk from up to 80% of common internet-based threats.

Protect Your Business Against Up to 80% of *Common Internet Threats

Cyber Essentials Canada consists of five key technical controls to keep businesses cyber safe. These controls are:

  1. Boundary Firewalls & Internet Gateways, to ensure that only safe and necessary network services can be accessed from the internet;
  2. Secure Configuration, to ensure that computers and network devices are properly configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfill their role;
  3. User Access Control, to ensure user accounts are assigned to authorized individuals only and that they only provide access to those applications, computers and/or networks required for the user to perform their role;
  4. Malware Protection, to restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data; and
  5. Patch Management, to ensure that devices and software are not vulnerable to known security issues for which fixes are available.

Common Threats Mitigated, What You Need to Know

Drive-by-downloads

A drive-by-download is when a malicious code is downloaded onto a computer due to a user visiting a malicious website.
Cyber Essentials Canada mitigates Drive-by-downloads through:

  • Malware Protection, by having good malware protection software that can prevent malware from executing and, as a requirement, blacklisting all websites known to be malicious; and
  • Patch Management, by keeping your internet browser up-to-date to fix all known vulnerabilities.

Data leakage

Data leakage occurs when company information is exposed through an unauthorized party.
Cyber Essentials Canada mitigates Data leakage through:

  • User Access Control, by enforcing a strong password policy making it more difficult for unauthorized users to access the system;
  • Malware Protection, by having good malware protection software that can prevent malicious software, such as spyware, from executing on the information system;
  • Boundary Firewalls & Internet Gateways, by blocking unauthorized inbound and outbound traffic on your network. That way data cannot be shared/stolen through the network itself without authorization, for example, spyware can’t communicate with its owner; and
  • Patch Management, by patching all known vulnerabilities.

Ransomware

Ransomware is a malicious program that denies you access to your files or computer until a ransom is paid.
Cyber Essentials Canada mitigates Ransomware through:

  • Malware Protection, by having good malware protection software that can detect ransomware and prevent it from executing;
  • Secure Configuration. If ransomware is executed on the information system, as a requirement, you will have a recent back-up to restore the system back to normal; and
  • Patch Management, by patching all known vulnerabilities.

Other threats mitigated (but are not limited to):

  • Adware through Malware Protection and Patch Management
  • Spyware through Malware Protection and Patch Management
  • Trojans through Malware Protection and Patch Management
  • Man-in-the-Middle through Malware Protection, Secure configuration and Boundary Firewalls & Internet Gateways
  • Internet Worms through Malware Protection, Patch Management and Boundary Firewalls & Internet Gateways
  • Brute force attack through Access Control, Secure configuration and Boundary Firewalls & Internet Gateways
  • Keylogging through Malware Protection, Patch Management and Boundary Firewalls & Internet Gateways

*Source: Lancaster University Study on Cybersecurity.

CyberNB is a Special Operating Agency of Opportunities NB.

For more information on how you can start your journey:
Join the Cyber Highway

Categories

Archives

Latest Posts

Looking for more information on Certification and Cybersecurity Updates?