Lindsay McKay" />
Enter your email below to receive weekly updates from the Ashton College blog straight to your inbox.
By: Lindsay McKayPublished On: October 21, 2021
No matter how small or big your business is, there are minimum cybersecurity controls that you should be implementing to keep your company, employees, and clients safe. To begin with, every employee should be given online training, whether that is through self-paced cybersecurity courses or through instructor-led entry-level courses like an A+ training course, some sort of training is necessary.
The Canadian Centre for Cyber Security released a publication with recommendations for small and medium organizations in Canada to improve their resiliency and cybersecurity investments. I will outline the document including how to determine the scope your business needs and some baseline controls your business should be implementing.
Firstly, determine if you are a small or medium business, these baseline controls are for organizations that have less than 499 employees. If you have more, you need to invest in more comprehensive cybersecurity measures.
Create an inventory of all computers, servers, information systems, mobile devices and all other information system assets, including owned, contracted, and how otherwise used. Before you can determine measures, it is important to know how many systems need protection and the scope of your technology use and needs.
It is essential that businesses understand the value of their information, from the sensitive information of customers and clients to competitive proprietary intellectual property. Once you have an understanding of all the information, assess the injury level of each based on the confidentiality, integrity, and availability of information systems and/or data.
Self-identify your organization's primary cyber threat and reference the National Cyber Threat Assessment 2018 if you think you have a serious threat that minimum baseline controls won’t protect against.
There should be someone in a leadership role that is specifically responsible for IT security. It is highly recommended that this person is greatly educated and has at minimum CySA+ training and 5+ years under their belt. While industry analysis indicates that organizations typically spend up to 13% of their IT budget on cybersecurity, it is recommended to commit to progressive improvements and constantly be auditing adding more measures depending on what your business specifically needs.
Protect your organization's data, networks, employees, customers, and clients; it costs too much to recover from an attack or breach, especially if unprepared.
The information contained in this post is considered true and accurate as of the publication date. However, the accuracy of this information may be impacted by changes in circumstances that occur after the time of publication. Ashton College assumes no liability for any error or omissions in the information contained in this post or any other post in our blog