With cybersecurity incidents on the rise, it’s important for organizations to proactively protect their networks and information.
The Government of Canada, and the Canadian Centre for Cyber Security, recently issued guidance to assist small and medium organizations in strengthening their defenses against such incidents.
In this article, we outline 13 security controls designed to reduce risks and protect against cybersecurity incidents. It’s important to note that these security controls are not one-size-fits-all and controls should be customized to fit your organization’s unique needs and requirements.
13 security control strategies
- Develop an incident response plan: Develop a plan to quickly respond to incidents, restore critical systems and data, and minimize service interruptions and data loss. Include a contact list for immediate response and strategies for backing up data.
- Patch operating systems and applications: Activate automatic patches and updates for all software and hardware to prevent exploitation by threat actors. These threat actors typically exploit vulnerabilities in computer systems, networks and software.
- Enforce strong user authentication: Use two-factor authentication (2FA) or multi-factor authentication (MFA) for extra security.
- Backup and encrypt data: Copy your information and critical applications to one or more secure locations, such as the cloud or an external hard drive.
- Activate security software: Install antivirus and anti-malware software on your devices to protect against malicious attacks and malware.
- Train your employees: Tailor your training programs to address your organization’s cybersecurity protocols, policies and procedures.
- Secure cloud and outsourced services: Secure cloud and outsourced services by ensuring your service provider has measures in place to meet your security requirements. Know where their data centres are located.
- Secure portable media: Use encrypted portable storage devices, if possible, and sanitize devices properly before reusing or disposing of them.
- Configure devices securely: Configure devices securely by reviewing and adjusting your device’s default settings as necessary.
- Secure mobile devices: Ensure employees can only use approved applications and can only download applications from trusted sources.
- Access control and authorization: Ensure that employees only have access to necessary information, with unique login credentials. Administrators should have separate accounts for administrative and general use.
- Secure websites: Secure websites by encrypting sensitive data, ensuring certificates are up-to-date, using strong passwords or passphrases and using HTTPs.
- Establish basic perimeter defences: Use a firewall to defend against outside intrusions by monitoring incoming and outgoing traffic and filtering out malicious sources. Use a Virtual Private Network (VPN ) for remote connections.
If you’re interested in learning more about cybersecurity strategies and mitigating risks within your organization, our Privacy, Data Protection & Cybersecurity group has a wide range of experience assisting various organizations in this area. We can support you in implementing these strategies, establishing an incident response plan, developing appropriate policies and training employees at your organization. Contact us to learn more.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.