Internal Banner Background Red Wavy Shape

4 February 2019 | by Megan Henwood


Why Your Small/Medium Business Can’t Afford to Ignore Cybersecurity!


Small and medium businesses are now the targets of cybercriminals. Meaning, many small businesses who suffer from these attacks may not recover, as the cot of these attacks can be devastating to their reputation, not to mention the cost of these breaches have severe impact to revenue. Even further, privacy laws in Canada changed in November 2018, which now require all privacy breaches to be reported to the Privacy Commissioner.


Protecting your business against cybersecurity threats is critical to protecting your Intellectual Property (IP), your customers’ data, your employee data and quite frankly your bottom line. There is good news though, so let’s dig in so that you can get the information you need, to do just that – protect your business.


So, what is cybersecurity?

Cybersecurity means being protected against unauthorized use of your electronic data, and the resources used to protect against cyber-attacks. To become ‘cybersecure’, software and technologies are often implemented within an organization.


Why does this apply to my small to medium sized enterprise?

Cybersecurity is important for organizations of all sizes. Learning about cybersecurity best practices and promoting awareness across the organization increases revenue, business productivity, protects your IP and builds trust.


Cybercriminals often focus on Small and Medium Enterprises (SMEs) because they know SME’s often don’t have the resources – human or financial – to employ cybersecurity professionals. While small, you don’t have to be a target. There are managed service providers to help you at reasonable costs. In addition, there is a cost-effective certification that you can adapt.


Taking the right steps to protect your IP and your customer data is critical. The new Digital Privacy Act legally requires all organizations who suffer a data breach to report it. Depending on the severity, fines and notification of the breach to clients may be required. Demonstrating that you have gone through cybersecurity certification will help to prove that you are taking the right steps to protect your data. It might also make you eligible for cybersecurity insurance.


Five Critical Areas to Focus on For Results:

There are five essential controls that are recommended to implement for an organization to mitigate common internet threats. The following are:


  1. Boundary Firewalls and Internet Gateways: A firewall can be either software, hardware, or both. A firewall is a network security device that decides whether to allow or block specific traffic based on a defined set of security rules.
  2. Secure Configurations: Employees should only have access to the tools they need to do their jobs. Your company should create strong password protocols for logging into their systems (e.g. actually enforcing the use of ‘strong’ passwords.)  Never stick with default passwords, they may be easy to remember, but they are easy to crack!
  3. Access Controls: This is a way to minimize the risk of unauthorized access to the company network and systems. Users should have reasonable but minimal privileges on their personal accounts. Only those who require administrative privileges should have admin-level accounts.
  4. Patch Management: This is an update to a program that is designed to fix, or improve it. This also includes security issues. By staying up to date you can prevent cyber criminals from taking advantages of known vulnerabilities in the program. Companies will offer patches for licensed users to update their software.
  5. Malware Protection: This is another layer of protection for an organization, and it can perform daily scans to make sure systems are secure. Malicious software has a way of creeping into our devices. Malware protection scans, detects, and eliminates malware ensuring that there is nothing slipping through the cracks.


Don’t let the fear of not knowing what to do stop you from protecting your business. There are many cost-effective ways to help you mitigate the threats of cybercriminals.


Connect with us at to help you find the right solution for your organization!




add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

January 17, 2019 | by Megan Henwood


How to Reduce Your Cyber Risk through Managed Service Providers

Cyber Essentials Canada’s network of trusted partners all share a mandate to ensure every Canadian organization can be better equipped in this ever-changing digital economy. Watsec, an accredited Certification Body and Practitioner under the CE Canada framework, has developed a Certified Cyber Essentials Canada Practitioner course to allow companies across Canada to equip their staff with a deeper understanding of cybersecurity, as well as to better understand the Cyber Essentials Canada program. 


Reducing Cyber Risk

Watsec is a cyber risk management firm located in Waterloo, Ontario. Watsec has many years of experience specializing in assessing cyber risk, and believes that the most effective way to manage cyber risk is by addressing both the technology andhuman factors. In recent years, studies published independently by Online Trust Alliance and Voke Media found that over 80% of security breaches could have been prevented by using more effective IT security practices such as systematic patching and comprehensive IT system configuration. Employing such practices, plus educating IT staff on better ways to secure the infrastructure is a powerful combination. It enables network managers and Managed Service Providers (MSPs) to better reduce risk from accidental and deliberate security breaches, therefore saving the company money and reputation.


To learn more about Watsec and their Cyber Essentials Canada Practitioner course visit


So, how can we manage our cyber risk? 

Watsec’s training program, Certified Cyber Essentials Canada Practitioner, is focused on educating the IT employees of companies and MSPs (Practitioners) on effective cyber risk management techniques and behaviour. The course prepares attendees to take a leading role in the creation of a corporate cyber risk management program within an organization. This course is especially valuable to IT staff of MSPs as it covers the what, why, and how to effective cyber risk management using the Cyber Essentials Canada (CE Canada) Certification.


This course will cover the key governance and technical subject areas for which the business must meet security requirements to obtain CE Canada's CE or CE Plus certifications. This includes general background on CE Canada Certification and the CE Canada Code of Ethics, as well as technical requirements for the 5 Cyber Essential control areas; Boundary Firewalls & Internet Gateways, Secure Configuration, User Access Control, Malware Protection, and Patch Management. 


To learn more about the Cyber Essentials Canada certification journey or to sign up today visit


Why should we send our IT staff to this course?

Having key IT staff become Certified Cyber Essentials Canada Practitioners (CCECP) positions the organization to take full advantage of CE Canada’s CE and CE Plus certification programs. This training certification will equip students with practical knowledge of the CE Canada framework for ongoing cybersecurity risk management. It also provides the spin-off benefits of creating a competitive corporate business advantage, as well as enhancing students’ professional career skills.


And, who is recommended to take this course?

Registrants are expected to meet the following prerequisites to attend this course:

•    Have a working level understanding of network concepts;

•    Have a working level understanding of Windows or Linux operating system concepts;

•    Have at least 12 months technical experience in IT management, maintenance and servicing for an enterprise;

•    Have (or are seeking) a position with responsibility for IT architecture, security, or operations within a business.


Manage your cyber risk today. Enroll in the Watsec Certified CE Canada Practitioner course and reduce your risk immediately by educating your employees in effective cyber security risk management tools and practices. 


For more information, visit, OR register here for this exclusive offering.



Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

December 19, 2018 | Megan Henwood


How to Achieve Business Continuity


For many business owners, business continuity is the most important aspect of their operations. How do we keep the lights on and maintain productivity under any circumstance? As cybercrime rises for Small and Medium Enterprises (SMEs), the opportunity for business continuity to falter increases.


Cybercrime is not reserved for the big guys

There are many factors that can contribute to the slowdown of performance or complete halt of operations, many of which business owners have little control over, issues with distributors, market fluctuations, political factors etc. However, with an economy that lives online one area where business owners can mitigate risk is through cybersecurity. There is an assumption within the SME world, that cybercrime is reserved for the big guys. Most criminals seek to find vulnerabilities within large corporations to secure large payoffs. However, this is no longer the case. Online crime has shifted to SME’s. Multinationals have an easy in through these SMEs, which do not have the means to implement robust systems to protect their assets. Instead of weeding through multinationals, hackers look to low hanging fruit, the SMEs; an easy way in, and quick gains for these criminals.


A large percentage of Canadian enterprises are of SME size and enormous contributor for our economy. Employing much of our skilled workforce, offering diverse products to their customers, and stretching their brands across the globe, SME’s are a backbone moving our economy forward. SME’s hold valuable intellectual property that is growing more vulnerable as cyber-attacks increase.


New partner spotlight: SourcetekIT

SourcetekIT understands the importance of creating a safe economy for Canadian businesses. Offering IT and cybersecurity services to a wide range of Canadian customers to ensure their operations and intellectual property are protected. SourcetekIT is a reliable Managed security Service Provider (MSP) in Canada, so much so that Tech Data Canada, a large multinational specializing in IT products and services, has chosen SourcetekIT to be their exclusive provider of Managed Security Operations Centre (SOC) services through their 5,000 channel partners across the country.


SourcetekIT’s SOC service is cloud based, and operates on a flexible monthly subscription models so business owners do not have to worry about implementing additional infrastructure. This is an ideal solution for SME’s who do not have the resources to improve the security posture of their organization by implementing a dedicated security monitoring solution. SourcetekIT understands the importance of business continuity which is why they have developed this new market offering. Cloud based SOC services allows business owners to mitigate risk in an accessible, cost effective manner. With a large partner network throughout the country, it is likely that your business is already working with an MSP who has access to SourcetekIT’s new service offering.


So, how do you actually achieve business continuity?

Cyber Essentials Canada understands the importance of business continuity; therefore, we have partnered with SourcetekIT to offer business Cyber Essentials Canada certification alongside SourcetekIT remote SOC service. Any organization that signs up for SourcetekIT’s managed SOC services is automatically Cyber Essentials Canada certified. CEC is a government backed cybersecurity certification program, available in both official languages, offering baseline standards to mitigate against 80% of common internet threats. CEC focuses on 5 key controls that instill awareness of cybersecurity best practices and create a corporate culture based on cybersecurity policies and procedures. This allows businesses to be educated on cybersecurity and move towards a model that ensures business continuity. Cyber Essentials Canada will also work with you to map to other cybersecurity certification programs if needed, such as: NIST and ISO 27001. With a SOC and CEC certification, businesses will be protected against cybercrime, have a badge of trust and due diligence to show their customers, and be up to date with new legislation surrounding procurement and data privacy. Most importantly these offerings allow business operations to move smoothly without interruptions from ongoing security attacks. Side by side these offerings are optimal for businesses across the country, creating an economic culture of safe operations.


How do I get started?

Reach out to your current service provider and discuss remote SOC services through SourcetekIT, or reach out to thousands of channel partners, and end-customers through these channel partners offering their services. The subscription is cost effective, fully managed and flexible.


For more information check out and 



Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

14 December 2018 | by Megan Henwood


A Collaboration to Protect Canada's Digital Economy


When creating a successful business in a thriving industry-ecosystem, a key factor is partnership. Partnership and collaboration are necessary for businesses to reach new markets, spread across sectors, and grow their operations. Businesses methodically choose their partners based on their goals and objectives, selecting those that will help them achieve initiatives and create lasting relationships with their customers. Cyber Essentials Canada (CEC) understands the importance of collaborating with Canadian associations to reach our vision of creating a safe and prosperous economy. Therefore, we have recently collaborated with the Canadian Chamber of Commerce, an organization that aims to promote cyber hygiene and protect Canadians and their businesses from future cybercrime.


The Canadian Chamber of Commerce seeks to connect businesses across the country of all sizes and industries to create a competitive and prosperous economy. As the largest business association in the country with over 450 local chambers / boards of trade that represent and connect over 200,000 businesses, they work to on behalf of businesses across Canada to help ensure the success and growth Canadian business.


The partnership between Cyber Essentials Canada (CyberNB) and the Canadian Chamber of Commerce will serve to educate Canadian businesses on the importance of cybersecurity, in an ever-growing digital world. How to protect their intellectual property, be part of a more secure and resilient supply chain, and to protect customer-data. Members of the Canadian Chamber of Commerce will now have access to the only government-backed, fully managed cybersecurity certification program in the country. The CEC certification program helps mature a business’ cybersecurity policies through monitoring and measuring current practices. Cybercrime is not exclusive to large companies; because of the growing number of attacks on SME’s across all industries, CyberNB sought to bring a certification program to the market that would be accessible for all Canadian businesses, create baseline best practices, and protect against over 80% of common online threats.


The Cyber Essentials Canada certification program was launched by CyberNB, a special operating agency of Opportunities New Brunswick (ONB), in January of 2018. ONB is the provincial economic development agency for the province of New Brunswick. Noticing an existing cybersecurity ecosystem in the province, ONB sought out to build a comprehensive strategy to build on the existing cluster and fill future workforce gaps in the industry. CyberNB was created to carry out economic development initiatives in the critical infrastructure protection sector. CyberNB launched Cyber Essentials Canada to offer the country a standard of security practices and a badge of trust to offer customers once they have moved through the program. The program is accessible for all businesses whether you are a small or medium business looking to meet cyber standards affordably, or a large enterprise looking to reduce vulnerabilities and ensure continuity within your supply chain. Without exhausting your resources, the CEC program can meet your needs.


The CEC program comes in two forms, CEC basic and CEC+. Members of the Canadian Chamber of Commerce can now access the CEC program at a 25% discount. This discount is exclusive to Canadian Chamber of Commerce local Chambers and their members; another way the Canadian Chamber of Commerce is showing businesses across the country that they are here to benefit your business. Once a business, or local Chamber, signs up for the certification program, they will fill out a series of statements online through the online platform, outlining their current cybersecurity practices. These include items such as firewall software, password policies, malware protection etc. Once your journey on the platform is complete, a third-party Certification Body will review your statements accredited under the Cyber Essentials Canada program. The Certification Body will review your responses and supporting evidence, identify your gaps, and provide a series of recommendations - unless you have been able to demonstrate full compliance and are ready to receive your badge of compliance. Once you receive your badge, share it proudly with your customers; display it on your website and marketing collateral, to show that you have taken the proper measures to protect your customers’ data. If you decide to continue the journey to Cyber Essentials Canada+ (Plus) the Certification Body will perform onsite vulnerability testing, for an additional, industry-standard fee.


Signing up for the Cyber Essentials Canada program is seamless and easy; chambers and their members have their own login page which automatically applies a 25% discount from the registration cost of $1,750.00 (CAD +applicable taxes.)


For more information, Cyber Essentials Canada is encouraging Chambers to review materials provided by the Canadian Chamber of Commerce or reach out to the Chamber directly. The CEC team is also here to provide support and answer questions.


We urge Chambers to reach out to their membership. share the news of the CEC program, and assist them in signing up to be certified. We are excited about this new partnership between Cyber Essentials Canada and the Canadian Chamber of Commerce, and look forward to working together to create a more safe and secure Canadian economy.




Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

25 October 2018 | by Megan Henwood


About Cyber Essentials Canada


In the defence sector, companies are under constant threat of potential cyber attacks. Vulnerabilities within an organization can result in loss of productivity and revenue, compromise intellectual property, and cost a company the trust of its customers. Governments around the world are taking it a step further and requiring venders to have cybersecurity standards in place before working with public departments, or imposing fines on groups who suffer a breach and do not have preventative cybersecurity measures in place. 


Primes already know this, most have taken the measures to become NIST or ISO 27001 compliant. But, what about the supply chain? We commonly think cyber crime is aimed at large organization, but, the risk is now shifting to small and medium enterprises (SME). A prime’s supply chain can comprise of hundreds of SME’s, that may not have the means to mitigate risk. A growing number of primes have suffered from a cyber attack through a vulnerability in their supply chain, causing negative social media, and dissatisfaction from customers. So how do primes close the gaps in their supply chain?


Cyber Essentials Canada is the only government backed, government owned cybersecurity certification program. CEC is a cost effective solution aimed at helping SME’s achieve baseline standards to protect against the most common cyber threats. Being a fully managed solution, CEC is not resource exhaustive on suppliers, the process is seamless and easy, with the support of the CEC Success Team.


For more information on how to mitigate risk, or to start the certification journey, visit 



Subscribe to this Blog Like on Facebook Tweet this! Share on Google+ Share on LinkedIn

Cyber Essentials PLUS Program Logo

View our Certification Options