Cyber security certification program for Canadian SMBs to launch soon

At a time when there’s no shortage of reports of organizations suffering data breaches, infosec pros have difficulty knowing who to trust among suppliers and business partners. Consumers also have the same problem.

They may have a solution in a few weeks.

CyberNB, a wing of the New Brunswick government aiming to make the province a cyber security hub, has quietly announced it is adopting for use in this country the U.K. Cyber Essentials program certifying small and mid-sized companies have met certain minimum security standards.

Firms that pass the certification get to put the Cyber Essentials logo on their Websites and marketing material.

In addition to being brand for competitive advantage, the program should also be a spur to SMBs to improve their IT security.

CyberNB hopes to officially launch the program in several provinces in April.

The program won’t have the force it has in the U.K., where companies wanting to bid on sensitive government contracts must be certified. However, the man overseeing the program said Canadian SMBs will still want to pass the test.

David Whelbourn, CyberNB

“It’s the same reason why restaurants have hygiene standards for their staff,” said David Whelbourn, the Cyber Essentials program director: “To protect their customers from being poisoned. It’s no real difference for a small and medium company. It’s about establishing yourself as doing the right thing to protect their clients and their data.”

And not only will certification protect companies, it also protects its jobs. After all, he pointed out, “if they get attacked and ransomed that could destroy small and Canadian businesses.”

As the accreditation body CyberNB is now looking for consulting and IT firms who will do the certifying. Three are already being qualified.

As in the U.K., the program here will have two levels:

–Cyber Essentials. To meet it an organization will complete an online form with 29 questions covering five security controls: Boundary firewalls and Internet gateways; system configuration; access control and malware protection.

Typical questions include: Have the default usernames/passwords on all boundary firewalls (or similar devices) been changed to a strong password; Have all open ports and services on each firewall (or similar device) been subject to justification and approval by an appropriately qualified and authorised business representative, and has this approval been properly documented; Do you have a backup policy; Are elevated or special access privileges, such as system administrator accounts, restricted to a limited number of authorized individuals.

All answers then have to be verified by an approved certifying body.

Note that in U.K. documents this level is not recommended for organizations that could face advanced persistent threats.

–Cyber Essentials Plus. In addition to completing the online form a certifying body performs additional tests that have to be passed including a vulnerability scan and a test of inbound email filtering controls.

Not included are complex application testing or database audits.

Applicants will pay around $500 to fill out the online application and, depending on the size of the company, about $500 for the certification. There will also be $500 annual re-certification fee.

Whelbourn has big hopes for the program. Initially there will be a small launch so processes can be stress tested. “What I’m worried about is we have a massive increase and suddenly have to cope with a 10 or 20 fold increase” in applications.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now