Strengthening Cyber Security in Small and Medium Organizations
Cyber security is essential for small and medium organizations aiming to improve their resiliency. This document provides guidance to help businesses strengthen their defenses. It supports the Government of Canada’s commitment, outlined in the National Cyber Security Strategy, to make cyber security more accessible.
Why Cyber Security Matters
Small and medium organizations are common targets for cyber threats. According to the National Cyber Threat Assessment, these businesses face cybercrime that often leads to financial losses or privacy breaches. Attackers seek customer data, financial information, and proprietary assets. A successful cyber attack can result in:
- Reputational damage
- Productivity loss
- Intellectual property theft
- Operational disruptions
- Costly recovery efforts
Given these risks, improving cyber security is crucial for long-term business success.
Recommended Cyber Security Frameworks
To reduce cyber security risks, we recommend Annex 4A – Profile 1 of IT Security Risk Management (ITSG-33). This framework aligns with internationally recognized standards such as the NIST Cyber Security Framework and ISO/IEC 27001:2013. However, implementing this profile can be expensive. Many small and medium organizations may lack the financial and human resources required to adopt it fully.
Practical Cyber Security Solutions
Despite these challenges, organizations can still protect themselves by following best practices and increasing cyber security awareness. Applying the 80/20 rule—where 20% of effort achieves 80% of the benefits—can lead to significant improvements.
This document outlines a set of baseline cyber security controls to help organizations maximize their security investments. These controls provide a cost-effective way to enhance protection against cyber threats.
Take Action Today
We encourage organizations to implement as many of these baseline controls as possible. While not every business can apply every control, widespread adoption will strengthen Canada’s overall cyber resilience.
For more guidance and resources, visit cyber.gc.ca.
