Listen to our podcast episode with Alvin Madar, Partner at PwC, and Anthony Green, CPABC’s security engineer, on the findings from PwC’s recent Digital Trust report. The episode dives into cybersecurity trends in the age of COVID-19 and offers information on what businesses need to know when developing or expanding their cybersecurity investments. Part of our Coffee Chats with CPABC podcast series.
In response to the upending of normal business activity throughout the COVID-19 pandemic, businesses across the globe have rapidly invested in digital transformation, often expediting years of planned project development into the span of a few months.
With this rate of change, it is critical that businesses also ensure they are investing into their cybersecurity infrastructure to keep pace and adapt to ever-evolving digital threats. Effective cybersecurity requires establishing an effective “framework”, a set of processes and policies that provide an organization with safeguards against common digital threats.
Here are three steps businesses of every size should take as they look to establish or evolve their cybersecurity framework.
1) Take a top-down approach to cybersecurity
For an organization to properly embrace cybersecurity, it has to start at the top. Regardless of size, a business needs to have buy-in from leadership. A key component of establishing an effective cybersecurity framework is having a work culture that promotes the processes needed for it to be successful. If senior decision makers don’t make cybersecurity a priority, it’s highly unlikely the team under them will either.
2) Reset or evolve your cyberstrategy as part of your digital transformation
Due to the pandemic, many organizations are changing the way they operate, and digitization is a big piece of that. However, as business operations become more and more digital, it opens up additional security risks. As organizations invest in their digital transformation, it’s important to pay equal attention to their cyber defense strategy. A plan set in place a few years ago may already be dated, and businesses should be willing to reset or evolve those plans where needed.
For organizations that are not yet on the cybersecurity journey, it’s critical that they get started, even by starting small. Some of the foundational steps don't cost a lot of money and are more process related, such as steps as simple as enabling security software or requiring password changes. However, processes are at their most effective as part of an overall framework that purposefully targets potential threats with concrete defenses.
3) Find a Security framework that works for your organization, such as CyberSecure Canada
There's no one-size-fits-all framework, and businesses need to make sure that their cybersecurity strategy fits both their business objectives and organization size. Thankfully, there are many frameworks out there to consider.
For small and medium-sized businesses looking to establish or improve a cybersecurity framework, a great place to start is CyberSecure Canada
. This federal government program provides 13 concrete steps businesses can take to establish an effective cyber defence, with specific best practices for organizations to combat the most common digital threats.
These include such steps as automatic patching, implementing strong user authentication, and ensuring backup and encryption of data, among others. Taken together as part of a holistic cyber defence strategy, these steps, which are often simple, help businesses minimize their cyber risk as they expand their digital footprint.
Getting started on adopting a framework is also less expensive than you might think. As mentioned, aspects of any framework are often process related rather than technology related. For example, something as simple as changing the default admin passwords has no cost and satisfies the control “Securely Configure Devices
” in the CyberSecure framework.
CyberSecure Canada also allows organizations to receive certification
, which will demonstrate to stakeholders that the organization has taken responsible steps to safeguard their information.
Anthony Green is a security engineer at the Chartered Professional Accountants of BC (CPABC)
Read more cybersecurity-related articles in the cybersecurity section of our Resources & Tools