Cyber security advice and guidance for research and development organizations during Covid-19

To help address the novel coronavirus (COVID-19) pandemic, governments in Canada are investing millions of dollars into research and development related to combatting current and future outbreaks of COVID-19 and other similar threats.

Cyber threat actors know that there is a lot of pressure on governments, the healthcare sector, and Canadian businesses and academic institutions to help slow the spread of COVID-19, and they are taking advantage of this pandemic to carry out malicious and fraudulent activities. In this case, cyber threat actors are targeting businesses and institutions involved in research and development, and they may even pose as a legitimate business to try to spread misinformation, obtain sensitive information, or gain funding.


To help you during this time, we curated a selection of our advice and guidance products. Don’t wait until there’s an incident to get to know us. If you have questions, want to find a complete list of our guidance products, or sign up for our services!


Baseline cyber security controls

The Baseline Cyber Security Controls for Small and Medium Organizations lists a set of lower-cost and lower-burden security controls that you can implement to thwart cyber threat actors, reduce exposure to cyber threats, and get the most out of your cyber security investments. These controls are organized into thirteen groups:

  • Have an incident response plan
  • Patch operating systems and applications automatically
  • Enable security software
  • Configure devices securely
  • Use strong user authentication
  • Provide employee training
  • Back up and encrypt data
  • Secure mobility
  • Establish perimeter defences
  • Secure cloud and outsourced IT services
  • Secure websites
  • Have access control and authorization
  • Secure portable media

CyberSecure Canada is Canada’s national certification program. This program certifies small and medium organizations that implement the baseline controls.


Your organization may not have the resources or capacity for in-house security services. If you want to work with a managed service provider, see our information bulletin:

Contracting with managed service providers
Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: