Alternate format: Cyber security advice and guidance for research and development organizations during Covid-19 (PDF, 205 MB)
To help address the novel coronavirus (COVID-19) pandemic, governments in Canada are investing millions of dollars into research and development related to combatting current and future outbreaks of COVID-19 and other similar threats.
Cyber threat actors know that there is a lot of pressure on governments, the healthcare sector, and Canadian businesses and academic institutions to help slow the spread of COVID-19, and they are taking advantage of this pandemic to carry out malicious and fraudulent activities. In this case, cyber threat actors are targeting businesses and institutions involved in research and development, and they may even pose as a legitimate business to try to spread misinformation, obtain sensitive information, or gain funding.
To help you during this time, we curated a selection of our advice and guidance products. Don’t wait until there’s an incident to get to know us. If you have questions, want to find a complete list of our guidance products, or sign up for our services!
Cyber security best practices
- Cyber hygiene for COVID-19
- Protecting high-value information: Tips for small and medium organizations (ITSAP.40.001)
- Cyber security tips for remote work (ITSAP.10.116)
- Benefits and risks of adopting cloud-based services in your organization (ITSE.50.060)
- Best practices for passphrases and passwords (ITSAP.30.032)
- Spotting malicious emails (ITSAP.00.100)
- Don't take the bait: Recognize and avoid phishing attacks
- Protect your organization from malware (ITSAP.00.057)
- Ransomware: How to prevent and recover (ITSAP.00.099)
- Internet of things security for small and medium organizations (ITSAP.00.012)
- Using bluetooth technology (ITSAP.00.011)
- How updates secure your devices (ITSAP.10.096)
Baseline cyber security controls
The Baseline Cyber Security Controls for Small and Medium Organizations lists a set of lower-cost and lower-burden security controls that you can implement to thwart cyber threat actors, reduce exposure to cyber threats, and get the most out of your cyber security investments. These controls are organized into thirteen groups:
- Have an incident response plan
- Patch operating systems and applications automatically
- Enable security software
- Configure devices securely
- Use strong user authentication
- Provide employee training
- Back up and encrypt data
- Secure mobility
- Establish perimeter defences
- Secure cloud and outsourced IT services
- Secure websites
- Have access control and authorization
- Secure portable media
CyberSecure Canada is Canada’s national certification program. This program certifies small and medium organizations that implement the baseline controls.
Your organization may not have the resources or capacity for in-house security services. If you want to work with a managed service provider, see our information bulletin:
Contracting with managed service providers