Cybersecurity Reference

Five Key Considerations for Developing a Cybersecurity Emergency Action Plan

Includes guidance for emergency checklists, notification matrices, emergency indicators, response expectations, and approved actions.

Authoritative Source: Information System Audit and Control Association (ISACA)

Privacy Breach Checklist

A printable template to help document and report a suspected or confirmed privacy breach.

Authoritative Source: Office of the Information and Privacy Commissioner BC (OIPC)

Privacy Breaches: Tools and Resources

A resource guide to help respond to a privacy breach in accordance with BC privacy legislation.

Authoritative Source: Office of the Information and Privacy Commissioner BC (OIPC)

Preparing Your Organization for Ransomware Attacks

Practical steps on protecting against ransomware threats and recovering from ransomware attacks.

Authoritative Source: NIST National Institute of Standards and Technology

Ransomware: Facts, Threats, and Countermeasures

Short, straightforward advice on securing networks and systems, securing the end user, and responding to a compromise or attack.

Authoritative Source: Center for Internet Security

Coronavirus: Scammers follow the headlines

Practical recommendations for staff, including avoiding unknown links, suspicious emails, fake offers, donation scams, and investment schemes.

Authoritative Source: US Federal Trade Commission

Cyber Hygiene for COVID-19

Guidance to protect against malicious emails, attachments, websites, and other fake COVID-related cyber activity.

Authoritative Source: Canadian Centre for Cyber Security

Cybersecurity and the COVID-19 pandemic

Recommendations from a lawyer specializing in cybersecurity on managing COVID-19 cybersecurity risks from a people, process, and technology perspective.

Informed Source: BLG (Borden Ladner Gervais LLP)

Cyber security is essential when preparing for COVID-19

Practical recommendations to create a secure remote environment and educate staff in cybersecurity practices.

Authoritative Source: Australian Cyber Security Centre

Risk Management for Novel Coronavirus (COVID-19)

A brief summary for executives with suggestions on physical, supply chain, and cybersecurity issues connected to COVID-19.

Authoritative Source: US Department of Homeland Security: Cybersecurity & Infrastructure Security Agency (CISA)

CSI Best Practices to Securing your Home Network

Practical advice for securing home networks, including routing devices, wireless network segmentation, confidentiality, and more.

Authoritative Source: National Security Agency

Cyber-Safety for Mobile Workers

Guidance on secure wireless networks, phishing, protecting information, locking devices, storing documents securely, and reporting lost or stolen devices.

Authoritative Source: BC Office of the Information and Privacy Protection Commissioner (OIPC)

Home working: preparing your organisation and staff

Recommendations for staff working from home, including new accounts, access, chat rooms, video teleconferencing, document sharing, and SaaS applications.

Authoritative Source: National Cyber Security Centre

Securing a Remote Workforce

Guidance on password management, security patches and updates, phishing, and online social distancing.

Authoritative Source: Cyber Readiness Institute

Security Tips for Remote Workers

A shareable PDF with practical guidance for working outside of the office.

Authoritative Source: National Cyber Security Alliance

Telework Security Basics

Practical advice designed to be shared with teleworking home and remote office users.

Authoritative Source: National Institute of Standards and Technology (NIST)

Considerations when using video-teleconference products and services

Mitigations and general guidance, including product-specific guidance for Google Hangouts, Slack, Microsoft Teams, Zoom, and GoTo Meeting.

Authoritative Source: Canadian Centre for Cyber Security

Best Practices for Securing Your Zoom Meetings

A Zoom publication with guidance on waiting rooms, admitting participants, removing participants, and other meeting security settings.

Informed Source: Zoom Communications

Secure + Encrypted Email Providers

Information on encrypted email providers and why email encryption matters.

Informed Source: Privacy Canada

Trustworthy Email

NIST Special Publication 800-177 Revision 1, a technical reference for small to medium organizations.

Authoritative Source: National Institute of Standards and Technology (NIST)

Cloud services – Guidance for managing cybersecurity risks

Guidance on risk/benefit assessment, cloud services contracts, and oversight/monitoring.

Informed Source: BLG (Borden Ladner Gervais LLP)

Baseline Cyber Security Controls for Small and Medium Organizations

Canadian Government recommendations designed for small and medium sized organizations.

Authoritative Source: Canadian Centre for Cyber Security

Securing Personal Information: A Self-Assessment Tool for Organizations

A security self-assessment designed for organizations, with simple questions and minimum security requirements.

Authoritative Source: BC Office of the Information and Privacy Protection Commissioner (OIPC)

DNS Firewall

Informed Source

Suggested DNS Firewall Service

Informed Source

Secure Wi-Fi, preferably WPA2-Enterprise

Authoritative Source

A Secure Approach to Deploying Wireless Networks

Authoritative Source

Creating a Cybersecure Home

Authoritative Source

PCI DSS Quick Reference Guide

Authoritative Source

DMARC

Informed Source

Configuring DMARC with Google Workspace

Informed Source

Configuring DMARC with Microsoft 365

Informed Source

AICPA SSAE 18 SOC 3 Report

Authoritative Source

OWASP Top 10 Vulnerabilities

Authoritative Source

OWASP ASVS Levels

Authoritative Source