Sound practices to prevent cyberattacks

Learn about good practices based on ISO/IEC 27002, an international cybersecurity standard. Its recommendations, intended for managers and officers, help you establish a solid foundation for protecting your company.

Adopt a security policy

A security policy will allow you to establish the key elements to implement, such as an assessment of your main risks, an annual plan for your activities, etc.

See the Adopt a security policy (PDF, 236 KB)  - This link will open in a new window. checklist.

Performing a security audit

It’s important to have an independent auditor verify security measures to identify strengths and weaknesses. Security audits identify and prioritize any corrective measures that are required to address issues raised by the auditor. Some of your clients may ask for a security audit report during the tender process.

Refer to the Performing a Security Audit (PDF, 168 KB) - This link will open in a new window. checklist to determine what type of security audit to choose and how to prepare.

Run a background check on your employees

Run a background check on applicants before hiring them to verify their qualifications and integrity. This covers resumés, professional references, credit histories and criminal records, to the extent permitted.

Perform system updates

Updates enhance security to better protect you against new viruses. It's a simple way to protect your systems against possible attacks.

Manage services outsourced to your providers (third parties)

Ensure security clauses protect your data at your providers' locations.

See the Using third-party services (PDF, 216 KB)  - This link will open in a new window. checklist.

Adopt an incident management process

Determine the process to follow in the event of an incident and inform your employees of it so that you're ready for any situation.

Take inventory of your IT assets

Taking inventory of your assets enables you to ensure they are covered by your protection measures.

Manage computer access

Managing access enables you to grant and modify your employees' computer access and privileges according to their needs and thus reduce the risk of information leaks.

Set up physical access controls

Make sure that only authorized personnel have access to your IT assets by putting in place the necessary controls.

Read the Physical security measures for facilities (PDF, 315 KB) - This link will open in a new window..

Set up a business continuity and IT disaster recovery plan

The goal is to ensure that your business survives after a major disaster affects your computer system. Establishing a business continuity plan will help you limit data loss in the event of an incident and continue operating without your clients being affected.

Read the Quick Reference for Business Continuity (PDF, 132 KB) - This link will open in a new window..

Download a template for a Business Continuity Plan (PDF, 272 KB) - This link will open in a new window..