{
    "id": 2592,
    "date": "2025-10-24T21:12:34",
    "date_gmt": "2025-10-24T16:12:34",
    "guid": {
        "rendered": "https:\/\/octosafes.com\/?p=2592"
    },
    "modified": "2025-11-11T02:48:51",
    "modified_gmt": "2025-11-10T21:48:51",
    "slug": "cyber-resilience-smes",
    "status": "publish",
    "type": "post",
    "link": "https:\/\/octosafes.com\/en\/cyber-resilience-smes\/",
    "title": {
        "rendered": "Cyber \u200b\u200bresilience & SMEs"
    },
    "content": {
        "rendered": "<h3 class=\"wp-block-heading\">Building a cyber resilience posture with limited resources<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Why think about resilience and not just protection?<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Most SMEs don&#8217;t think they should aim for resilience because they believe it&#8217;s reserved for strategic organizations such as banks, hospitals, telecommunications companies, etc.<\/li>\n\n\n\n<li>According to the figures, nearly 60% of cyberattacks in Canada target SMEs, and 40% of them never fully recover.<\/li>\n<\/ul>\n\n\n\n<p><strong>Cyber \u200b\u200bResilience and the interplay between issues:<\/strong> not only prevent the attack, but<br><em>continue to function despite it.<\/em><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Definition of cyber resilience<\/h4>\n\n\n\n<p>Cyber \u200b\u200bresilience is the ability to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Prevent <\/strong>incidents (protection)<\/li>\n\n\n\n<li><strong>React<\/strong> effectively when they occur (detection and response)<\/li>\n\n\n\n<li><strong>Recover quickly with minimal impact<\/strong> (continuity, backup, learning)<\/li>\n<\/ul>\n\n\n\n<p>*<strong>In short:<\/strong> it\u2019s not \u201czero cyberattacks,\u201d but \u201czero panic.\u201d<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Canadian SMEs in 2025: The Importance of Resilience<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Increase in targeted attacks against SMEs due to their limited resources<\/li>\n\n\n\n<li>Increased regulatory requirements (Bill 25, Bill C-26, GDPR for European customers)<\/li>\n\n\n\n<li>Growing reliance on digital technology (CRM, invoicing, customer data)<\/li>\n\n\n\n<li>Access to cyber insurance increasingly dependent on resilience<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Real case: An SME that held on<\/strong><\/h4>\n\n\n\n<p>A company with 25 employees in the Laurentians, north of Montreal, was the victim of ransomware in 2023.<\/p>\n\n\n\n<p>Thanks to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active backup plan<\/li>\n\n\n\n<li>Regular employee training<\/li>\n\n\n\n<li>Rapid collaboration with an external expert<\/li>\n<\/ul>\n\n\n\n<p><strong><em>The company resumed operations within 36 hours without paying any ransom with zero customer losses.<\/em><\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Key recommendations: Concrete pillars of cyber resilience for an SME<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Basic but solid prevention\n<ul class=\"wp-block-list\">\n<li>Firewall, managed antivirus, MFA activity<\/li>\n\n\n\n<li>Automatic updates on all devices<\/li>\n\n\n\n<li>Training and awareness for all staff<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Rapid detection\n<ul class=\"wp-block-list\">\n<li>Configured alerts (unusual logins, modified files)<\/li>\n\n\n\n<li>Easily report phishing emails (button or dedicated address)<\/li>\n\n\n\n<li>Logging enabled on critical servers and applications<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Reliable backups\n<ul class=\"wp-block-list\">\n<li>Automatic, frequent, and offline backups<\/li>\n\n\n\n<li>Regularly tested: an unusable backup = no backup<\/li>\n\n\n\n<li>Encrypted copies located in Canada (compliance)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Business Continuity Plan (BCP)\n<ul class=\"wp-block-list\">\n<li>Simple, readable plan tailored to your business<\/li>\n\n\n\n<li>Who does what in the event of an incident? Who is responsible?<\/li>\n\n\n\n<li>Scenarios tested: cyberattack, internet outage, server loss<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Partners and suppliers ready to intervene\n<ul class=\"wp-block-list\">\n<li>Cybersecurity expert providing rapid support (internal or external)<\/li>\n\n\n\n<li>Contact with the hosting provider, insurer, and IT provider<\/li>\n\n\n\n<li>Clear procedure for alerting and documenting<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Procedure for starting Cyber \u200b\u200bResilience<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Evaluate critical assets<\/strong>: what can never fall (compatibility, orders, emails)<\/li>\n\n\n\n<li><strong>Identify specific threats<\/strong>: ransomware, data theft, outages<\/li>\n\n\n\n<li><strong>Create a mini-PCA<\/strong>: even a one-page version is better than nothing<\/li>\n\n\n\n<li><strong>Choose an internal cybersecurity advisor <\/strong>(or seek support from, for example, Octosafes Inc. or an expert)<\/li>\n\n\n\n<li><strong>Test processes every 6 months<\/strong><\/li>\n<\/ol>\n\n\n\n<p><em>NB: To be resilient, it&#8217;s better to be moderately prepared than completely unprepared. It&#8217;s up to SMEs to invest wisely and build cyber resilience appropriate to their size.<\/em><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Building Cyber \u200b\u200bResilience in 5 Days: SMART \/ Simple-Practical-Realistic<\/h4>\n\n\n\n<p><strong>Day 1: Identify what is essential<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Make a quick list of critical digital assets:\n<ul class=\"wp-block-list\">\n<li>Customer data \u2013 Emails \u2013 Billing \u2013 EERP \u2013 Servers<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Classify these assets by impact: &#8220;critical,&#8221; &#8220;important,&#8221; &#8220;secondary.&#8221;<\/li>\n\n\n\n<li>Ask the right questions: What happens if the asset fails for 1 day? 1 week? Etc.<\/li>\n\n\n\n<li>Tool: &#8220;Asset Priority&#8221; Excel spreadsheet<\/li>\n<\/ul>\n\n\n\n<p><strong>Day 2: Know the main risks<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Objectives: <em>Identify the most likely incident scenarios<\/em><\/strong>\n<ul class=\"wp-block-list\">\n<li>Malicious download (phishing)<\/li>\n\n\n\n<li>Ransom blocking access to files<\/li>\n\n\n\n<li>Loss or theft of an unencrypted laptop<\/li>\n\n\n\n<li>Server outage or internet outage<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>For each risk:\n<ul class=\"wp-block-list\">\n<li>Rate the <strong>likelihood<\/strong> (low\/medium\/high)<\/li>\n\n\n\n<li>Rate the <strong>impact <\/strong>(minor, moderate, critical)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Day 3: Prepare a mini-response plan<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Objective: <em>React quickly and avoid panic<\/em><\/strong>\n<ul class=\"wp-block-list\">\n<li>Contact in case of an incident?\n<ul class=\"wp-block-list\">\n<li>(Internal IT, external expert, insurance, police, clients?)<\/li>\n\n\n\n<li>Where are the backups located? Who has access to them?<\/li>\n\n\n\n<li>What to say (and not say) to clients<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Included:<\/strong> \u201cQuick Response Sheet\u201d template to complete<\/p>\n\n\n\n<p><strong>Day 4: Test the backups<\/strong><\/p>\n\n\n\n<p><strong>Objective: <em>To ensure that data can be recovered in the event of attacks<\/em><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check if there is:\n<ul class=\"wp-block-list\">\n<li>Automatic backups<\/li>\n\n\n\n<li>Offline (not just in the cloud)<\/li>\n\n\n\n<li>Quickly recoverable<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Perform a restoration test: to assess the amount of time elapsed<\/li>\n<\/ul>\n\n\n\n<p><strong>Day 5: Raising employee awareness<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Objective: <em>Reduce human errors (phishing, mishandling, etc.)<\/em><\/strong>\n<ul class=\"wp-block-list\">\n<li>Organize a cybersecurity coffee break (20 min)<\/li>\n\n\n\n<li>Send a simple fact sheet to employees: &#8220;Anti-phishing reflexes&#8221;<\/li>\n\n\n\n<li>Demonstrate how to report a suspicious email<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Summary<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Day<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>Key action<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>Result<\/strong><\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>1<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">List of critical assets<\/td><td class=\"has-text-align-center\" data-align=\"center\">Prioritization<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>2<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Risk identification<\/td><td class=\"has-text-align-center\" data-align=\"center\">Clear mapping<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>3<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Mini response plan<\/td><td class=\"has-text-align-center\" data-align=\"center\">Less stress in the event of an incident<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>4<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Checking Backups<\/td><td class=\"has-text-align-center\" data-align=\"center\">Faster recovery<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>5<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">Internal Training<\/td><td class=\"has-text-align-center\" data-align=\"center\">Better prepared team<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Example of an Excel table showing the priorities of the assets<\/h3>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\"><strong><strong>Digital Asset<\/strong><\/strong><\/td><td><strong>Criticality<\/strong><\/td><td class=\"has-text-align-left\" data-align=\"left\"><strong>Impact in the event of an incident<\/strong><\/td><td class=\"has-text-align-left\" data-align=\"left\"><strong>Existing protective measures<\/strong><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Billing system<\/td><td>Critical<\/td><td class=\"has-text-align-left\" data-align=\"left\">Loss of revenue, interruption of operations<\/td><td class=\"has-text-align-left\" data-align=\"left\">Daily backup, restricted access<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Customer database<\/td><td>Critical<\/td><td class=\"has-text-align-left\" data-align=\"left\">Violation of privacy, legal sanctions<\/td><td class=\"has-text-align-left\" data-align=\"left\">Encryption, double authentication<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Internal file servers<\/td><td>Average<\/td><td class=\"has-text-align-left\" data-align=\"left\">Moderate internal disturbance<\/td><td class=\"has-text-align-left\" data-align=\"left\">Weekly backup<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Messaging system<\/td><td>Critical<\/td><td class=\"has-text-align-left\" data-align=\"left\">Loss of essential communication<\/td><td class=\"has-text-align-left\" data-align=\"left\">Anti-spam filtering, cloud backup<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">Website\/Online store<\/td><td>Average<\/td><td class=\"has-text-align-left\" data-align=\"left\">Loss of sales, bad image<\/td><td class=\"has-text-align-left\" data-align=\"left\">Uptime monitoring, web application firewall (WAF)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Cybersecurity Incident Rapid Response Sheet<\/h3>\n\n\n\n<p>Organization Name: <strong><em><strong><em>__________________<\/em><\/strong><\/em><\/strong><\/p>\n\n\n\n<p>Senior Manager (Cybersecurity or IT):<strong><em><strong><em>__________________<\/em><\/strong><\/em><\/strong><\/p>\n\n\n\n<p>Phone (mobile and office): <strong><em><strong><em>__________________<\/em><\/strong><\/em><\/strong><\/p>\n\n\n\n<p>E-mail: <strong><em><strong><em>__________________<\/em><\/strong><\/em><\/strong><\/p>\n\n\n\n<p><strong>1.Incident detection<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ok Date and time of detection: <strong><em><strong><em>________________<\/em><\/strong><\/em><\/strong><\/li>\n\n\n\n<li>Ok Alert Trigger:\n<ul class=\"wp-block-list\">\n<li>Employee<\/li>\n\n\n\n<li>IT Vendor<\/li>\n\n\n\n<li>Security Tool<\/li>\n\n\n\n<li>Client<\/li>\n\n\n\n<li>Other: <strong><em><strong><em>___<\/em><\/strong><\/em><\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Ok Quick description of the incident:\n<ul class=\"wp-block-list\">\n<li>(Example: \u201cA ransom message appeared on several workstations\u201d, \u201cemail leak detected\u201d, etc.)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>2.First immediate actions<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Urgent Action<\/strong><\/td><td><strong>Done? (Ok\/No)<\/strong><\/td><td><strong>By who?<\/strong><\/td><td><strong>Hour<\/strong><\/td><\/tr><tr><td>Disconnect the affected workstation or server from the network<\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Inform the IT \/ Cybersecurity manager<\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Change critical access passwords<\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Identify affected systems<\/td><td><\/td><td><\/td><td><\/td><\/tr><tr><td>Block suspicious external connections<\/td><td><\/td><td><\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>3.Contact to call<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Contact<\/strong><\/td><td><strong>Role<\/strong><\/td><td><strong>Contact details<\/strong><\/td><\/tr><tr><td>Internal cyber security manager<\/td><td><\/td><td><\/td><\/tr><tr><td>IT supplier<\/td><td><\/td><td><\/td><\/tr><tr><td>External cybersecurity expert<\/td><td><\/td><td><\/td><\/tr><tr><td>Cyber \u200b\u200brisk insurance<\/td><td><\/td><td><\/td><\/tr><tr><td>Authorities (Example: OPC, Police, CNIL)<\/td><td><\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>4.Documentation and follow up<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Screenshot \/ Evidence retained: Yes \/ No<\/li>\n\n\n\n<li>Incident report opened: Yes \/ No<\/li>\n\n\n\n<li>Complete report start date: <strong><em><strong><em>__________<\/em><\/strong><\/em><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>5.Communication<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Customers to the informant? Yes\/No<\/li>\n\n\n\n<li>Suppliers to the informant? Yes\/No<\/li>\n\n\n\n<li>Planned communication plan? Yes\/No<\/li>\n<\/ul>\n\n\n\n<p>Communications manager: <strong><em><strong><em>____________________________<\/em><\/strong><\/em><\/strong><\/p>\n\n\n\n<p><strong>TO DO AFTER THE INCIDENT<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Post-mortem analysis and lessons learned<\/li>\n\n\n\n<li>Updates to the response plan<\/li>\n\n\n\n<li>Employee awareness<\/li>\n\n\n\n<li>Report to authorities if required (Act 25, Act 5, GDPR, etc.)<\/li>\n<\/ul>\n\n\n\n<p><\/p>",
        "protected": false
    },
    "excerpt": {
        "rendered": "<p>Most SMEs don&#8217;t think they should aim for resilience because they believe it&#8217;s reserved for strategic organizations such as banks, hospitals, telecommunications companies, etc.<\/p>",
        "protected": false
    },
    "author": 1,
    "featured_media": 984,
    "comment_status": "closed",
    "ping_status": "closed",
    "sticky": false,
    "template": "",
    "format": "standard",
    "meta": {
        "footnotes": ""
    },
    "categories": [
        1
    ],
    "tags": [],
    "class_list": [
        "post-2592",
        "post",
        "type-post",
        "status-publish",
        "format-standard",
        "has-post-thumbnail",
        "hentry",
        "category-uncategorized"
    ],
    "_links": {
        "self": [
            {
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts\/2592",
                "targetHints": {
                    "allow": [
                        "GET"
                    ]
                }
            }
        ],
        "collection": [
            {
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts"
            }
        ],
        "about": [
            {
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/types\/post"
            }
        ],
        "author": [
            {
                "embeddable": true,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/users\/1"
            }
        ],
        "replies": [
            {
                "embeddable": true,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/comments?post=2592"
            }
        ],
        "version-history": [
            {
                "count": 5,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts\/2592\/revisions"
            }
        ],
        "predecessor-version": [
            {
                "id": 2791,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/posts\/2592\/revisions\/2791"
            }
        ],
        "wp:featuredmedia": [
            {
                "embeddable": true,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/media\/984"
            }
        ],
        "wp:attachment": [
            {
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/media?parent=2592"
            }
        ],
        "wp:term": [
            {
                "taxonomy": "category",
                "embeddable": true,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/categories?post=2592"
            },
            {
                "taxonomy": "post_tag",
                "embeddable": true,
                "href": "https:\/\/octosafes.com\/en\/wp-json\/wp\/v2\/tags?post=2592"
            }
        ],
        "curies": [
            {
                "name": "wp",
                "href": "https:\/\/api.w.org\/{rel}",
                "templated": true
            }
        ]
    }
}