Cybersecurity best practices: Your path to resilience
Learn about cybersecurity best practices. From Top Ten lists to incident response strategies, empower your organization with proven methodologies. Elevate your defense, embrace digital resilience.
Top 10 best practices
Cyber domain: Cyber security policy and compliance
This list outlines overarching principles and guidelines for managing and securing information systems, aligning with broader cybersecurity objectives.
Top 10 cybersecurity best practices
Last updated: 2023/24
Executive guide for incident management
Cyber domain: Incident and reporting management
An essential resource tailored for executives, providing strategic insights into effective incident management. Elevate your organization's resilience in the face of cybersecurity challenges.
Executive Guide for Incident Management
Last updated: 2023/24
Top 10 ransomware prevention tips
Cyber domain: Cyber security policy and compliance
Equip yourself with a concise, one-page resource offering actionable tips to safeguard against ransomware threats.
Top 10 tips on preventing ransomware
Last updated: 2023/24
QR codes advice
Cyber domain: Security training and awareness
QR codes provide a convenient way to access information or services, but they can also introduce threats. Here are some key points to consider when it comes to the potential dangers associated with QR codes.
QR codes – Cybersecurity advice
Last updated: 2023/24
Phishing Top 10 Best Practices
Cyber domain: Security training and awareness
Discover our Phishing Top 10 Best Practices guide. Expertly crafted to enhance your cybersecurity, this resource provides essential strategies to combat phishing attacks. Stay ahead of threats and download now.
Phishing Top 10 Best Practices
Last updated: 2024
Core Guidance
Essential Security Practices
Multi-Factor Authentication
Require MFA for all accounts. It blocks 99.9% of automated attacks. Start with email and VPN, then expand to all business apps.
Patch Management
Keep systems updated within 48 hours for critical vulnerabilities. Automate patching where possible and maintain an inventory of all software assets.
Backup & Recovery
Follow the 3-2-1 backup rule — three copies, two media types, one offsite. Test your restores regularly and keep backups disconnected from production networks.
Incident Response Planning
Every organization needs a documented IR plan. Test it annually through tabletop exercises. Know your reporting obligations and communication protocols.
People & Process
Building a Security Culture
Security isn't just technology — it's people and process. The most effective organizations embed cybersecurity into daily operations, treating it as a shared responsibility rather than a siloed IT function. This starts with executive sponsorship: when leadership visibly champions security, it signals to every employee that protecting data and systems is a core business priority.
Regular phishing simulations are one of the most impactful tools for building awareness. By testing employees with realistic scenarios, organizations can identify knowledge gaps, reinforce training, and measure improvement over time. Pair simulations with brief, focused training modules to turn each exercise into a learning opportunity.
Security champions programs embed cyber-aware advocates into every department. These individuals act as a bridge between IT security teams and front-line staff, helping translate policies into practical daily habits and escalating concerns before they become incidents.
Board-level reporting ensures cybersecurity remains a strategic conversation. Presenting risk metrics, incident trends, and readiness scores to the board creates accountability and justifies continued investment in people, process, and technology improvements.
Local Context
Alberta-Specific Guidance
Alberta's unique mix of energy, agriculture, and public sector organizations faces distinct cyber threats. Nation-state actors target critical infrastructure in the oil and gas sector, ransomware groups exploit municipalities with limited IT resources, and supply chain attacks ripple through interconnected agricultural operations.
CyberAlberta's best practice guides are tailored to the regulatory environment that Alberta organizations operate within. This includes compliance with the Freedom of Information and Protection of Privacy Act (FOIP) for public bodies and the Personal Information Protection Act (PIPA) for private sector organizations — each with specific breach notification requirements and data handling obligations.
Our guidance addresses the operational realities of organizations across the province, from remote energy sites with limited connectivity to urban health authorities managing sensitive patient data. Whether you're a small municipality, a mid-size energy company, or a provincial agency, these practices are designed to be practical, scalable, and aligned with the threats you actually face.
Take Action