Québec SMB Security Baseline 10 Controls You Can Do This Month

September 17, 2025 | By kyle@algocog.ai | Managed IT Services

What Is a Cyber Threat 164.68 Million Records Exposed

A cyber threat is any attempt to steal data or disrupt business operations. In 2019, the United States recorded 1,473 data breaches and 164.68 million sensitive records exposed. Small and midsize businesses (PMEs) are especially at risk. As PayPal CEO Dan Schulman noted, there are companies that have been hacked and those that do not know they have been hacked.

Phishing 90% of Breaches Start Here

Phishing emails, texts, or chats trick employees into sharing passwords or financial details. With over 90% of breaches tied to phishing or social engineering (Verizon DBIR), one click can compromise an entire network. See our short guide in Resources.

Watering Hole Attacks 1 Compromised Site Can Infect Many

A watering hole attack targets trusted websites used by specific industries. Guidance from CISA shows how one infected site can spread malware to many businesses that regularly visit.

Drive By Downloads 60% Exploit Unpatched Systems

Drive by downloads happen when outdated or unpatched systems allow silent installs of malicious software. Studies attribute a large share of breaches to unpatched vulnerabilities (IBM Cost of a Data Breach). AET Managed IT can automate patching and updates.

Malware Ransomware Costs SMBs 1.85M on Average

Malware includes viruses, ransomware, spyware, worms, and Trojans. The Sophos State of Ransomware reports average ransomware impacts for SMBs measured in the millions. Protect endpoints with AET Cybersecurity.

Why SMBs Need Cybersecurity 50% Close After an Attack

According to the U.S. SEC, about half of small businesses close within six months of a major cyberattack due to reimbursements, downtime, emergency IT spend, and reputation loss. Keep teams operational with AET Helpdesk.

10 Security Controls Do Them in 30 Days

Multi-Factor Authentication (Microsoft 365 MFA)
Password Manager (1Password Business)
Endpoint Detection and Response (CrowdStrike Falcon)
Patching Routine (NIST Patch Management Guide)
DNS Filtering (Cisco Umbrella)
Least Privilege Access (NIST Glossary)
3-2-1 Backups (Veeam Backup Rule)
Awareness Training (KnowBe4 Training)
Email Filtering (Proofpoint Security)
Incident Drill (CISA Guidance)

Prioritize Fast 4 Weeks 10 Controls

Week 1: MFA + password manager
Week 2: Patching + DNS filtering
Week 3: Awareness + email filtering
Week 4: Backups + drill + least privilege

Download the full 30-Day Security Playbook (EN/FR PDF) to follow step by step.

Who Does What 3 Roles to Assign

Owner / Leadership: Approves MFA, drives culture, joins drills
IT/Vendor: Deploys patching, filtering, EDR (Managed IT Services)
Employees: Use password manager, complete training, follow rules

Final Word 86% of Breaches Are Financially Motivated

According to the Verizon Data Breach Investigations Report, 86% of breaches are financially motivated. By applying these 10 baseline controls, SMBs in Québec can reduce risk, protect customer trust, and avoid being another statistic.

← Previous Post

Server Management

AET’s server management services cover server setup and configuration, security hardening, software installation and upgrades, backup and disaster recovery, performance optimization, and proactive maintenance.

Workstation Management

AET’s workstation management services include software installation and upgrades, security patching, EDR monitoring and management, malware protection, data backup and recovery, performance optimization, and user support.

Endpoint Detection and Response

Get protection against advanced threats, including malware, ransomware, and other sophisticated attacks with our Endpoint Detection and Response (EDR) services.

Cloud Management

As experts in managing various Microsoft 365 and Google environments, our team offers a wide range of services, including user and license management, email management, security and compliance, data migration, and application integration.

Backup & Recovery

Protect all your business-critical data and make sure you can recover quickly and easily from any data loss event. AET’s backup and recovery services include on-premises and cloud-based backup solutions, data replication, backup testing and validation, data archiving, and more.

Cybersecurity Implementation

Cybersecurity Management

Cybersecurity is an ongoing process, not a one-time event. Our cybersecurity management services provide continuing support and maintenance to ensure your security systems remain effective and up to date.

DNS Filtering

DNS filtering helps protect you against cyber threats while improving your company’s productivity. By effectively blocking access to harmful or inappropriate websites, it reduces the risk of malware infections, and enhances network performance.

Spam Filtering

Protect your company against unwanted emails and improve productivity at the same time. Spam emails can contain harmful links or attachments, wasting valuable time and potentially putting your company at risk of cyber threats.

Security Awareness Training

Password Management

Poor password management policies can expose your business to significant cyber risk. AET’s password management services lessen that risk by providing a centralized platform to manage passwords and enforce strong password policies.

Other

Build a comprehensive and customized security strategy. Work with AET’s cybersecurity experts to identify the most relevant services for your company.

Incident Management

We offer a variety of incident response services, including proactive threat hunting, threat intelligence analysis, incident investigation and post-incident remediation, all designed to meet your needs, help your company maintain its reputation and avoid costly data breaches.

Hosting Services

Whether you’re using the private cloud or the public cloud, AET has the expertise to help with your hosting needs. From designing, implementing, and testing a private cloud solution, to launching public cloud services, such as Azure or AWS, we can help guide you towards the best solution.

Service Requests

Count on AET’s quick and reliable response to your service requests. We offer various service request management services, including hardware and software installations, system upgrades, user account management, and more.

Québec SMB Security Baseline 10 Controls You Can Do This Month

What Is a Cyber Threat 164.68 Million Records Exposed

Phishing 90% of Breaches Start Here

Watering Hole Attacks 1 Compromised Site Can Infect Many

Drive By Downloads 60% Exploit Unpatched Systems

Malware Ransomware Costs SMBs 1.85M on Average

Why SMBs Need Cybersecurity 50% Close After an Attack

10 Security Controls Do Them in 30 Days

Prioritize Fast 4 Weeks 10 Controls

Who Does What 3 Roles to Assign

Final Word 86% of Breaches Are Financially Motivated

Check the strength of your cybersecurity. Get Your Cybersecurity Score.

Do you have an incident response plan in place?

Have your employees been trained in cybersecurity awareness?

Do you use multi-factor authentication for all critical systems and applications?

Are all systems, applications, and devices regularly patched and updated?

Do you perform regular backups and test them for data integrity and recoverability?

Completed!

Your Cybersecurity Score:

Your IT network is at risk. Contact us for cybersecurity protection now.

Server Management

AET’s server management services cover server setup and configuration, security hardening, software installation and upgrades, backup and disaster recovery, performance optimization, and proactive maintenance.

Workstation Management

AET’s workstation management services include software installation and upgrades, security patching, EDR monitoring and management, malware protection, data backup and recovery, performance optimization, and user support.

Endpoint Detection and Response

Get protection against advanced threats, including malware, ransomware, and other sophisticated attacks with our Endpoint Detection and Response (EDR) services.

Cloud Management

As experts in managing various Microsoft 365 and Google environments, our team offers a wide range of services, including user and license management, email management, security and compliance, data migration, and application integration.

Backup & Recovery

Protect all your business-critical data and make sure you can recover quickly and easily from any data loss event. AET’s backup and recovery services include on-premises and cloud-based backup solutions, data replication, backup testing and validation, data archiving, and more.

Cybersecurity Implementation

Cybersecurity Management

Cybersecurity is an ongoing process, not a one-time event. Our cybersecurity management services provide continuing support and maintenance to ensure your security systems remain effective and up to date.

DNS Filtering

DNS filtering helps protect you against cyber threats while improving your company’s productivity. By effectively blocking access to harmful or inappropriate websites, it reduces the risk of malware infections, and enhances network performance.

Spam Filtering

Protect your company against unwanted emails and improve productivity at the same time. Spam emails can contain harmful links or attachments, wasting valuable time and potentially putting your company at risk of cyber threats.

Security Awareness Training

Password Management

Poor password management policies can expose your business to significant cyber risk. AET’s password management services lessen that risk by providing a centralized platform to manage passwords and enforce strong password policies.

Other

Build a comprehensive and customized security strategy. Work with AET’s cybersecurity experts to identify the most relevant services for your company.

Incident Management

We offer a variety of incident response services, including proactive threat hunting, threat intelligence analysis, incident investigation and post-incident remediation, all designed to meet your needs, help your company maintain its reputation and avoid costly data breaches.

Hosting Services

Whether you’re using the private cloud or the public cloud, AET has the expertise to help with your hosting needs. From designing, implementing, and testing a private cloud solution, to launching public cloud services, such as Azure or AWS, we can help guide you towards the best solution.

Service Requests

Count on AET’s quick and reliable response to your service requests. We offer various service request management services, including hardware and software installations, system upgrades, user account management, and more.

Québec SMB Security Baseline 10 Controls You Can Do This Month

What Is a Cyber Threat 164.68 Million Records Exposed

Phishing 90% of Breaches Start Here

Watering Hole Attacks 1 Compromised Site Can Infect Many

Drive By Downloads 60% Exploit Unpatched Systems

Malware Ransomware Costs SMBs 1.85M on Average

Why SMBs Need Cybersecurity 50% Close After an Attack

10 Security Controls Do Them in 30 Days

Prioritize Fast 4 Weeks 10 Controls

Who Does What 3 Roles to Assign

Final Word 86% of Breaches Are Financially Motivated

Check the strength of your cybersecurity.
Get Your Cybersecurity Score.

Do you have an incident response
plan in place?

Have your employees been trained
in cybersecurity awareness?

Do you use multi-factor
authentication for all critical
systems and applications?

Are all systems, applications,
and devices regularly patched
and updated?

Do you perform regular backups
and test them for data integrity
and recoverability?

Your IT network is at risk.
Contact us for cybersecurity protection now.