Public sector & MUSH security
Municipalities, universities, schools, and hospitals — the MUSH sector — are among the most-attacked organizations in Canada, defending essential services and sensitive data on public budgets. This guide covers why, and what to do about it.
There's a reason ransomware keeps hitting city halls, school boards, and hospitals: they hold large troves of personal data, they can't tolerate downtime on essential services, and they typically run on leaner teams and older technology than the private sector. Surveyed Canadian MUSH organizations bear this out — the vast majority store personal information, and roughly one in five has already suffered a successful ransomware attack.
These articles cover how public-sector organizations get targeted, the privacy and reporting obligations that turn an incident into a public, reportable event, and the controls that fit a public budget — sector by sector, from municipalities and school boards to universities and the nonprofits that work alongside them.
5 articles
Why Canada's Public Sector Is a Top Ransomware Target — and What MUSH Organizations Can Do
Municipalities, universities, schools, and hospitals are among Canada's most-attacked organizations. Why the MUSH sector is targeted, and how under-resourced public bodies can defend essential services.
Read articleCybersecurity for Canadian Municipalities: Defending Essential Services on a Public Budget
Why Canadian municipalities are targeted, the risk to essential services and resident data, and the security controls that fit a public budget.
Read articleCybersecurity for Canadian School Boards: Protecting Student Data on a K-12 Budget
Why Canadian school boards are ransomware targets, the student and staff data at stake, the privacy obligations that apply, and the controls that fit a K-12 budget.
Read articleCybersecurity for Canadian Universities and Colleges: Open Networks, Valuable Research, Real Targets
Universities and colleges combine open networks, valuable research, and huge user populations — a hard environment to defend. Why higher ed is targeted and how to reduce the risk.
Read articleCybersecurity on a Nonprofit Budget: Where to Start
Cybersecurity for nonprofits on a tight budget — the highest-impact, lowest-cost steps to protect donor data and your organization's mission.
Read articleWant this handled for you?
Our Managed Detection & Response service puts everything in this guide into practice for Canadian organizations — fully managed.
Explore Managed Detection & Response →Other guides
Ransomware & incident response
Ransomware is still the attack most likely to take a Canadian business offline. This guide covers how these attacks unfold and how to be ready before one lands.
Read the guide →Compliance, risk & cyber insurance
Canadian privacy law, security frameworks, and insurer requirements all pull in the same direction: prove you take security seriously. This guide maps what applies to you.
Read the guide →Choosing & working with an MSSP
The managed security market is full of overlapping acronyms. This guide cuts through them so you can tell what you actually need and what you are buying.
Read the guide →Phishing, scams & account security
Most breaches start with a person, not a firewall. This guide covers the scams aimed at your staff and the controls that stop a stolen password from becoming a breach.
Read the guide →Small business security foundations
If you are not sure where to begin, start here. This guide covers the foundations that give a small Canadian business the most protection for the least effort.
Read the guide →Vulnerability & remediation management
Scanning finds the weaknesses; someone still has to fix them. This guide is about the gap in between — and how to actually close the vulnerabilities attackers exploit.
Read the guide →