Cybersecurity FundamentalsUpdated: 2026
Understand the basics to navigate safely in a connected world.
By the end of this module, you'll be able toโฆ
- Explain what cybersecurity is in simple terms
- Identify the four major families of cyber threats
- Understand why human error is the leading vulnerability
- Apply the fundamental rules of digital hygiene
- Know your role in protecting data
Welcome to the world of cybersecurity
Monday morning, 8:15 a.m. Martine, the administrative director of an SMB in Montreal, turns on her computer. An email tells her that her bank account has been blocked. She clicks the link to "unlock" her account โ and within seconds, her credentials are stolen. Yet Martine is a careful person. What happened?
Cybersecurity isn't just a matter for technicians. It's the practice of protecting systems, networks and data from unauthorized access, damage and attacks. It affects everyone who uses a connected device โ a phone, a computer, or even a smartwatch.
Like Martine, we all make digital decisions every day: opening an email, downloading a file, connecting to Wi-Fi. Each of these actions carries a risk โ but also an opportunity to protect yourself with the right reflexes.
What is cybersecurity?
Cybersecurity rests on three fundamental pillars, often called the CIA triad:
- Confidentiality: only authorized people can access the information.
- Integrity: data isn't modified without authorization.
- Availability: systems work when you need them.
A cyberattack aims to break one or more of these pillars. Ransomware compromises availability and confidentiality. A fraudulent email compromises confidentiality. An unauthorized file modification compromises integrity.
โ Good practices
- Always ask yourself: could this action compromise the confidentiality, integrity or availability of my data?
- Report any anomaly immediately to your IT manager or provider.
Why it's everyone's business
A warehouse employee gets a text saying their delivery is on hold. They click the link to "pay the customs fee" and enter their credit card. He isn't an IT specialist โ but he's the one who just opened the door to fraud.
In Canada, one in five SMBs experienced a cyberattack in 2023 (per the Canadian Centre for Cyber Security). The average cost of an incident in Canada exceeds $200,000. But the consequences go beyond money: lost reputation, lost customer trust, stress on teams.
Attackers deliberately target individuals rather than systems, because it's easier. They know a well-crafted email can fool anyone โ even the CEO.
For an SMB: every employee is a potential entry point. A single bad decision โ clicking a malicious link โ can paralyze the entire business for days.
For parents: your kids use shared devices. Their habits (downloads, online games) can expose the whole family to risk.
For seniors: scammers particularly target retirees with phone and email scams impersonating official institutions (government, banks, tax agencies).
The major families of threats
There are hundreds of types of attacks, but they all belong to a few major families:
- Malware: any program designed to cause harm โ virus, trojan, ransomware, spyware. It installs itself without your knowledge and runs in the background.
- Phishing: an attempt to trick you via a fake email, text or phone call to steal your credentials or your money.
- Ransomware: a type of malware that encrypts your files and demands a ransom to unlock them. Hospitals, municipalities and SMBs are frequent targets.
- Social engineering: psychological manipulation to get you to disclose information or take compromising actions. No software needed โ just well-chosen words.
โ Good practices
- Be wary of any message that creates a sense of urgency.
- Never download files from unknown sources.
- Verify unusual requests, even if they seem to come from a colleague.
โ Common mistakes
- Believing antivirus software protects against everything.
- Thinking attacks only target big companies.
- Ignoring your browser's security warnings.
How attacks exploit human error
Pascal, an accountant at a construction company in Quebec City, receives an email from his "CEO" asking him to urgently wire $15,000 for a confidential acquisition. He transfers the funds without calling to verify. The CEO never sent that email.
According to IBM, 95% of cyber incidents involve human error. Attackers exploit our natural cognitive biases: trust in authority, fear of consequences, the desire to help, and above all โ haste.
The three most common mistakes are: clicking without checking the sender, reusing the same password everywhere, and ignoring security updates. Every one of these habits can be fixed with a little attention.
โ Good practices
- Take 10 seconds before clicking a link or downloading a file.
- Verify financial requests by phone, using a number you already know.
- Apply updates as soon as they're available.
โ Common mistakes
- Acting in haste in the face of an urgent message.
- Automatically trusting the identity shown in an email.
- Putting off security updates "for later."
Basic digital hygiene
Just as physical hygiene prevents illness, digital hygiene prevents infections. It rests on a few simple but effective habits:
- Unique, strong passwords for every account โ or better, a password manager.
- Two-factor authentication (2FA) enabled on all important accounts (email, banking, social media).
- Regular updates for your operating system, apps and antivirus.
- Frequent backups of important data, stored offline or in the cloud.
- Caution with links and attachments โ doubting before clicking is a healthy reflex.
For an SMB: set up a password policy, enable 2FA on all business accounts, and regularly test your backups.
For parents: create a limited user account for your kids, install antivirus on all family devices, and talk about online caution from a young age.
For seniors: enable automatic updates, use a simple password manager, and don't hesitate to ask a family member for help before acting on a suspicious message.
Your role in protecting data
Sylvie works at a medical clinic. One afternoon, she leaves her workstation unlocked to grab a coffee. Within five minutes, a visitor photographs patient files displayed on the screen. Patients' personal information is compromised.
You handle data all day long: customer contact info, financial information, health data, colleagues' personal data. In Canada, Quebec's Law 25 and the federal Bill C-27 impose strict obligations regarding the protection of personal information.
Your role is concrete: lock your screen when you step away, don't share your credentials, report any incident or suspected incident to your manager immediately. These simple actions protect the people whose data you're entrusted with.
โ Good practices
- Always lock your screen (Win + L, or Ctrl + Cmd + Q on Mac).
- Never share your credentials, even with a colleague.
- Report every incident, even minor ones โ better to over-report than under-report.
- Classify your data: public, internal, confidential.
โ Common mistakes
- Sharing credentials to "help out" a colleague.
- Working on sensitive data in a public place without a privacy screen.
- Not reporting an incident for fear of the consequences.
๐ฎ Demo โ Match the threat to its definition
Click a term, then click its definition to match them.
Terms
Definitions
Module quiz
Test what you've learned with 4 questions.
See also