Websites That Work for Your Business

Custom Designed with Eco-Friendly Hosting and Easy-to-Use Management Tools. Call or Email Us to Get Started.

Get Started

Are you Ready to Elevate Your Online Presence?

Let’s create a website, brand, or hosting solution that works for you. Call or Email Us Now – Your Vision Starts Here!

Email Now

Call Now

Our Cybersecurity Commitment (Without the Heavy Price Tag)

At Manitoulin Media, we take cybersecurity seriously — even without holding costly formal certifications.

Instead, we follow the 13 baseline CyberSecure Canada controls to protect our clients’ data and systems. These include strong password policies, secure backups, software updates, and encryption best practices.

We also offer the following to support transparency and trust:

A documented Security Practices Overview available upon request
Plain English documentation of our internal security procedures
Willingness to sign mutual NDAs to safeguard client confidentiality
Completion of self-assessment questionnaires if your organization requires them

This practical approach gives you 90% of the protection and peace of mind — without the unnecessary cost of formal certification — and is more than enough for most businesses unless official certificates are required.

Cybersecurity Policies & Practices

At Manitoulin Media, protecting your digital assets is a top priority. We follow industry best practices to secure every website, platform, and service we manage. Whether you're a small business, nonprofit, or creative professional, you can trust that your data and online presence are built on a secure foundation. Below is a summary of our key cybersecurity policies and procedures, designed to minimize risk, ensure compliance, and give you peace of mind.

Incident Response Policy

Immediately isolate affected systems
Notify impacted clients within 24 hours
Investigate the root cause and document the incident
Restore services from secure backups
Implement necessary patches and prevention measures

Backup & Data Recovery Policy

Daily encrypted backups of all active sites and projects
Weekly full backups stored securely in the cloud
Monthly local backups to encrypted external drives
Regular restore tests to ensure data reliability
Backups retained for a minimum of 90 days

Password Management Policy

Credentials stored in a secure password manager
Strong, unique passwords (minimum 16 characters)
Two-Factor Authentication (2FA) enabled where available
No sharing of credentials through insecure channels

Website Security Policy

HTTPS with HSTS enabled on all websites
Secure headers (CSP, X-Frame, Referrer-Policy, etc.) implemented
CMS and plugins updated regularly
Periodic vulnerability scans performed
Static HTML conversions offered for zero attack surface

Data Handling Policy

No storage or processing of sensitive data (e.g., credit cards, SINs)
Files stored in encrypted cloud platforms
Access restricted to the owner only
Client data deleted upon project completion or request

Device & Remote Work Policy

Full-disk encryption and password protection on all devices
Prompt updates and security patches
VPN required when using public Wi-Fi
No storage of client data on unencrypted portable devices

Security Patching Policy

Automatic updates enabled wherever possible
Weekly manual updates for CMS/plugins
Emergency patches applied immediately when needed

Third-Party Services & Outsourcing Policy

Only reputable vendors (e.g., GreenGeeks, Google Workspace) are used
Vendor privacy and security policies are reviewed
Access protected by 2FA and minimal permissions
No subcontractor access to sensitive data

Cybersecurity Spending Policy

15–20% of IT spending allocated to cybersecurity
Spending adjusted based on threat level or client requirements
Includes hosting, firewalls, scanning tools, backups, and more
All decisions managed directly by the owner

Access Control Policy

Access granted only to authorized individuals
Admin logins secured with strong passwords and 2FA
Accounts reviewed and revoked as necessary
No shared logins for client access

Authentication Policy

Strong passwords and 2FA used for all systems
Default usernames disabled or changed
Authentication practices reviewed regularly

Automated Security Testing Policy

Regular use of security header and vulnerability scan tools
Documented issues are resolved promptly
Option to convert dynamic sites to static HTML for hardening

Vulnerability Remediation Policy

Vulnerabilities logged and prioritized
High-risk issues addressed immediately
Client updates provided during active remediation

Perimeter Defense Policy

Firewalls and malware scanning enabled on hosting environments
Obfuscation of admin URLs where possible
Brute-force and IP filtering in place

Segregation & Environment Policy

Client data is stored separately
Staging and production environments are isolated
No live testing without explicit client consent

Cybersecurity Policies & Procedures – Client Training

Issued by Manitoulin Media

🔍 Purpose

This brief training outlines how to work securely with your website, digital files, and online accounts. It ensures both Manitoulin Media and your organization follow best practices to reduce the risk of cyber threats, data loss, or downtime.

🔐 1. Passwords & Login Credentials

Never share passwords by email or text. Use a secure method like Bitwarden Send or LastPass Notes.
Use strong passwords (minimum 12 characters, with numbers and symbols).
Change passwords regularly, especially if staff or roles change.
Enable Two-Factor Authentication (2FA) on all key services (email, web hosting, admin logins).

🌐 2. Website Access & Content Management

Only authorized team members should have access to your website's admin panel.
Avoid using the default "admin" username.
Always log out of your website after making changes.
Keep your content updates within your designated areas – avoid altering structural settings unless trained to do so.
Do not install plugins, scripts, or third-party tools without consulting Manitoulin Media.

☁️ 3. Data Handling & Storage

Do not email sensitive information (e.g., SINs, banking details).
Store business files in a secure, encrypted cloud platform (like Google Workspace, Dropbox Business, or OneDrive).
Client data (e.g., forms) should be reviewed and deleted regularly if not needed.
If you collect personal information from your users (e.g., via forms), ensure your privacy policy reflects that.

💻 4. Device Security & Remote Work

Keep your devices (phones, tablets, laptops) updated and secured with passwords or biometrics.
Use antivirus and anti-malware tools on all devices.
Never work on public Wi-Fi without a VPN.
Report any lost or stolen device used for work immediately.

⚙️ 5. System Updates & Patching

If your site is managed by Manitoulin Media, we will:

Perform routine security updates on CMS and plugins.
Monitor for vulnerabilities and apply emergency patches.
Recommend converting your site to static HTML if enhanced security is required.

🧯 6. Incident Response (What to Do If Something Goes Wrong)

If you notice any of the following, contact us immediately at manitoulinmedia@gmail.com or 905-746-5390:

Unexpected logouts or login attempts
Broken site pages or missing content
A message on your site saying it’s been hacked
Suspicious emails pretending to be your domain
Loss of access to email, hosting, or social accounts

✅ 7. Annual Review & Training

We recommend reviewing this document with new staff or collaborators.
Annual security reviews are encouraged – reach out to schedule one with us.
Manitoulin Media offers training or check-in calls to help keep your team informed and secure.

Questions or Concerns?

We're here to help.

Contact:

📧 manitoulinmedia@gmail.com

📞 905-746-5390

🌐 https://manitoulinmedia.ca

Got a Question?

We would love to hear from you! We've helped tons of business succeed and look good doing it. We can set you up with a website that's so fast and easy to update, you will finally be able to take charge of your online presence, your website and your content on all sizes of screens.