Basic Cybersecurity Hygiene: How to Manage With Limited Resources

Basic Cybersecurity Hygiene: How to Manage With Limited Resources

Businesses of all sizes across all industries are familiar with the challenges of balancing finite resources to accomplish their goals. And this is even more of a challenge in the post-pandemic world with ongoing labor issues, supply chain woes, and inflation.

With a shortage of supplies, employees, money, and time, there’s one question we as employers can’t forget to ask ourselves: What does this mean for cybersecurity? Cybercriminals are only becoming more sophisticated, and businesses need to protect against the latest cyber threats. With a multitude of threats, where do we even begin?

The good news is that there are several basic steps organizations like yours can take to promote effective cybersecurity without immediately resorting to expensive tools and monitoring services. While these resources are an invaluable part of the cybersecurity arsenal and are critical to many organizations, focusing on the baseline “good hygiene” practices is essential to protecting an organization, its data, and its customers.

Three key tips to focus on:

  1. Education. Employees in all roles need to receive ongoing awareness and training to recognize symptoms of social engineering and understand the importance of cybersecurity. Awareness campaigns should include executives, particularly those in highly visible positions that are attractive targets for cybercriminals. The US Federal Government offers a trove of information to promote effective cybersecurity practices. An excellent starting point for free resources and educational materials is
  2. Good password practices. This simple concept makes a tremendous impact on your organization’s safety and security. Passwords are the keys to a company’s kingdom, and they need to be protected at all costs. CISA offers suggestions for good password practices, which evolve over time as cybercriminals advance their capabilities.
  3. Hardware, software, and data inventory. Identifying what the organization has is the foundation to understanding what it needs to protect. This does not have to be overwhelmingly complicated, although there are tools available in the market to assist you. A good inventory is critical to ensure hardware and software remains up to date with the latest versions and patches. Once your baseline inventory is set, additional decisions can be made about what protections or controls should be considered to safeguard the the most sensitive data cybercriminals could potentially target.

Building on these three areas, check out the Center for Internet Security’s Top 18 Controls. It’s a listing available for free on

The list expands on the tips above and is a helpful framework for getting your basic cybersecurity hygiene in order. Moving beyond baseline protections, the Verizon Data Breach Investigation Report is an excellent tool to provide information on specific cyberthreat types and their prevalence. Published annually and available for free, this report releases statistics about different types of threats depending on your organization type.

It’s easy to get overwhelmed by cybersecurity, but there is so much information out there from reputable sources that provide a workable starting point, even with limited resources. Don’t let resource constraints be an obstacle that prevents you from getting basic cybersecurity protections in place.