The steps to a healthy lifestyle are pretty simple, but what makes it difficult is that it requires consistency and repetitive, repetitive, repetitive habits. Too often, people look for a quick fix with a new diet or purchase some fancy gym equipment, only to eventually be put aside. It’s not that different from what we see in the cybersecurity space; most organizations have a cybersecurity hygiene problem and are always looking for a new methodology, technology, or vendor claiming to solve the problem with artificial intelligence, machine learning, etc.

I’m a middle-aged man with three young kids, and trying to stay healthy can be challenging. I read the article https://www.healthline.com/health/mens-health#doctor, which provides some essential health tips for me to “stay alive.” The health recommendations in the article don’t require a significant investment of technology or the latest and greatest gizmos; it requires focusing on the basics every day repetitively and consistently.

Let’s take the health article and relate it to cybersecurity. We’ll use the National Institute of Standards and Technology (NIST) cybersecurity framework as well as the Center for Internet Security (CIS) critical security controls (CSC). These can be related to NIST 800–53 controls, but for simplicity’s sake, CIS CSC is more streamlined and is typically associated with best practices for an organizational cybersecurity hygiene baseline.

You might need to stretch your imagination.

Here are three takeaways to consider as we move into 2022 to improve a cybersecurity program and emphasize cybersecurity hygiene.

1. Start simple and small. Identify only three cybersecurity hygiene activities you would like the organization to tackle in the first six months that require no new technology purchases and would positively impact the organization.
2. Put a plan in place. Review the three identified cybersecurity hygiene activities, discuss and brainstorm with your team, and make a detailed project plan with milestones.
3. Make yourself and your team accountable. Present the plan to executives and leaders in our organization and task your program and project leads appropriately. Identify metrics or areas of measurements to identify progress.

After the first six months:

1. Take stock of the success or failure of your cybersecurity hygiene initiative. The goal will be to incorporate the activities in daily tasks and tackle another three cybersecurity hygiene activities over the next six months.
2. Remember, sound habits can help simplify our day-to-day tasks, becoming almost automatic.
3. Figure out how to work with your team and support them in forming good practices in terms of cybersecurity hygiene.