According to countless reports of risk assessments, vulnerability assessments, penetration tests, and disclosed incidents, organizations of all sizes and sectors are not doing well with basic cybersecurity. The reasons why (excuses) vary from entity to entity, but what shouldn’t be an excuse is cost. Cybersecurity doesn’t have to cost a lot of money. Granted, at some point you’ll want/need or have the budget for the next shiny thing, but that currently elusive shiny thing should not stop anyone from embracing a lot of the best practice guidance already out there – for no cost. WaterISAC’s own 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, the AWWA Cybersecurity Guidance & Tool, plethora of CISA and other authoritative guidance, and many credible and trustworthy security providers all espouse similar guidance or assistance. Most guidance does involve an investment in time (and someone with technology and/or cybersecurity experience is very helpful), but so many of the recommendations echo one another. Perhaps the basics aren’t trivial to implement, but they are foundational to a better cybersecurity posture. If you currently lack the in-house capability, don’t let that stop you! Contact WaterISAC, we’d be happy to talk to you about what you can do to cyber secure your utility. In the meantime, for more basic (foundational) guidance, check out this post at Claroty.