This document discusses improving cyber security practices for organizations. It finds that many organizations have lax security practices, like regularly sharing passwords and not changing them for years. The biggest risks are social engineering attacks that trick users. The document recommends adopting a security mindset through staff training. It provides tips for improving security of email, social media, laptops and phones. This includes enabling two-factor authentication, using password managers, encrypting devices, and implementing data retention policies. Regular security updates and training help staff maintain safe practices.