There are multiple security frameworks designed to help organizations adhere to a baseline cybersecurity posture. The NIST Cybersecurity Framework and ISO27001 are arguably the most extensive in use today. These frameworks are both highly technical in nature; for a small organization, each can be costly to implement and may require multiple full-time employees to maintain.
As an alternative to these frameworks, this guide represents a baseline level of controls and activities for businesses when employing a full-time security staff is not feasible. It is not meant to be comprehensive in nature and is not a replacement for a custom cybersecurity program, however it is a good starting point for any organization.