This guide is intended as an introductory document for low-risk organizations interested in improving their cybersecurity practices, specifically nonprofits and public interest organizations at low risk of targeted cyberattacks. By "targeted cyberattacks," this guide refers to attacks on systems that seek to disrupt or surveil a specific organization or individual (as opposed to attacks meant to compromise as many devices or accounts as possible). This document provides guidance to improve the resilience of low-risk organizations (LROs) to common cyberattacks, and a framework for LROs to develop a basic cybersecurity policy. It is worth noting that all organizations are at some risk of cybersecurity incidents. Though not all organizations are equally likely to be victimized by online attacks, there are basic steps that LROs can take to improve their resiliency and keep themselves at lower risk—even while recognizing the limits to their potential investments of time, people, and money.