Higher education institutions are obligated to protect their critical data, IT assets, and infrastructures. State governed institutions develop policies and procedures based on state mandated guidelines. While policies and procedures are updated regularly, cyber hygiene is managed in a manner that is feasible financially and based on personnel resources. Savannah State University struggles with maintaining cyber hygiene given its need to manage state funding in a manner that supports operational and mandated costs, but also indirect costs like those that support cybersecurity. The Holistic Cybersecurity Maturity Assessment Framework (HCYMAF) was deployed in this study to examine cybersecurity maturity and hygiene at Savannah State University (SSU). Findings indicate that SSU is currently operating at Level 0 of the HCYMAF and needs to consider action proposed in this study to promote higher levels of cyber maturity. This research contributes to the extant literature on cyber hygiene and maturity in higher education.