Digital Hygiene & Security Hygiene Programme

1. Risk & hygiene baseline

We begin with a gentle, structured look at how you actually operate:

• How you and any team members log in to tools day-to-day.
• Where work happens – home office, co-working, travel, client premises.
• Which devices and accounts are part of your working world.
• How you currently treat documents, client materials and internal information.
• Any past incidents or near-misses that still sit in your mind.

This is not a technical audit. It is a conversation-led baseline, aimed at:

• Identifying comforts – things you already do well and want to keep.
• Surfacing worries – specific points that feel uncomfortable, even if nothing bad has happened.
• Highlighting habits – both helpful and unhelpful – that define your current hygiene.

From there, we define what "good enough" hygiene looks like for your size, type of work and appetite for structure.

2. Identity & access hygiene

Next, we consider who has access to what across your digital environment.

We map:

• Core accounts for you and any collaborators (email, productivity suite, cloud storage, project tools).
• Shared spaces (shared drives, shared inboxes, shared boards).
• Situations where partners, freelancers or household members have any access to work tools or devices.

Then we shape simple, non-heavyweight identity & access patterns, such as:

• Who is expected to have direct access to which tools.
• How shared access should be set up in a way that can be understood and adjusted later.
• What you consider reasonable boundaries for family or housemates around work devices and accounts.
• How you want to treat access when someone joins you, changes role, or steps away.

We express this in plain language, as part of your hygiene programme, not as a technical diagram:

• "These are our core accounts."
• "These are the shared spaces and who uses them."
• "When someone new joins, this is the shape of access we aim for."

You keep control of which tools you use and how you configure them. The hygiene programme describes what you are trying to achieve behaviourally.

3. Password, credential & sign-in hygiene

You do not need a full security department to improve how logins are handled.

We focus on:

• Where passwords and credentials currently live (memory, notebooks, browsers, tools).
• Patterns you already use that are sensible and worth keeping.
• Areas where small changes would greatly reduce reliance on memory or scattered notes.

We then design a realistic credential hygiene pattern for you, including:

• What "good enough" looks like for creating and storing credentials, without going into technical detail.
• Simple rules about not re-using the same details everywhere, expressed in human terms.
• How you will handle sign-ins for shared tools – who will hold what, and how it is shared safely when needed.
• A short set of refresh moments – times in the year when you will revisit critical access points.

All of this is written as everyday behaviour guidance, not as a technical policy. You decide:

• Which password tools you prefer (if any).
• Which providers you discuss sign-in options with.

Our focus is to give you a clear hygiene pattern, so you are not improvising from scratch each time you create or share access.

4. Device & endpoint hygiene

Here we draw directly on your Device & Endpoint Strategy (Non-Managed) and turn it into daily device hygiene.

We take your existing view of:

• Primary work devices
• Secondary or occasional devices
• Shared household devices
• "Edge" access (rare or unusual situations)

…and design practical habits around:

• How you expect work devices to be used in shared spaces at home or in co-working environments.
• How you want to behave around screens, calls and screen-sharing when other people are present.
• How you want to handle short breaks, leaving devices unattended or moving between rooms.
• How printers, scanners and similar equipment fit into your hygiene practices (e.g. not leaving work materials sitting in shared trays).

We also add small device hygiene rituals:

• A simple check that core work devices feel up-to-date and usable, without going into technical detail.
• Occasional "device review" moments: which devices are still in regular use, which should be considered for retirement or change of role.

Again, all of this remains in non-managed territory:

• We do not touch your devices.
• We do not install anything.
• We help you decide what kind of device behaviour matches the level of care you want to show to clients and your own work.

5. Data, backup & retention hygiene

Digital hygiene is also about what you keep, where you keep it, and for how long.

We explore:

• Where your important materials live: client deliverables, internal templates, financial records, notes, recordings.
• Which parts of that need to be easily reachable, and which can live more quietly in the background.
• Any legal, contractual or platform expectations you need to keep in mind around keeping or deleting records.

From there we design a data hygiene pattern, including:

• A simple view of what must be kept, what is useful to keep, and what can be cleared out.
• A calm approach to backups for your size – we will not over-engineer, but we will avoid "if this laptop fails we have nothing".
• Light-touch guidance on where different types of material should live in your digital workspace, so they can be found when needed.
• A small number of review points in the year where you look at old material and decide what to archive or let go of.

We keep this grounded in organisation and rhythm, not in technical settings: the hygiene programme explains what you are trying to do with data, and you then work with your preferred tools or providers to make that real.

6. Communication & behaviour hygiene

Much of digital hygiene comes down to how people behave in the moment, especially in:

• Email
• Messaging and chat
• Calls and online meetings
• Shared documents and links

We design clear, non-dramatic behaviour guidance, such as:

• How you want to treat unexpected messages or links that relate to work.
• What you do if something "feels off", even if you are not sure why.
• How you expect people to share documents and links inside the team.
• When you will pause and check before responding or clicking.

We plug this into your Team Ways-of-Working & Collaboration Framework, so it becomes part of:

• How you write messages
• How you run meetings
• How you store links and references

The aim is not to make everyone suspicious. It is to make small, conscious pauses and checks a normal part of how you operate.

7. Simple "if X then Y" hygiene playcards

Finally, we create a small set of plain-language playcards for common situations that can feel stressful, for example:

• "I think I clicked on something I shouldn't have."
• "A device we use for work is missing."
• "I have just seen an unusual sign-in or account notification that worries me."
• "I've realised we shared more access than we meant to with someone who has now left."

For each, we outline:

• What you do immediately in a calm, non-technical way.
• What you should not do in a panic.
• What to note down, so you can describe the situation clearly if you choose to speak with a technical provider.
• What you may wish to review afterwards, once the immediate stress has passed.

These are not emergency-service scripts or technical incident runbooks. They are short, human prompts that help you respond proportionately, and then seek help if you judge it appropriate.