Liam Smith
28th January is Data Protection Day, a reminder to review and reinforce on how we collect, use, and protect personal and company data. For businesses, it’s a timely reminder that data protection isn’t just about policies, technology, or compliance frameworks - it’s also about everyday behaviour.
Most data incidents don’t start with a sophisticated cyberattack. They start with something small and human: a reused password, a click on a phishing email, or a laptop left unlocked in a public place.
For that reason, a few simple good habits can dramatically reduce risk.
Below is a set of tips you can share directly with employees to help them safeguard both personal and company data; whether they’re in the office, at home, or on the move.
You’re welcome to copy and paste the section below into an all-company email or intranet post.
Protecting data isn’t just an IT responsibility, it’s something we all play a part in, every day. The information we work with can include customer details, internal documents, and sometimes your own personal data. If it falls into the wrong hands, it can cause real harm to individuals and the business.
The steps below can help you build good habits that help keep everyone safe.
Create strong, unique passwords: Use a mix of upper- and lower-case letters, numbers, and symbols. A good approach is a passphrase - three or four random words with numbers and/or symbols (for example: Purpl3_Tr0mb0ne7!).
Don’t reuse passwords: Never use your work password for personal accounts, and don’t reuse the same password across different work systems.
Use Multi-Factor Authentication (MFA): MFA is one of the most effective ways to stop attackers using stolen passwords. You’ll find it’s mandatory on company systems, and it’s strongly recommended for your personal accounts too.
Use a password manager: Store passwords securely using the company-approved password manager. If you’re unsure what to use, speak to the IT team - they’re there to help.
Lock your screen when you step away: Even for a minute.
Windows: Windows key + L
Mac: Control + Command + Q
Follow a clean desk policy: Don’t leave paperwork, notebooks, or sticky notes with sensitive information visible. Lock them away when not in use.
Secure mobile devices: Company laptops and phones should always be encrypted and protected with a PIN, password, or biometric security (fingerprint or face ID).
Be aware in public spaces: If you’re working in a café, airport, or on public transport:
Be mindful of people looking over your shoulder
Use a privacy screen if available
Avoid discussing confidential information out loud
Slow down and take a closer look: Phishing emails often create urgency. Check the actual sender’s email address, not just the display name. Watch for subtle misspellings (for example: support@companey.com).
Verify unexpected requests: If you receive an urgent request for money, passwords, or sensitive information - especially from a senior colleague - don’t reply directly. Verify it by calling them or using a different channel such as Teams chat.
Don’t click links or open attachments if you’re unsure: If something feels off, trust your instincts and don’t interact with the message.
Report suspicious emails immediately: Let the IT or security team know as soon as possible so they can protect others.
Access data on a ‘need to know’ basis: Only access or share information required for your role. This helps limit the impact if something goes wrong.
Double-check before you send: Take a moment to confirm recipients before sending emails - especially when using “Reply All” or large distribution lists.
Encrypt sensitive files: Use approved encryption methods or secure file-sharing tools. Never send passwords in the same message as the file.
Work securely when remote: Always use the approved VPN to access company systems, and avoid working over public, unsecured Wi-Fi where possible.
If in doubt, report it: Clicked a suspicious link? Lost a device? Think something isn’t right? Report it immediately.
There’s no penalty for honest mistakes: Early reporting helps contain issues and protect everyone. Staying silent causes far more damage than speaking up.
We hope you find this useful.
Data Protection Day is a reminder that compliance, resilience, and trust are closely linked. Regulators, customers, and partners increasingly expect organisations to demonstrate not just technical controls, but a strong culture of data responsibility.
Clear guidance, regular reminders, and simple, practical advice empower employees to do the right thing, and reduce the likelihood of incidents that lead to downtime, reputational damage, or regulatory action.
If you’d like to discuss cyberawareness training or other data protection initiatives, please get in touch with the TIEVA team. We’d be happy to help.
