📋 Policy & Behaviours

Most policies die the moment they hit someone’s inbox.
Why? Because people see them as red tape, not real life.

The trick is to connect policy to behaviour, not bureaucracy.

---

🧩 Keep it human

Every policy line should answer one question:

“What does this mean for me on Monday morning?”

If it doesn’t, rewrite it until it does.

---

🧠 Three rules for better policy

1. Plain English.
   Ditch words like “mitigate”, “framework”, and “leveraging”.
   Use examples, not acronyms.

2. Why before what.
   Tell people why a rule exists.

   “We use MFA so that one stolen password doesn’t equal full access.”

3. One-pager mentality.
   If you can’t fit the key messages on one page, it’s too long.

---

💬 Build it with your people

Policies built in a boardroom rarely work.
Ask the people who’ll live with them: - “What would make this easier to follow?”
- “What do you wish the policy actually said?”

You’ll get gold — and probably fix three other problems while you’re at it.

---

🤝 Behaviour beats documents

People remember what they see, not what they sign.

Show it through leadership: - Lock screens before walking away
- Use passphrases, not passwords
- Report suspicious stuff openly

That’s culture — not compliance.

---

🧠 The 80/20 of enforcement

Focus on the 80% who want to do the right thing but forget.
Automate or simplify wherever you can — reminders, templates, auto-locks.

Save the tough conversations for the repeat offenders.

---

🎥 Watch & Learn

(Video: How to write cyber policy people actually follow.)

---

Next up: Leadership Lessons