You have your plan. Great! Now all you need is to do it, and then bad things will never happen to you again. Done and done.
You’re still reading?
You think maybe there’s more to this security hokey-pokey than just a one-time weekend project?
Did you notice that I lied a little bit in the last article? I called each of those ideas “easy.” And they were easy - in a way. You didn’t have to buy any fancy gizmos or hire consultants or listen to self-centered sales “executives” snow you with buzzwords until you doubt your sanity.
But they are also hard. Each of those ideas depends on you changing the way you work. You already have strong habits, and changing them will be difficult. Sure, you can start checking your statements with the best of intentions, but in three months when the busy season hits and you’re barely keeping up? Those good intentions will be the first thing you drop.
And then, when the busy season is over, you’ll be on to other things: you have a new marketing idea, or training for your new CNC techs because they keep screwing up, or yelling at your cheapskate landlord because your roof leaked during a storm, or your second-best employee quit to join a commune, or, or, or…
Doing simple things well is hard. And in security, bad things usually don’t happen when you slack off. If the sandwich-makers at your Subway franchise don’t wash their hands, a customer will notice and report it. Then the health inspector will come by, give you a small fine, you yell at your employees a bit, they start washing their hands, and you’re ok.
In security, you don’t get many warnings. Badness doesn’t happen often, but when it does, you could lose your business in one night. No warnings means that it’s harder to force yourself to keep doing the things you know are good.
How can you make sure your good intentions stick?
You make them boring. Six Sigma people call this “standard work” and normal people call it a “habit”, but it’s the same thing: you focus on doing the thing well, and you figure out how to work it into your routine. You have only succeeded when you do it reliably and without thinking about it.
To hoity-toity philosophers and MBA teachers, Getting Stuff Done is one of the deepest and long-standing indicators of success. It’s what separates the Winners from The Rest of Us, and they have all written books about how to do it. You can go to inspirational lectures and hypnotherapy sessions. There are a million ideas; do whatever works best for you. I will mention two ideas that often work especially well in security:
Do it the same way every time
In security, consistency is especially important - you want to be able to quickly notice when something is off or weird. When you make the regular, boring parts of your life look the same, weirdness jumps out at you.
Being consistent also helps you get faster and spend less mental energy while doing it.
Write it down
The easiest way to be consistent and make something a habit is to write it down, then follow what you wrote down. It doesn’t have to be fancy - just write down the details you might get wrong. Checklists work great for remembering all the steps, and screenshots if you might forget where to click. If you ask someone else to do it, fill in the gaps - they will forget different parts than you will.
You may want to hire it out. If someone’s already doing your books, maybe they can also maintain the list of vendors you’ve approved for ACH, and process the payments. But beware: if you pay them to do a boring thing every week, they may be just as tempted as you to skip it.