Why you need to do less if you want better security

The role of security is to protect what matters most to the business. Instead of getting overwhelmed, the key to providing better security is to do less. Here’s how to make it happen.

Ever find yourself on a phone call or in a meeting where you realize people are speaking, but you don’t actually know what they’re talking about?  

In this case, it’s not them, it’s you.

Drifting through the conversation, you realize you’re lost. Worse, this realization usually happens right about the time someone asks, “is that right?”

Or maybe it’s a hallway conversation that results in more, not less, confusion. When you stumble back to your desk, you notice you feel drained. Not just physically, but emotionally. The distraction sets in, giving way to sharing pictures of animals on social media and drinking coffee like it’s going out of style.

How can we get it all done? What about burning out?

The real risk we face is that constantly taxing our bodies and our minds reduces our ability to make decisions and exercise self control. As explained here:

“There is a double standard between how we manage physical exhaustion and “cognitive overload.” It is obvious when we’re physically tired. It’s impossible to “see” mental exhaustion and managers tend to unknowingly allocate tasks in a way that undermines performance; they “manage hours, not bandwidth.”

Improving security -- and preserving our physical and mental health - requires a change. The answer is a bit surprising: you can improve security and do more by simply doing less.

What is the job of security, really?

We spend a lot of time focusing on the technical aspects of security. Often to the detriment of developing the skills we need for success. Our job isn’t to ‘secure all the things.’ We’re not there for the protection of others - and especially not from themselves. This perspective is unachievable. It sets unrealistic expectations and diminishes our standing in the organization.

The role of a CISO is to align security with the business. That means understanding the business -- sometimes better than the business does -- and making choices about where and how to deploy resources across prevention, detection, and response. Ultimately, our efforts must protect what is most important to the business.

3 steps to make the transition

Whether you take a break or not, your colleagues probably do. In enough numbers to give you a chance to break your old routine. That creates an opportunity to test out changes to increase your effectiveness. To prove to yourself that doing less with more focus really is the pathway to better security.

Here are three ways - with links to what others have to say -- to get started:

  • Change the start of your day: instead of starting out with email and the urgent needs of others, engage on what matters most to you. Schedule and complete the most mentally demanding tasks first. Read more here

  • Schedule a 15-minute break before you burn out: briefly recapture mental focus while recharging goals. Check this link for more benefits on scheduling and taking breaks. 

  • Above all else, avoid the interruptions: despite the myth that we can multitask while handling interruptions, the reality is single-tasking is better. That means schedule work and avoid interruptions -- including useless meetings -- whenever possible. Read more here.

Make this a summer of change

For many, summer provides an opportunity to take a break. Maybe an overdue vacation or some long weekends. When it comes to physical exhaustion, we’re quick to tell people to slow down. We know to focus on diet, get some sleep, or the like. To help, we take vacations, indulge in ‘summer hours’, and take in picnics over long weekends.

Yet we remain attached to our electronic devices and drive the mental fatigue to the brink.

And then we keep going. Instead of feeling refreshed and ready to go, we’re even more exhausted than before. Cue the jokes about Monday, except when real, they aren’t nearly as funny.

This summer choose a difference approach.

Step away and master the small talk. Use the time to recharge physically and refresh mentally. Clear your perspective and make the changes for a more successful year (and career).

Copyright © 2014 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline