So, to help us get into the right frame of mind, and to stop dwelling on how dumb we all are, let’s consider a couple simple but positive steps we can take—starting right now—to prevent the same problems from cropping up time after time.

1.) Study and learn.

Do you give your techies and software developers the time to learn security lessons? Training is a good starting point, but it has to go beyond that. They also have to learn. (It’s the difference between transmitting and receiving.)

If you work with web technologies, start by getting them each a copy of OWASP’s free WebGoat and WebScarab tools, and have every one of them work through every single exercise in WebGoat. In the training I do, I’ve found no more effective learning tool than this excellent piece of free software from OWASP. Do it. No excuses.

2. Use checklists.

Here’s the son of a pilot part of me showing up, I suppose, but checklists are vital. For all the repeated, mundane tasks you do—perhaps producing USB sticks for conference attendees, or putting together software you’re selling to your customers—come up with a simple checklist and follow it.

Make sure you’re following a 2-person rule in following the checklist: one person checks and the other person verifies and marks each step completed.

Sounds tedious, doesn’t it? Well, I can assure you infecting your customers—or conference attendees—with malware or some other nasty is anything but tedious, at least for the first 24 or 48 hours. After that, it might become tedious when your customers go to your competitors.

So, if it’s excitement you crave, don’t bother with checklists. Don’t bother learning from history. None of this stuff is for you. It is mundane. It can be downright boring.

But next time you’re reading about your company and your former customers on CNN, perhaps you’ll start to yearn for the tedium. At the very least, I’m willing to bet your customers will prefer it.