Skip to content

Cybersecurity Awareness and Accountability Are the Keys to Digital Protection

Greg Tomchick talks about cybersecurity awareness, accountability, and steps we need to take.

All businesses need cybersecurity. Attacks are happening fast and often, and if you’re not taking steps to reduce your risk, you’re leaving your business and your customers wide open to disaster. But it’s not just businesses that cybersecurity awareness protects. It also protects you and your family in your personal life. Whether you’re a business owner, a company decision-maker, or an ordinary internet user, you should know what you need to do to protect yourself in the digital world.


See Cybersecurity for Everyday People with Greg Tomchick for a complete transcript of the Easy Prey podcast episode.

Greg Tomchick came to cybersecurity through an unusual path. He grew up traveling around different military bases in the United States with his parents, who were both in the Navy. While attending Old Dominion University in Norfolk, Virginia, he started a software development company. At its height, that company was doing six figures. And he also played professional baseball for several years. Cybersecurity wasn’t on his radar until his software development company suffered a devastating cyberattack that eventually put it out of business. Five years later, he started Valor Cybersecurity, where he focuses on helping people improve their cybersecurity before something bad actually happens.

The Incident that Taught Greg Cybersecurity Awareness

Greg has always been entrepreneurial, and the company he founded developed websites and applications for clients. They were starting to expand their developer team across the world and operate 24/7. Somebody didn’t like this company expanding into their area and potentially taking some of their clients. And they decided to use underhanded methods to strike back.

A key component of websites and apps is the database, where information is stored and processed. This angry competitor executed an injection attack and got into Greg’s company’s database. They corrupted the entire database, and clients started to get bad material on their sites. Most of Greg’s clients were businesses that did a lot of appointment-setting. People started calling his clients and saying, “I was going to book but I saw some content on your website that isn’t appropriate.”

Greg was in spring training for major league baseball at the time. He returned to the locker room to a bunch of missed calls from his business partner saying they’d been hacked. That’s when he became aware of what cybersecurity was. He had to learn the hard way.

The business ended up paying about $75,000 to investigate the incident, deal with the damage, and fix what had been done to their clients’ websites. Eventually they decided it was better to hand their clients off to another company unless they could make sure something like this wouldn’t happen again, and the company folded.

Cybersecurity Mindset Influences Protection

Both of Greg’s parents were in the military, and that influenced what he did with Valor Cybersecurity. The military operates on a defense mindset. It isn’t paranoia, just situational awareness and watching for things that could be vulnerabilities. It can help stop problems before they arise.

Greg also played professional sports, and that influenced his mindset, as well. Sports emphasizes persistence and consistency. It also includes the concept that everyone has their own position where they’re responsible for different things. In baseball, the shortstop and the second baseman are different positions that do slightly different things, but they’re each responsible for their part of the field if something gets through. It’s similar with cybersecurity. If a person, tool, or tactic isn’t accountable and doesn’t do their job, a hacker could just walk right through.

Within cybersecurity, whether it’s a tool, a person, or some type of tactic, if it isn’t accountable and doesn’t serve its purpose, somebody can walk right through the front door.

Greg Tomchick

With Valor, Greg is trying to bring both of these mindsets together into what he calls a connected mindset. It’s not just about cybersecurity awareness, but about helping people be more consciously aware of how to navigate their life, both physically and digitally.

Cybersecurity Mindset in Companies

Greg noticed early in his work that it was a challenge to convince managers to provide resources to cybersecurity before problems happened. Digital things are so intangible that sometimes they don’t feel important. He tries to relay what it feels like when something bad happens so they can experience it without actually going through an attack.

One of the main things Valor does is help companies build budgets. Obviously, they want to be a part of that budget, but if not they want companies to have a plan to allocate money to security. Sometimes companies have attacks over and over but still didn’t have a budget to put towards preventing those attacks. Proactive prevention will keep you from being “low-hanging fruit” – the type of target hackers go after just because you’re an easy target.

The best coaches Greg ever had in baseball focused first on culture, then on mindset, then on skills. A lot of people today have it backwards. They want to focus on skills first, then culture, then mindset. You can have all the best skills, your company can have the most skilled people, but if your culture isn’t prioritizing cybersecurity, you’re still going to be low-hanging fruit. Skills are irrelevant if your mindset doesn’t include cybersecurity awareness and your culture doesn’t prioritize security.

Cybersecurity Awareness Culture

Greg has seen some great examples of cybersecurity awareness as a positive part of a culture. Some companies use it as a competitive advantage, because it really is. If your competitor gets hacked and you don’t, you can use that to encourage customers to work with you because you’re taking steps to protect their data.

Cybersecurity culture and mindset also extend outside the office. A company with a positive culture helps its employees life a safer, more certain life. By extension, this helps their children and continues on generationally. It can get to the point where kids can spot things that are off and protect their schools from cyberattacks. We should all be doing our due care and making sure this protection spreads through our communities.

All of the stuff that we do at work translates to our household and vice versa.

Greg Tomchick

One common negative culture is keeping cybersecurity behind closed doors. Everybody assumes it’s happening in the background until something happens. Then they realize that either there’s nothing there or it’s just a few people doing what they can with no resources. This is where the importance of cybersecurity awareness and culture comes in. Business people say security isn’t revenue-generating, but it’s been proven time and time again that it’s both revenue-generating and revenue-protecting.

You don’t know the benefit [of security] until something bad happens.

Greg Tomchick

Greg likes to represent it as a technical debt. Whenever you’re implementing technology and not implementing security, you’re going deeper into debt. It’s not monetary, and it won’t come due immediately. But when an attack happens, the whole debt is realized immediately. Some companies actually put technical debt as a line item now to track how much risk they have.

Culture versus Mindset

Some people get confused on the difference between culture and mindset. But culture is really just a collective mindset. With mindset, you think about the individual. Each individual has to bring a certain set of morals, values, and beliefs to the community. But once you get multiple people’s buy-in, the collection becomes culture.

Cybersecurity awareness becomes mindset, and mindset becomes culture.

Community can help take mindset further. It involves people with different perspectives. There’s people who can speak up if something starts to drift a little bit off where everyone is collectively trying to go. It helps everyone improve. But first, you need to have mindset individually. Then you can talk with the people you’re interacting with to create an overall improved culture.

Responding to Cybersecurity Incidents

When that first cybersecurity incident happened to Greg, he was in the area of Norfolk, Virginia. It had the biggest Navy base in the world, a lot of defense officers, and an FBI office, as well as a other resources like local police. When the incident first happened, Greg called a local defense contractor. They said all their people were busy and couldn’t help right now. The FBI and local police both said they had bigger fish to fry – they might be able to help, but it wouldn’t be any time soon.

Headlines, greater cybersecurity awareness, and more incident in the news have seen the industry evolve somewhat. There are now more doors open to call or report if something happened. There are even companies like Valor Cybersecurity that provide services to business owners dealing with incidents.

There are more options and resources now, but it still comes back to response planning. You need to know what to do when something happens, before something happens. Maybe that’s a detailed response and recovery plan. Maybe it’s a list of people you need to call and in what order. Or maybe you contract with a company like Valor, and your response plan is having their number easily available. But it’s essential to have a plan in advance. The last thing you want to do is be asking your friends for recommendations in the middle of an attack.

If you don’t have a response plan … it really does have a time impact that equals money.

Greg Tomchick

Cybersecurity Awareness and Accountability for Everyone

Cybersecurity awareness is an important mindset, but it isn’t enough. Most people are familiar with awareness. The cybersecurity awareness mindset pays attention to what could go wrong. Every time you bring in a new technology, it asks what the benefits are, and it also asks about the security implications. Awareness wants to know the risks.

The other part of a strong cybersecurity mindset is accountability. That’s a key part of the mindset that mot enough people have. It’s not enough to know what the risks are. A lot of awareness is about providing resources. Experts put out information about what’s going on and what people can put in place. But the accountability part is that once those things are out there, you have to actually do them.

Take accountability. I think that is such a key mindset that not enough people have.

Greg Tomchick

Experts like Greg are out there telling people what kind of risks exist and what steps you can take to mitigate them. But Greg won’t come to your house or business and secure your digital life for you. You have to take action – whether that’s using the resources to secure yourself or hiring someone like Greg. Like anything in life, if you don’t take accountability, you’re not going to be able to benefit from it. And you’ll probably eventually experience the costs of not doing it.

Learn more about these topics in Greg Tomchick’s upcoming book Cybersecurity for Everyday People, a digital survival guide for the modern age that releases soon. You can also listen to Greg’s podcast, Connected Mindset Live, every Friday at 9:00AM, where he talks to leaders about awareness, tech, mindset, and culture. Or you can connect with him on LinkedIn or on Instagram @greg_tomchick.

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking Basics: Learn How Networks Work
  • Online Privacy
  • Online Safety
Types of AI Models

Guide to Types of AI Models and How They Work

When you think of AI (Artificial Intelligence) models, you may automatically think of generative AI like OpenAI’s…

[Read More]
Andrew Costis talks about adversary emulation and why businesses should do it.

Adversary Emulation for Business Cybersecurity

Security risks are constantly changing. Projects start and end, employees leave and are hired, new tools replace…

[Read More]
Lockdown Mode for Apple Devices

Should You Use Apple’s Lockdown Mode? Here’s What you Need to Know Before You Decide

With the releases of macOS Ventura and iOS 16 in 2022, Apple rolled out a new feature…

[Read More]
Amitabh Sinha talks about how to protect against ransomware in your company.

Protect Against Ransomware by Planning for Ransomware

Ransomware is a huge cybersecurity threat, and it’s only growing. It’s especially a risk for businesses, but…

[Read More]
Private Internet Access

PIA: Private Internet ACCESS

The Private Internet ACCESS VPN will deliver the security, performance, and online access most users want. Behind...

[Read More]
What is spyware? It may be watching you right now...

Everything You Need to Know about Spyware, the Malware that Stalks Your Online Activity

Spyware may sound like something James Bond or another secret agent might use in the latest spy…

[Read More]