cyber security Archives - ColoradoBiz Magazine

Entrepreneur of 2023 Finalist — Rob Eggebrecht

Eggebrecht, 52, “rode the telecom wave” with Qwest and Level 3 in the 1990s before moving into cybersecurity in the early 2000s. A startup, an exit and a consulting stint with Deloitte later, he co-founded Cloudrise in 2019.

The provider of data protection services has since raised $10 million in funding and grown to 55 employees. Eggebrecht forecasts revenue will hit $15 million in 2023.

One investor, the Greater Colorado Venture Fund, convinced Eggebrecht to move his family and the company to Grand Junction as part of the deal in late 2020. “When we first founded Cloudrise, it was going to be based in Denver,” Eggebrecht says. “Of all places, Cloudrise is headquartered in Grand Junction, and I’m really proud of that.”

An avid skier and mountain biker, Eggebrecht says he’s relished the move for access to the outdoors. He’s also gotten involved in community development as industry advisory council chairman for Colorado Mesa University’s cybersecurity and computer science programs.

He sees an opportunity to build a pipeline of talent, with students transitioning to cybersecurity careers via the internal Cloudrise University. “There’s a tremendous opportunity,” Eggebrecht says. “We can provide jobs here in the community that are high-paying and sticky, and if they want to go and expand beyond Grand Junction, we can provide them an avenue to go beyond that. It’s really cool. It’s fun.”

The plan is to expand Cloudrise to similar locations in the West. “In rural communities, we could have a revival with our own tech if we just stop looking outside of the borders,” Eggebrecht says. “Our business plan calls for expansion in rural communities.”

His advice to fellow entrepreneurs: “Plan for the future, operate day by day. A lot of entrepreneurs get way ahead of their skis. You can plan for the future, but every day I just wake up and figure out what I can do for that day.”

Denver-based writer Eric Peterson is the author of Frommer’s Colorado, Frommer’s Montana & Wyoming, Frommer’s Yellowstone & Grand Teton National Parks and the Ramble series of guidebooks, featuring first-person travelogues covering everything from atomic landmarks in New Mexico to celebrity gone wrong in Hollywood. Peterson has also recently written about backpacking in Yosemite, cross-country skiing in Yellowstone and downhill skiing in Colorado for such publications as Denver’s Westword and The New York Daily News. He can be reached at [email protected]

Protect Your Online Business: Minimizing Cybersecurity Risks in a Remote Environment

Cybersecurity risks can do significant damage to your business. Not only do they risk your own time, money and information, but they can also be harmful to your customers. The Marriott breach that made international headlines several years ago compromised the personal data of hundreds of millions of people.

Your remote business probably isn’t operating at quite such a large scale. Nevertheless, if you lose people’s private information, it will come at the cost of your clients, and your reputation. You don’t want that.

READ: How to Minimize Cybersecurity Risks and Balance Customer Friction for Your Online Business

The remote business problem

Remote businesses are not necessarily uniquely vulnerable to cyber threats save for one factor — they do not have a brick-and-mortar location, so every action you make takes place online. This gives you more vulnerability.

With no centralized location, you are subject to your team member’s decisions. The phrase “you’re only as good as your weakest link,” definitely applies here.

Hackers don’t need very much to get in. One mistake even from a low-ranking member of your team can be all that a bad actor needs to gain access to your entire system. Once they are in, it’s an enormous amount of trouble trying to get them out.

Denial of service attacks

Denial of service attacks aren’t as destructive as they are disruptive. Basically, DoS attacks flood your computer system with hundreds of thousands of fake requests. While your computer is overwhelmed, it can’t function the way it is supposed to.

Even a relatively simple denial of service attack can knock you out for several days. They also may require professional intervention. DoS mitigation companies can set you back hundreds of dollars, further increasing the damage done.

Phishing emails

Most people think that they are above phishing emails. You know that if an African prince writes you up asking for money, you’re better off politely declining their request. But what if Amazon writes in to tell you that your preferred payment method has been declined on your Audible account? Or if Microsoft writes to let you know that they are currently processing your subscription renewal payment for $1000?

These emails look like they came from brands you use and trust. The fonts and formats are the same. The email addresses look legitimate. But they are designed to trick you into handing out sensitive information.

In your right mind, you probably know that Microsoft doesn’t just charge people $1000 for no reason. However, when you get that message saying you’re on the hook for a huge bill, it naturally initiates a panic response. You don’t think clearly, and you make mistakes.

READ: Prioritizing Cybersecurity When Building Your Company Website

Ransomware

Ransomware attacks hold your computer or personal information hostage in exchange for money. These attacks usually target large businesses or even countries, but private individuals and small businesses have been known to experience them as well.

Of course, there’s no winning here. People who would break into your computer and demand money can’t be trusted to leave you alone once you pay them. It’s almost always better to repair or replace your system once it falls victim to ransomware.

Complacency

This may sound like an “only you can prevent forest fires,” type of line, but it’s true. Complacency is the biggest threat to cybersecurity for small businesses, and even for powerful organizations and countries. Almost all of the major breaches that you hear about in the news happen because someone got careless.

Well, ok. Not actually all of them, though. For example, I read about this thing that happened in Ireland a couple of years ago. You wouldn’t—

You must mean when Russian hackers broke into Ireland’s national health network? They locked the government out of their own computers for months and published hundreds of people’s personal data online as part of a cyber terrorism initiative.

Yeah. Terrible stuff. But you can’t blame complacency for something that big.

Oh no? It happened after a relatively minor-ranking government official opened the wrong email. We could go on and on naming specific examples, but you’ll find the same story playing out time after time. People let their guard down, and they forget to exercise their usual caution. It’s common, and it’s also catastrophic.

Don’t let that happen to you. Stay on top of your cybersecurity risks to help keep your business going strong. You don’t have to be a software engineer to make sensible cyber-security choices. A little common sense can go a long way toward protecting you and your customers.

Andrew Deen has been a consultant for startups in a number of industries from retail to medical devices and everything in between. He implements lean methodology and is currently writing a book about scaling up business.

The FTC Safeguards Rule — Why Your Business Needs to Improve Cyber Security in 2023

Over the last few years, we have seen an unprecedented uptick in the number and severity of cyber attacks on small businesses throughout the country. Small businesses are facing an onslaught of attacks day in and day out: phishing emails, fraudulent phone calls and credential stuffing attacks are just a few.

At this point, it feels like there are weekly news stories about large organizations being hacked, leaving their data compromised in one way or another. One of the unfortunate results is that businesses often suffer from Cyber Security Fatigue. This fatigue is caused by an overwhelming volume of information and a fear that, if large companies are susceptible, so is your business. That’s where the FTC Safeguards Rule comes in.

READ — What to Know about New Privacy and Cybersecurity Laws

The Golden Rule

The FTC Safeguards Rule was initially enacted in 2003. Over the last 20 years much has changed in the way we do business and the technology we use. As a result, FTC approved an updated rule in 2021 that mandates the way specific businesses are required to operate and protect customer information. The types of businesses that fall under this rule include:

Auto dealerships
Real estate appraisers
Courier services
Real estate settlement services
Mortgage brokers
Accountants, CPAs, and tax preparation firms
Wealth management.

Some Basic FTC Safeguards Regulations

Employee Training

Businesses must provide ongoing security awareness training for their staff. This has been and will remain one of the top ways cyber attacks are executed against unsuspecting organizations.

Designate a Qualified Person

Businesses will need to select a person who will oversee the Information Security program. This role may be filled by an employee or selected from a qualified outside firm.

Get a Written Risk Assessment

Organizations must get a written risk assessment of their current systems and storage of customer information. This will need to be reevaluated regularly.

READ — Prioritizing Cybersecurity When Building Your Company Website

Monitor Your Service Providers

Not only will organizations be required to hold themselves to a high standard, they will also need to ensure service providers are following the same strict guidelines. This will be particularly important to CPAs that utilize contractors during tax season.

Although it may be tedious to follow these new regulations, it’s extreamly important. So important, in fact, that there are significant penalties for not complying. The maximum fine is $11000 per day per occurrence of a breach. Additional penalties could be assessed on top of that. There is a risk of litigation, reputation damage, or in the very worst cases jail time.

The Bottom Line

Protecting customer data is of the utmost importance, and at the end of the day, the updated FTC Safeguards Rule should give the affected organizations a roadmap to protect their data with ease.

Jeri Morgan is the Co-Author of the books Hack Proof Your Business and Adapt and Overcome. She’salso the CEO of Denver-based Code Blue Computing, which provides Cyber Security and IT Support Services to businesses.

Prioritizing Cybersecurity When Building Your Company Website

If your business does not yet have an online presence, then you may be missing the boat. These days, many customers are skipping the physical stores and going online, shopping from the comfort of their own homes. Many Colorado businesses have already jumped on the bandwagon, and that is one of the reasons why experts consider Denver, Colorado to be the e-commerce city to watch.

In addition to making a company website that is current and easy to navigate, you also need to make sure it is secure. Hackers and cybercriminals are always looking for a chance to break into your site and steal your data — including the information of your customers. If you are building a new website, then you can improve your chances of avoiding a breach with these tips.

Prepare Before You Build

If you are in the very early stages of your website’s creation, then you need to start by laying down a foundation of security. For starters, consider investing in cyber liability coverage to protect your business against a potential breach now and in the future. You can get this coverage from many well-known insurance carriers, and it will help you in the case of a data breach by informing customers of the situation as well as providing assistance to repair damaged computer systems and recover any compromised data.

Next, you need to research the common threats so you know what to protect against. For example, phishing scams are becoming more common every year. These are malicious emails sent by hackers that are disguised as valid communication, but if an unsuspecting employee opens it, then the cybercriminal can have immediate access to your systems. Learn about the current scams and use that information to further strengthen your security posture by gathering all employees and having a comprehensive training session about the threats and how to avoid becoming a victim.

Finally, when getting your business up and running, it is important to create a recovery plan in case there is a breach or other unexpected issue. This plan should cover every step that should be taken after the breach, including who will alert the customers and who will patch the vulnerabilities in your systems, among other necessary tasks. Assign an individual to each task so the recovery can be a success. Also, make it a point to run through the drill several times a year, so everyone is prepared for the real deal.

Make Your Website Smart and Secure

In order to make your website a success, you need to make it attractive, easy to use, and accessible to all potential visitors. Navigation should be a snap with clearly defined menus and clear direction on where customers can find what they need. It should also be mobile-friendly, and you will want to work out any bugs so each page loads quickly and without issue.

Your website should also be accessible, meaning that anyone who visits the site can use it regardless of potential limitations. That means adding subtitles to videos and avoiding the use of red and green in the case that a visitor is colorblind. It is also a good idea to make your website foreign-business friendly by offering easy translation and currency conversion.

While ease of use is essential, so is implementing security features into the website to protect your customers and their data. For instance, if you accept payments through your website, you should implement secure sockets layer (SSL) certificates into the programming which help to secure all online transactions by automatically encrypting them once they are entered.

You should also make sure that your website implements hypertext transfer protocol secure (HTTPS) protocol which is another way to encrypt communications between a web browser and your website. The “S” at the end of HTTPS literally stands for secure, and customers typically know that so they are more likely to shop with you when they know that your business prioritizes their security.

Protection Now and in the Future

While hackers have many methods for breaching your systems, you can keep them at bay by implementing some tried-and-true security measures. Start by ensuring that every member of the web team uses complex passwords that include lower and uppercase letters, numbers, and special characters. If customers are able to create accounts on your website, then you should require them to also create complex passwords. Sometimes, a hacker only needs to crack one password in order to gain full access to your system.

It is also important to remember that not all threats are from external sources and that sometimes even an ex-employee can be the culprit. For that reason, make sure that you eliminate the system access for any employee once they leave your organization. Also, existing employees should only have access to the programs necessary to complete their specific job. Few employees should be able to access all systems, and fully vet any developers before hiring.

You should also protect your website by adding a firewall and installing antivirus software so that you can prevent most threats and eliminate any viruses that happen to get past your defenses. Both of these programs should be updated whenever a new version comes along so you are up to date on the current threats. Run antivirus scans on all website components at least twice a week to ensure maximum security.

There are many considerations to be made when building your business website for the security of your customers and your bottom line. Implement the proper protections at the start, and you can have confidence that your website will thrive without cyberattacks.

Noah Rue is a journalist and content writer, fascinated with the intersection between global health, personal wellness, and modern technology. When he isn’t searching out his next great writing opportunity, Noah likes to shut off his devices and head to the mountains to disconnect.

Did cyberattacks against businesses increase during the pandemic?

March of 2020 hit most businesses owners like a ton of bricks. No one could have ever imagined a situation in which business would cease operating in the way they were accustomed.

Most certainly, we found CEOs of companies that never would have imagined offering remote work for their staff backed into a corner where they had to do just that.

Most businesses had done advance zero planning for such a situation, which meant they had to do it fire-drill style.

Unfortunately, the way most companies did this was with little to no attention being paid to security. Coupled with the fact that most organizations have approached cyber security training for their staff in a lackluster fashion, it was a recipe for disaster.

In 2020, there was a 150% increase in Ransomware attacks with the average extortion amount doubling. There was a 630% increase in attacks on cloud accounts last year.

What was driving these increases? Two things: most businesses were operating less securely than they were pre-pandemic, and their employees had been sent home without the tools to be cyber aware.

Cybercriminals found out long ago the easiest way into most organizations was through their staff. Phishing email attacks and credential stuffing are pure gold.

In companies where employees are not required to regularly change their passwords, they tend to reuse the same password or a variation of a password over and over. As breaches occur over time, these passwords become available for sale on the dark web. Credential stuffing is when cyber criminals can gain access to another resource using this readily available information.

We have seen bank accounts, credit cards, payroll accounts, and Office 365 accounts being accessed. In the case of Office 365, once they gain access to an administrator login, they have the “keys to the kingdom” as far as the company data is concerned. Or when obtaining access for the payroll provider, they could divert the entire payroll run for a company elsewhere.

A phishing attack is when an email is sent into an organization and, when clicked on, releases a virus that then travels through an entire organizations’ computer network. They have become much more sophisticated and targeted over the last year. Making them more difficult to spot. In addition to ransoming the attacked company, in the 2020 criminals have upped the ante and have started to also ransom their customers and employees. The game has changed.

This is a Lucrative Business

The reason the ransoms continue to increase is because time and time again, there is payoff, like both the cases of Regis University and the City of Lafayette that experienced ransomware attacks in 2020 and paid their respective ransoms.

By the end of 2021, cybercrime damage costs are expected to hit $6 trillion annually.

3 Things Businesses Can Do to Mitigate Their Risk

1. Employee Training. Many successful cyber-attacks are aimed at the lowest hanging fruit. Our staff. Providing ongoing training for your people and for yourself is one of the best things that you can do to lower the risk to your company. Training should include such topics as email safety, internet browsing, password management, unauthorized software, social engineering, and safeguarding company data.

2. Review Your Cyber Security Insurance Policy. While a cyber security insurance policy is certainly no get out of jail free card; it is absolutely something that you should have. Reach out to your commercial insurance agent to make sure that you have a standalone cyber liability policy with an appropriate level of coverage for your company.

3. Get a Cyber Security Assessment. Make sure that you are regularly assessing where your organization stands as it relates to security. This is a moving target, and you must remain fluid with it as well. It is important to have your provider look at the cyber policy to make sure that all the requirements of the policy are being fulfilled or you could end up with a denied claim when your company is on the receiving end of an attack.

Cybersecurity simply is not an IT problem, it’s a business problem

It is a business problem that grows both in its potential cost to our businesses in both reputation and revenue. Its impact is growing year over year because many businesses have decided to simply ignore it. The time in which that is a feasible option is long gone. From this point forward it simply must be part of the strategic planning process for your business.

Jeri Morgan is the co-Author of the books Hack Proof Your Business, Adapt and Overcome and is the CEO of Denver based Code Blue Computing which provides Cyber Security and IT Support Services to businesses.

How to protect business records and avoid lawsuits with virtual employees

It’s been a year since the COVID-19 pandemic ushered in a new way of life for most Americans. One integral part of this new way is that there are more employees in a remote work environment than ever before.

As offices took safety precautions to prevent the virus’s spread, they closed their doors and asked their employees to work from home.

With very little notice, most companies were markedly unprepared for the transition to remote working. They quickly found their way around Microsoft Teams, Zoom, Amazon Chime, and other tools to connect businesses and their employees online.

However, one key component of the remote work environment may have been overlooked.

Business Data Could Be Vulnerable in Remote Work Environments

Company IT and legal departments were left to connect the remote workforce’s dots and protect business-related information and documents. Many employees turned to their personal cloud-based apps such as Google Docs or Dropbox without having pre-authorization or vetting from their legal or IT departments. Business tasks were created, assigned, shared, and stored in these apps with little or no protection.

Making matters worse, employees relied on communications platforms like Facebook Messenger, iMessage, Snap Chat, and WhatsApp to communicate with co-workers about business-related issues. Further obscuring the process of identifying, preserving, and collecting business data.

If not otherwise instructed, employees may turn to the programs and technologies they are most familiar with or what is easily accessible to them. It’s no wonder that employees who work from home often use the same tools they use personally for business. To keep them from doing this, companies should try to be one step ahead in providing the tools for them to use.

This sudden shift in conducting business could leave companies open to many legal issues. Businesses of all types and sizes should consider whether to make immediate changes in how they handle their data in the remote work environment to try to prevent litigation and other far-reaching consequences.

IT Department and Business Attorney Collaboration

The first step businesses may want to consider taking is to ensure that their IT department and their business attorney collaborate. IT departments provide the technical knowledge and tools, while attorneys can provide the parameters and expectations for handling data remotely. Together, they can work towards restructuring document retention policies that detail how data creation and storage should be dealt with when working remotely.

IT and the company attorney may also want to consider reviewing policies on employee use of personal devices and apps that lack company management. Suppose employees are allowed to use their own devices to work remotely. In that case, the company should provide training on using them appropriately for work purposes, including instructions about retention settings.

If the company is part of a highly-regulated industry, it might need to provide devices for its employees to use. However, this doesn’t mean the company or its employees are off the hook when it comes to protecting company data. Finely tuned technical controls and robust policies, such as only allowing specific employees to access company devices or remote desktops, might be a good option to consider.

Maintaining Control Over Business Information and Communications

Businesses can’t preserve information that is outside of their control. Most do an acceptable job of controlling information in the office setting, but for remote work, they might not. Ethically maintaining control over their data is something businesses should consider prioritizing with employees in a remote work environment. When employees are using their personal cloud services for company data, the data could be outside of business control. It might not seem like a big deal, but it could leave the company open to many liabilities.

The company may want to inform each employee of their obligation to maintain secure business data, whether electronic or on paper. Policies could be used to explain where and how to preserve documents from an employee’s home office. It could also be useful to consider having employees minimize printing, keep documents in a safe and secure location, and shred anything that isn’t required for preservation as soon as there’s no longer a business need.

To try to ensure all employees are aware of the policies and can access them when needed, companies can consider:

Virtual training sessions
Having easily accessible electronic copies of updated usage, preservation, and document retention policies

Updated policies for the remote work environment may want to:

Discuss the locations and technology platforms employees can use to create, store, and share company data.
Include instructions concerning where documents shouldn’t be saved, such as personal flash or thumb drives or other communication devices.
Remind employees about their obligations to secure and preserve business data if litigation is or must be reasonably anticipated.
Have a method for enforcement that shows employees that the company takes the policies seriously.
Include contact information to answer policy questions and address concerns.

Keep Data Fully Protected

In addition to considering establishing a cybersecurity and device security policy, companies and their employees may also want to consider taking the following steps to try to keep their data fully protected:

Rely on two-factor authentication
Use encryption software
Implement firewalls, antivirus software, and anti-malware
Avoid employee use of personal cloud-based storage for business data such as Google Drive, Google Docs, Dropbox, and the like
Use a secure connection rather than a public Wi-Fi
Use privacy screens
Refrain from sharing devices, login IDs, and password information with anyone in the household
Save all content to the designated network, not to a desktop

How a Business Lawyer Might Be Able to Help

A business lawyer may be able to review your existing policies to determine if they comply with both state and federal laws, as well as the standards of practice for your industry. They can try to assist you with pinpointing any necessary changes and might be able to help you develop additional internal policies that may assist with preserving and protecting your business data and help your business try to avoid litigation.

Your business has likely encountered enough stress and added expense over the past year. You don’t need any litigation to compound that stress and expense. By consulting with a well-versed business lawyer now, you might be able to keep your business out of legal trouble in the future.

Ellie Lockwood is a preeminent female commercial and business litigation attorney in the Denver Metro area with experience in commercial litigation and business disputes, intellectual property litigation, and environmental and natural resource litigation. She is the commercial litigation practice group leader for Snell & Wilmer L.L.P.’s Denver office, and an instant resource to business owners and other legal professionals on risk mitigation strategies throughout the Mountain West.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Select Region or Brand

Upcoming Event

Tag: cyber security