FEB. 9, 2018 - VOL. 54 No. 5

Chair's Column
New Members
Member Anniversaries
Cover Story
Other News
Faces & Places
Ribbon Cuttings
Print Advertisers

Cybersecurity is a concern for all businesses

By Rob Swenson
For the Sioux Falls Area Chamber of Commerce

Eric Pulse
Eide Bailly LLP

Technology has never been better. Businesses are electronically moving and storing increasing volumes of valuable information. Companies of all sizes use the Internet to conduct business, not just to communicate with customers, employees and suppliers.

Consumer comfort with connected devices has reached the point that, according to some surveys, a majority of Americans would rather do business online than drive to a store or an office.

So why hasn't cybersecurity kept up? Why does one company after another keep falling victim to hackers and data breaches?

A number of factors contribute to network intrusions, but flawed hardware or software is not the biggest cause, according to cybersecurity experts. Human
beings — employees, usually — are the weakest link in most companies' ring of cyber protection.

"We're only as strong as our weakest element, and the human element is always the weakest," said Eric Pulse, a principal and director of risk advisory services for Eide Bailly LLP. Eide Bailly is a regional CPA and business advisory firm. Its services include helping businesses review and improve strategies for managing risks, online as well as offline.

Cyber risks are growing every day, said Pulse, who works at Eide Bailly's Sioux Falls' office. "There are just more attacks or breaches occurring. It's incumbent upon all of us to be diligent," he said.

News attention typically focuses on reports about data breaches at large companies in which millions of electronic files are exposed. However, smaller businesses also store valuable information, and smaller companies generally are more vulnerable to attack than bigger companies with more resources.

No business is beyond risk
A 2016 study sponsored by Keeper Security Inc. and conducted by the Poneman Institute found that more than 50 percent of small and midsized businesses had been breached during the prior 12 months.

"We always hear about the Targets, Anthems and Equifaxes, but we can list dozens of businesses that don't make headlines. No one is safe," said Vernon Brown, vice president of marketing and community relations at Sioux Falls-based SDN Communications. SDN is among a few companies in the Sioux Falls area that provide businesses with broadband connectivity and cybersecurity services.

Brown agrees that people are the weakest link in businesses' cyber defense.

"We all have to be diligent, as employees, to not be suckered into phishing attacks, social engineering, ransomware and that sort of thing by not clicking on things we shouldn't be clicking on," Brown said. "That can take care of 90 percent of a company's cybersecurity issues."

Brown and others at SDN urge that cybersecurity be elevated to a Board or CEO-level priority, not just be a task assigned to the IT staff.

Other experts generally advise that attacked businesses report the crime to authorities, alert customers and begin remedial action as soon as possible. Trying to protect a company or individual's image by staying quiet about an attack is likely to cause problems to spread and, in the case of regulated business, might be illegal.
In addition to educating employees on an ongoing basis, other recommended steps that businesses should take include keeping security equipment and software up to date, and backing up valuable business information so that it can't be lost.

Ransomware, a popular weapon for hackers, has been drawing a lot of attention lately. Ransomware is a form of malware that infects a company's network — typically by deceptive means. It encrypts information, leaving files unreadable or inaccessible. Then, typically, hackers demand payment in anonymous online currency, such as Bitcoin, to restore the information.

DDoS attacks also have become popular. DDoS is short for distributed denial of service. DDoS attacks occur when large volumes of malicious traffic disrupt and possibly disable a targeted computer network or program. DDoS attack services can be unleashed by an unethical competitor, an unsatisfied client or a disgruntled employee. The source of a DDoS attack can be impossible to determine. However, with the right protection deployed in advance, attacks can be prevented or at least mitigated.

Information stolen from companies in data breaches presents other risks. Personal information can be sold for profit, for example. Data breaches put a company's customers at risk because information can be used by hackers and thieves to create false identities for exploitation in variety of ways.

Cyberattacks might come from terrorist states, but neighborhood hackers also might be to blame. High levels of technical expertise are not needed to launch attacks. DDoS attacks, for example, can be purchased relatively cheaply on the dark web, a secretive part of the internet where illicit goods and services are anonymously traded.

Dr. Josh Pauli
Dakota State University

Take a variety of precautions
The biggest change in the threat landscape during the past couple of years has been that smaller businesses have joined bigger companies in becoming targets, said Dr. Josh Pauli, a professor of cyber operations at Dakota State University.

Any businesses connected to the Internet, even if just to send and receive email, is a potential victim, Pauli said. "There are a lot of companies that have been hacked that don't even know they've been hacked yet," he said.

Minnehaha Country Sheriff Mike Milstead stresses the

importance of business people using good, strong passwords and protecting them. Issues related to weak and stolen passwords account for a lot of problems in small businesses, he said.

"The value of some of these fraudulent scams sometimes dwarf the resources available to investigate and prosecute them," Milstead said.

Milstead and Minnehaha County Detective Derek Kuchenreuther advise people to exercise caution in conducting business online. "If it looks too good to be true, it probably is," Kuchenreuther said.

A safe exchange zone available for public use is located on the parking lot of the Sioux Falls Law Enforcement Center, and officers encourage people and small firms that conduct business online to use it.

Cybersecurity is a special concern for regional companies such as Xcel Energy, which operates part of the national electrical grid. Xcel is among the companies in Sioux Falls that stress that employees practice good "cyber hygiene." That means workers are trained to not open attachments or click links from senders they don't know.

"Ensuring the security of our energy grid is a top priority for Xcel Energy and our partners across the electric industry. Maintaining cyber and physical security is a complex, ever-evolving responsibility that demands constant vigilance and partnerships," said Steve Kolbeck, principal manager in South Dakota for Xcel.

Basic steps to improve cybersecurity:

  • Install computer updates as soon as possible.
  • Critically inspect information such as links in emails.
  • Don't visit websites irrelevant to the company's core business.
  • Make endpoint devices, such as desktop computers and mobile phones, as secure as possible.

Hackers can help companies, too
For about a decade, First PREMIER Bank and PREMIER Bankcard have hired professional hackers to test their businesses' cybersecurity preparedness. With four card centers, 17 bank branches and an operations center scattered around South Dakota, PREMIER has a lot of potential points of exposure for hackers.

Hired hackers test access to facilities' networks internally and externally from entry points such as websites. They even test employees by trying to trick them out of sensitive information — a hacker tactic referred to as social engineering. Testing tactics at PREMIER have included putting up a temporary Wi-Fi network and promoting the fake perk as a new service for employees. When employees try to sign on, the hired hackers try to get sensitive information from them.

Hired hackers also have tried tactics such as hanging an "Occupied" sign on a conference room door and seeing what information they can find or access or any laptops left in the room. Hacking services are authorized to do anything, short of destroying computers, to get into the company's network, said Dave Geiver, vice president of technology.

"We have greatly improved our security as a result of what they've been able to provide us in these tests," Geiver said.

Hiring a hacking service isn't a realistic option for a lot of small businesses, of course.

Dave Geiver
Vice President of Technology, works in his office at First PREMIER Bank and PREMIER Bankcard.

"For the small business person, they need to find some very good partners because in most cases, they won't have the staff nor the skillset to do this well. Then, rotate those partners so that they get a different perspective and approach every couple of years," Geiver said.

Eide Bailly has found that regulated businesses, such as financial services and health care, tend to do a better job of keeping up with rising cybersecurity needs than unregulated businesses. However, good resources are available to help businesses of all sizes develop and implement strategies to reduce cyber risks.

"People just need to take the time to tap into them. Ask questions and find someone who can answer them," said Pulse, of Eide Bailly.

An in-depth guide available to all businesses and organization is the NIST Cybersecurity Framework. NIST is short for the National Institute of Standards and Technology, a non-regulatory agency within the U.S. Department of Commerce.
NIST worked with experts in business, academia and government to come up with a series of detailed yet flexible guidelines that businesses of any size can work through to improve their cybersecurity standing.

Another good resource is "Internet Security Essentials for Business 2.0," which is available online from the U.S. Chamber of Commerce. The U.S. Chamber is helping make cybersecurity a high-priority issue for businesses and the nation.

Thomas Donohue, president and CEO of the U.S. Chamber, has said economic security and national security go hand-in-hand. We must have one in order to protect the other. "Even as we work to advance technology in our economy, we must also safeguard businesses and consumers from its risks, including cyberattacks and data privacy breaches." he said.

Collectively, businesses in the Sioux Falls area are growing contributors to the regional and national economies. With the benefits of that status comes the burden of being bigger targets of cyber criminals. Technology will continue to advance. So local efforts to protect high-tech processes and electronic information will have to increase, too.

[Back to Top]


Two upcoming conferences will provide valuable information about cybersecurity to business people in the Sioux Falls area.

The U.S. Chamber of Commerce and the Sioux Falls Area Chamber of Commerce will cohost a regional cybersecurity conference March 27 at the Holiday Inn City Centre in Sioux Falls. Dakota State University will host its annual DakotaCon security event March 23-25 on campus in Madison.

The U.S. Chamber partners with local chambers and business associations around the nation to host high-level cybersecurity conferences to help businesses improve their online security. Chamber conferences feature national as well as regional experts and typically are held in larger cities. Sioux Falls is fortunate to have attracted one, according to business leaders.

"The protection of businesses' intellectual property has become mission critical for all of us," said Jason Ball, president and CEO of the Sioux Falls Area Chamber of Commerce. "Conferences like this help us gather together and find common needs and where to propose changes in state and local policies."

Sioux Falls Cybersecurity Conference
Tuesday, March 27
Holiday Inn City Center
7:30 a.m. — 1:30 p.m.

Tickets available at

The Sioux Falls Cybersecurity Conference features a lineup of experts in the cybersecurity field, including FBI Supervisory Special Agent Jay Patel as the morning keynote and Ryan Manship, RedTeam Security Consulting in the afternoon. Patel is a sought-after national speaker whose briefings provide key insights based on case studies and analysis of current and emerging cyber threats to U.S. companies. He will demonstrate why every business, big or small, needs a plan and ongoing vigilance. Manship and his team breach businesses for a living, offering a new perspective on how to start protecting your business.

Other featured topics and speakers at the Sioux Falls conference include the role of federal and state agencies in cybersecurity; practical steps for what to do if your business is hacked; and a special message from U.S. Senator John Thune, who serves as Chairman of the Senate Committee on Commerce, Science and Transportation.

The Sioux Falls Cybersecurity Conference is designed for business managers throughout the multistate region. The event is sponsored by SDN Communications as gold sponsor and Dakota State University, Eide Bailly LLP, KELOLAND Media Group, PREMIER Bankcard and Xcel Energy as silver sponsors. The cost is $75 for general attendees and $40 for a limited number of student tickets. Registration is available at

DSU's 8th Annual DakotaCon Conference will come from more technical vantage point than the conference in Sioux Falls, said Dr. Josh Pauli, a professor of cyber operations at DSU who helped plan both conferences. "I would encourage people to attend both conferences," Pauli said.

DakotaCon presentations scheduled for March 23 will be free and open to the public. The focus on the second and third days will shift to technical competition and training. For more information about the conference, see

[Back to Top]

Advertising Opportunity

Join the Chamber of Commerce

Members Only Section


Copyright © 2018 Sioux Falls Area Chamber of Commerce. All rights reserved. Use of this site signifies your agreement to the Terms of Service.

  Sioux Falls Area Chamber of Commerce CoSentry