Cyberattack hurts those who can afford it least

Target Corp. and its millions of customers are not the only victims of cyber-crooks, we learned this week.

They even target for extortion the emergency crisis lines of nonprofit businesses and emergency service providers.

"We had to shut down our crisis number of 35 years last Tuesday," said Dan Pfarr, executive director of the Bridge for Youth, which provides counseling, housing, medical referrals and more for hundreds of kids under age 17 and their families every year. "The guys who took over our crisis line wanted money. We told them we work with distressed families and kids at the low point of their lives. That we deal with lives. We can't have abused kids or parents … calling in and getting a busy signal."

The Bridge (www. bridgeforyouth.org) got "phone spammed," perhaps by a criminal call center that uses software to capture and ransom critical phone lines or Internet systems.

Told by police not to negotiate with the criminals, Bridge management put the line into an answering machine and activated another line as they scrambled to inform their clients and stakeholders, the United Way, law enforcement and other nonprofits and agencies with which the Bridge collaborates, of the new number and situation.

Within 24 hours, the hackers had given up and the old crisis line is working again.

"We see these types of events almost every day across all industries … businesses small and large," said Tomas Castrejon, leader of the cybersecurity practice at the Minneapolis office of Pricewaterhouse­Coopers, the auditing and consulting business. "What can a small business do? The perpetrators are after something they can turn into money, a profit. For small businesses, we suggest, first and foremost, conduct regular security assessments, both technical and people, to try and determine your vulnerabilities. Because that's what the adversaries are trying to exploit.

The irony is that the Bridge has spent a lot of time and money on digital equipment and systems to protect client privacy, medical and other records.

The long-term solution may be a new system that will accept text messages that would also link to phone and digital systems at The Bridge. The price tag of about $100,000 is not inexpensive for a nonprofit with a $3 million total budget and which had to pare services and get leaner during the Great Recession. Pfarr is huddling with key staff, board members and vendors.

"We're definitely seeing an uptick in 'intrusion matters,' individuals and entities that try to find a way to compromise the information located in some of our companies," said Kyle Loven, division general counsel of the Minneapolis FBI.

"There's a wide range of methodologies and motivations. There are definitely some fairly sophisticated overseas elements involved. It takes some technical know-how. If we're able to determine a location of the perpetrators, whether in or outside the U.S., we have options at our disposal to also work with foreign governments."

Brian Isle, founder of the Minneapolis-based cybersecurity firm Adventium Labs, said Verizon has estimated that three out of four cyber-breaches are of small companies because they may not have safeguards and are easier to blackmail.

Shawn Panson, New York-based leader of PwC's U.S. Risk Assurance Emerging Services practice, which focuses on mitigating risks, said: "What drives this acquisition is what you're seeing in the news. Jay has a tremendous reputation in the industry … [and] has been on the ground floor of privacy issues and laws for 20-plus years. The majority of the MPC folks will be in Minneapolis. Jay will have a presence in our national data privacy practice. All of our clients are dealing with cybersecurity."

These businesses help companies, agencies, schools and nonprofits determine their sensitive data, classify it, control it and, eventually, retire it safely.

"At a time when well-publicized cybersecurity threats and data privacy breaches have underscored the critical nature of these issues to both businesses and consumers, the addition of MPC will further strengthen and expand PwC's data protection and privacy resources," Dean Simone, leader of PwC's U.S. risk assurance practice, said in a statement.

Simone also noted that those threats and breaches have spurred rapid regulatory focus and growing demand for risk assessment and assurance services.

It's the "Target effect" as the Minneapolis-based retailer, rocked by its December data heist of customer information, has become the national poster child for data disasters.

Incidentally, the Minneapolis regional office of PwC has doubled in size to about 540 people since the Great Recession.

The annual Best in Business Award Winners luncheon of the Minneapolis Regional Chamber of Commerce and affiliates will celebrate a variety of accomplishments at 11:30 a.m. Thursday at the Graves 601 Hotel.

The honorees include DC Group, Pilgrim Cleaners, Minnesota United FC, Wixon Jewelers and nonprofits AchieveMpls and Emerge Community Development. More information: www.minneapolischamber.org/awards or call 612-370-9100.

Law and theater will be joined as the Illusion Theater presents the recent off-Broadway production of "Naked Darrow" April 3-12 at the downtown Minneapolis theater, located in the Cowles Center for Dance and the Performing Arts on Hennepin Avenue.

This solo piece, written and performed by Gary Anderson, is a provocative look at the legendary lawyer who took on racism, social injustice and the death penalty in the first decades of the 1900s.

Two 90-minute Continuing Legal Education (CLE) events will be offered in conjunction with "Naked Darrow." "The Ethics and Practice of Pro Bono Work" will be held April 2 from 3:30-5:00 p.m., and "Lessons Learned from Clarence Darrow for Criminal Defense Attorneys" will be offered April 11 from 3:30-5:00 p.m.

Darrow at the time was America's most admired and despised lawyer. More information at www.illusiontheater.org.

Owners and managers of more than 200 Minneapolis buildings of at least 100,000 square feet must submit their buildings' annual energy use by June under Minneapolis' new building-energy ordinance. The proposed law was modified to exclude smaller buildings in the first year and the ordinance took effect after discussions with building owners.

Minneapolis has followed Boston, Chicago, Seattle and several other cities, including California and Washington states, with building-energy benchmarking ordinances that backers say inspire conservation, collaborative programs with building owners and utilities and other benefits. The ordinance covers office buildings, hospitals, sports stadiums and more.

The city says some property owners and managers don't know how well or poorly their buildings use energy or how their building's energy performance compares to similar buildings. The city will work with commercial property owners and Xcel Energy, starting with workshops in April and May. A website and help line also are on the way.

For example, at the historic Midtown Exchange building in Minneapolis — the second-largest building in Minnesota at 1.1 million square foot of commercial, housing, office and retail space — benchmarking enabled Ryan Cos. to save $30,000 per year when it learned how much energy the building was using, by moving janitorial services to the daytime when there is natural light, replacing standard light bulbs with LEDs and making other small changes.

At the Minneapolis Central Library, built in 2006, an energy tuneup prompted by benchmarking has led to more than $100,000 in annual savings and a 40 percent decrease in energy use