Top 10 Tips from @MontecitoBank’s @805startups Cyber-Security Event

montecito_logo

We had a really great event with Montecito Bank & Trust last week.  You missed out if you weren’t there!  See the top 10 takeaways below.

  • Exploit kits (compromises occurring through infected websites) are by far the most common method used to deliver malware (ransomware, banking Trojans, etc.)
  • Ransomware is becoming the most common type of malware we see because it’s so easy to deliver and profit from. In addition, banking malware runs in the background on your machine that is standing ready to collect your online banking credentials the next time you log in. This scheme, called “account takeover”, allows the thieves to log into your online banking account on your behalf to transfer your hard-earned money out of your accounts.  Consider the case of the California escrow firm, Efficient Escrow Group, who was hacked in December 2012 and January 2013. A banking Trojan allowed hackers to remotely issue wires totaling $1.5 million to Russia and China on 3 separate occasions.
  • Phishing can also be used to collect your credentials.  Emails or pop-ups might appear to be coming from legitimate banking institutions, or even VISA or MasterCard.  Instead of clicking on the links embedded within emails or in pop-up windows, locate the websites and phone numbers yourself off of prior correspondence or dealings and go directly to the source yourself.  Consider downloading Trusteer, a solution we have partnered with IBM on to offer our clients that will warn you of potential malware running on your computer, or risks inherent with sites you might be visiting.  Download the tool at https://montecito.bank/trusteer or https://montecito.bank/trusteer-mac.
  • Montecito Bank & Trust us also protecting our customers through its new .bank domain at https://Montecito.bank.  The .bank domain is only open to banks that are verified by their regulator. Because the .bank domain is verified and authenticated, phishing, spoofing, internet scams and malicious emails that target bank customers should be reduced.  In addition, the .bank extension incorporates the latest security requirements and best practices to ensure that you are landing on our actual website and not being misdirected to malicious ones. It also requires email authentication & verification to mitigate spoofing, phishing, and other malicious activities propagated through emails.
  • User awareness is critical, be suspicious.  Stop and think before reacting to emails with links or requests like wire transfers, even if the email appears to be from someone you know.  Fraudsters deliberately create a sense of urgency. Consider signing up for public service announcements from the FBI to keep abreast of new internet crime scams at https://www.fbi.gov/about-us/investigate/cyber.  More information about the types of scams being investigated by the FBI can be found here:  https://www.fbi.gov/scams-safety/fraud .
  • Update your software regularly and use the vendor’s automatic software update features.  Especially tools used to connect to the internet (OS, browser, plugins like java flash and acrobat).
  • If you run a website update your platform regularly and consider hardening your CMS by restricting /admin or equivalent to trusted IP addresses only, enable 2 factor authentication on registrar account and DNS provider.  If possible use a WAF like and enable rules specific to your platform (e.g. Joomla or WordPress). Filter websites especially the unrated/uncategorized sites if possible.
  • If you accept credit or debit cards as payment for your services, contact your bank for an EMV-compliant terminal.  You may also want to ask for a “contactless” terminal to enable you to accept other types of tokenized payment methods. ApplePay, SamsungPay, Android pay, etc. are improvements in both convenience and security.  When you use them your credit card information is never shared with the merchant. A “token” is a special code associated with your account number.  Tokenization technology is unique in that they replace your account data with a unique number that is useless if stolen:  http://www.aba.com/Tools/Function/Technology/Documents/Tokenization-Infographic.pdf.
  • We are seeing another type of fraud on the rise, called “business email compromise” or “masquerading”.  This is a type of payment fraud that involves the compromise of legitimate e-mail accounts for the purpose of requesting an unauthorized wire transfer.  After an e-mail account is compromised, actors use the compromised account or a spoofed account to send wire transfer instructions. The funds are primarily sent to Asia, but funds have also been sent to other countries all over the world.   Visit https://montecito.bank to download our “Need to Know: CEO Wire Fraud” sheet now for additional tips on protecting your business against email fraud.
  • Finally, as tax season is now upon us, remain alert to IRS email or phone scams claiming you owe taxes.  Also watch for requests to add users to your QuickBooks accounts, even if the requests appear to be coming from your CPA or local banker.  Crooks could be masquerading as someone you know through a hacked email account to get access to your money or accounts.  Consider employing a two-factor authentication protocol for your company to verify requests for credentials or for transferring money.

Why @805startups get the best of LA, without being in LA.

Conejo_View_805_StartupsThe following article is an article that I wrote that was just published in the winter edition of the Conejo View.  Check it out and please share!

We live in a time, where geographic location means less and less to a business owner, especially in tech.  You can easily run an online, international business out of your house.  But even so, the perception is that if you aren’t launching your tech startup out of one of the worlds top tech hubs, it’s going to be an uphill battle, and you’re not going to be as successful.  Hiring engineers, designers, salespeople and other talent that have a core understanding of the industry will be tough.  Investors will be harder to come by, and getting the attention of a non-local investor will be difficult.

That might be the common perception, but it is very far from the truth.

There are advantages and disadvantages to both sides of this premise, and I could easily argue both of them, but there’s no need to, because we win no matter what.  Why?  Because we live in the 805.  We get the best of both worlds.

For the second year in a row, the tech community in Los Angeles, or Silicon Beach as they like to call it, has been ranked the third best startup ecosystem in the world.  The rankings are based on various criteria like access to capital, talent and of course, performance.  LA was only beat out by Silicon Valley and Tel Aviv.

One of my biggest pet peeves used to be when a great company from our area got lumped in as an LA based company.  It happens all the time.  For example, when Lynda.com recently sold to LinkedIn for $1.5 Billion Dollars, many reported it as “Los Angeles based Lynda.com sells…”  Not really that huge of a deal, but I find myself constantly defending this area to folks who feel they don’t have a choice but to relocate.  Most don’t even realize that many great startups call this area home, and many great success stories they have heard about were from this area.  Did you realize Lynda.com came out of Ojai and Carpinteria?  Did you realize that Estify based in Agoura Hills, Clutter whose founder is based in Westlake Village and Trackr from Santa Barbara are just 3 of many local up-and-coming companies that have raised millions of dollars from some of LA, Silicon Valley and New York’s most prominent Venture Capitalists?  They’re here, they’re kicking butt, and you can too.

We recently held an event with some of the area’s most well connected, well respected and most successful investors.  They collectively represented funds or groups worth hundreds of millions of dollars.  We talked about our local tech community and realized that our biggest problems are the same problems facing any startup community.  Then we discussed how to address them.  Talent was top of everyone’s list.  If we can’t hire engineers, we can’t scale or grow our tech companies.  We talked about (the lack of) engineering schools in the area, we talked about how we’re just not cool enough to attract the younger crowd and we also discussed the size of the talent pool.  But the truth is, the places that have the most engineers, also have the most demand for engineers and also have the most employee churn or turnover.  It’s why you see billboards in San Francisco advertising open positions at big companies.  We may not have as large a pool, but we also don’t need as many engineers, they cost less to hire (from a recruitment standpoint) and they stick with your company longer.  We also learned at the event that around half of the 250 folks in attendance were engineers that don’t commute, work at large organizations and that they were older on average than most expected.

What I learned from that event is not that we are lacking the talent or that engineering schools are a problem (although they could be an asset and I would love to see one at CLU and/or CSUCI), it’s that we need to build a culture around startups and build an awareness around the local startup community.  The engineers were already at the event, so they understand the potential for exponential growth that comes with startup success, but what they need to know is that if they quit their cushy job at a local large organization to join a startup, if it fails, there will be another one waiting for them around the bend.

Does it matter that we’re not in LA?  Not to outsiders who think we are in LA.  Does it matter to us?  Yes!  We get a better quality of life, more bang for our buck when it comes to real estate (for the most part) and a usable school system for our children.

The truth is, this conversation effects every one of our businesses.  The lines are blurred and some of the biggest “tech” startups are not what you would traditionally label tech.  They’re not all Pinterest or Facebook or Instagram.  They’re subscription razor blades, car services and fashion startups.  But to scale and grow your company in this day and age, you need to do it online.  805 Startups is the place to meet the folks who are doing it, and could help you do it too.

If you own a company, want to start a company, are a techie, have a child who’s a techie, want to meet a techie or are interested in the nerdy stuff we talk about at our events, come join us at 805STARTUPS.COM.

Cyber Security: Defense in Depth – FREE workshop from @montecitobank

montecito_logoWe’re extremely excited to announce that we’re hosting Montecito Bank & Trust, one of 805 Startups’ top supporters’ cyber security class led by Paul Abramson, their Director of Technology and Laurel Sykes, their Chief Risk Officer at the Cal Lutheran Center for Entrepreneurship in Westlake Village.  The class was created for proprietors, CEOs, CFOs, finance managers and IT Managers.

Join us at this FREE workshop to learn:
  • Lessons from real world stories of email compromises
  • Critical tips to aid in prevention and response
  • How to develop a layered security approach in your organization
  • How attackers spread malware, steal passwords and defraud businesses
— RSVP to Jamie at jperez@montecito.bank or on the 805 Startups Meetup group —
Feel free to share and post the official flyer below:

montecito_cyber_security

Event Recap – Meet the Associates from @AmplifyLA, @tenone10 & @KarlinVentures!

Hi All!

The event last week was amazing.  Tons of great info dispensed by our amazing panelists, Chris Olson from Amplify.LA, Arteen Arabshahi from Karlin Ventures and Austin Clements from TenOneTen Ventures.  One of the main focusses was what they liked and disliked from the startups / founders that reach out to them, and they were very open about it.

Some main points:

GET A WARM INTRO.  They said that they take warm intros 100x more seriously.  Find mutual connections and don’t be afraid to ask for an intro.

BE CONCISE.  Investors get TONS of emails.  If you want to get their attention, especially if the email is unsolicited, keep it short and to the point.  This way, you don’t waste their time or yours.  I’ve found the best way to get an answer from a busy person is to send super-short emails with a specific question that can be answered easily.

START A CONVERSATION.  Make it conversational.  Get to know the investors in the room and don’t just dive into a pre-prepared deck.  The investors are evaluating you, not just your startup.  Help them get to know you.

ASK FOR ADVICE.  “Ask for money, get advice.  Ask for advice, get money.”  Don’t come right in asking for cash (they know why you’re there!).  Pick the investor’s brain.  Ask good questions.  Just like in the previous point, get to know them.  Then, when appropriate, try and close the deal.

DO YOUR HOMEWORK.  Come prepared and know a bit about the investors you’re meeting.  It’s not hard to look up their website or AngelList profiles.  Do it.  You sound smart if you say something like, “you invested in HelloTech, so I thought you might be interested in our ‘on-demand’ startup that solves a similar problem for a market…”  You sound like a dumbass if you say something like, “do you invest in ‘on-demand’ startups?” to someone like Karlin Ventures who list 3 startups that have the words “on-demand” in their one-line descriptions on the portfolio section of their website.

Some tweets from the event:

Some Pics:

Holiday Donation!!!

Hello 805ers!

First, I would like to start this email by expressing my immense gratitude to all of you for helping to make 805 Startups an amazing community, one that I am extremely proud to be a member. Thank you, thank you & thank you! I know that we will accomplish great things together and build a bright future for the 805!

With that said, it is very important to us at 805 Startups to not only support a great Startup and Tech community, but our community as a whole. A community where we care for and uplift one another is one where the possibilities are endless! This holiday season we will be teaming up with CLU’s Community Service Center in their Adopt a Family or Child program! And we need YOUR help! We have created a page where you can donate to this cause. Any amount is wonderful and very appreciated. I spoke with a great guy, Eric, the Homelessness and Poverty Intern, at the Community Service Center CLU and he said that there were about 10 families and 9 children still waiting for their holiday wishes to be granted! That means if each of us donated about $6 we could complete the list! How amazing would that be!?!?! We are also working to create more volunteer opportunities in the tech / startup realm the whole year through, so more details on that very soon!

Let’s show this world the love and compassion it needs so badly!

Come on 805ers, we’ve got this!!!

Peace on Earth to All!

Nicole & Alon Goren
805 Startups

$

THANK YOU FOR YOUR DONATION:
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Anonymous
Nicole & Alon Goren
Lawrence Charles
Mike Panesis
Sara & Kobi Goren
Gerhard Apfelthaler
Hana Bulko
Tanner Sawitz
Joe Bernstein
Bardia Dejban
Lew Kontnik
K.T. Connor
Tania Garcia
Ryan Waters
Nini Munoz
Sam Yacov
Heather Campbell
Dawn Cortez
Stan Shaul
Moze Baptiste
Carrick Dehart

THANKS FOR YOUR IN-KIND DONATION:
Anne Van Dran
Stacey DeLoera
Jillian Pagnini
Elise Pagnini

kids

Meet the Associates from @AmplifyLA, @tenone10 & @KarlinVentures at the next @805startups

805startups-MeetTheAssociates

We’re extremely excited to have Chris Olson from Ampify.LA, Arteen Arabshahi from Karlin Ventures and Austin Clements from TenOneTen Ventures at the next 805 Startups investor panel.  All three of these guys come from really great funds and have diverse experience working with early stage startups.

In most cases, when your startup applies, or reaches out to these funds, these guys are the first line of defense.  Not only that, but they’re also sourcing deals, taking meetings, doing the due-diligence and helping make the final decision of whether or not to back your company.

Come join us on the 18th and learn about what gets them excited.

RSVP HERE.

Fireside Chat With Adam Draper Recap + Photo-booth Pics!

Quick update:  See press about the event in the local paper!

Hi All!

The fireside chat with Adam Draper from Boost.VC was great!  Thank you all so much for coming and participating.  Adam had some amazing advice and info for all startups and entrepreneurs, especially when it came to joining an accelerator, and we even got to talk a bit about bitcoin and virtual reality!

FOCUS!

Some awesome tweets from the event:

Pics:

Fireside chat with @AdamDraper of @BoostVC on October 28th @805startups!

adam_draper_boostWe’re super excited that we’ll be joined by Adam Draper of Boost.VC.  Boost is based in San Mateo, but is one of the most innovative and exciting startup incubators in the world.  They’ve had whole incubator classes, or tribes, as they like to call them, focussed on bitcoin and virtual reality.  Adam has extensive experience as an entrepreneur and investor, especially at the early stages.

For an example of his excellent and unique mentorship, check out his latest blog post entitled, “Be The Cockroach.”

REGISTER NOW!!!

State of 805 Tech Recap + Pics + Press!

Hey, Everyone!

The State of 805 Tech event went extremely well!  We had well over 250 investors, entrepreneurs and startups at the event, and the panel was very informative.  See some links to press about it below.  More info soon on our upcoming events!

Pacific Coast Business Times
Ventura County Star
805 Connect
DJA Blog

PICS FROM THE EVENT!:
(Pics by Gary Livingston and Shai Kedem!)