Introducing “Discussions with DJ,” where we’ll sit on exciting conversations between DJ Colter and other individuals who shape our community!
At the helm of these conversations is DJ Colter, a name synonymous with community engagement and leadership in Fargo. DJ, a successful entrepreneur, has also seated himself as a catalyst for local involvement and transformation. After leaving a career in teaching, DJ ventured into the realms of insurance and real estate. Eventually, he turned his own agency, DJ Colter Agency, into a dominant force in the Midwest insurance landscape. His commitment to service parallels his business acumen, a trait deeply ingrained in his upbringing in a family of educators.
Why DJ Colter? His extensive involvement across various boards— from the YMCA Of Cass & Clay Counties to the Fellowship of Christian Athletes and beyond—illustrates a profound dedication not just to leading but to listening and uplifting others. DJ embodies the spirit of “Givers Gain,” believing that true success comes from helping others succeed. His philosophy of service over self-promotion, inspired by his father’s example as a servant leader, makes him the ideal voice to bring forward the stories.
Periodically, DJ will sit down with a different community member, and through these conversations, we will uncover not just the achievements but the personal journeys and philosophies that drive these community leaders.
So, sit down, lock in, and join Fargo INC! Editor Brady Drake and DJ Colter as we explore the voices and visions that make Fargo a place of dynamic community engagement and innovation.
This month, we’re excited to introduce Kelly Mortensen, the founder of Digital Plains LLC, a leading cybersecurity and managed services provider based in West Fargo. Kelly, with a remarkable 37-year career in IT, has become a prominent figure in the cybersecurity industry, driven by a passion for protecting businesses from digital threats. His journey began unexpectedly in college when he switched his major from heating and cooling to computers after successfully fixing a broken computer his father had recently purchased. Since then, Kelly has worked in various IT roles, including positions at Phoenix International (now John Deere), MeritCare (now Sanford), Global Electric Motorcars, and Applied Engineering.
In 2011, Kelly founded Digital Plains to fulfill his mission of helping businesses safeguard their digital assets. What began as a side venture soon became a full-time commitment by 2019. Under Kelly’s leadership, Digital Plains has grown to offer comprehensive managed services, functioning as the IT department for companies across the nation. With a focus on proactive cybersecurity measures, Kelly and his team ensure their clients are not just prepared for potential cyberattacks but also equipped to recover quickly should the unthinkable happen.
DJ: Sometimes when you get hacked you can’t recover from it. That’s why this is such a big deal. People are not talking about this enough. People just think they can by cyber insurance and everything will be covered.
Kelly: Every business should have cybersecurity insurance. But, there are varying degrees of cybersecurity insurance.
DJ: There’s just so much education that’s needed. And it’s really scary and sad out there.
Brady: How did you get into cybersecurity?
Kelly: I wanted to go into heating and cooling after high school, and my roommate at the time, was going into the computer trades. This was 30 some years ago, and my dad just spent $4,000 on a computer and a printer and everything. And my roommate wanted to check it out. So, he came over, checked it out, and broke it. Somehow, i managed to figure out how to fix it. So, I changed my major my freshman year of college.
So, I’ve been in IT now for 37 years.
I worked for Phoenix International before it was John Deere—I actually left about the time that John Deere was buying them. I then went to work for MeritCare, which is now Sanford. After that, I worked for Global Electric Motorcars, which got bought by Polaris. So then, I worked for Applied Engineering for a while. Eventually, I realized I wanted to do more with my abilities to help people. So, I worked for six years as the Chief Information Officer for Lutheran Social Services of North Dakota.
From there, I spent a brief stint down in North Carolina working with a company Valley IT in Fort Bragg on some software… I randomly got a call from the owner saying his customer in North Carolina needed a server. And this guy was asking me a million questions. I was kind of telling him to go to dell.com, click on server, and order server. And he told me that what they needed was more than that. So, we talked to the customer and found out what the requirements were. And there was probably about a six-month period where you couldn’t get a server physically this big, with 150 terabytes of drive space on it and two NVIDIA video cards—which they use for gaming, crypto mining, AI, facial recognition, and other things like that. There wasn’t a server that did that though. So, I contacted three or four manufacturers and finally found one that told me no two or three times until they finally said yes if they were given $35,000 for a proof of concept. They did it and we ordered 200 of them.
“Your Business Will Get Hacked: 17 Experts Share How to Self-Assess and Prepare for the Worst”
Mortensen is a published author alongside 16 other cybersecurity experts in a book called “Your Business Will Get Hacked: 17 Experts Share How to SelfAssess and Prepare for the Worst.” This book “reveals the cold hard truth—you will get hacked. Through gripping real-life stories of cyberattacks, data breaches, and digital threats, top IT experts expose the dangers and high costs of inadequate cybersecurity.”
Eventually, we had kids that were getting married and grandbabies coming so, we wanted to move back to North Dakota. So, we moved back and I started Digital Plains in 2011. In 2019 it became my ful-time job.
DJ: What are the services you offer?
Kelly: We do kind of an all-you-can-eat managed services. There is a 400 employee company in town that we service and we are essentially their IT department. They are an insurance company that covers all of North Dakota, South Dakota, Arkansas, and Nevada. So, we support people across the country with that. We function kind of as your help desk. We’ll fix your servers or issues you’re having with your email.
DJ: Did you have much involvement with cybersecurity previously?
Kelly: Cryptocurrency has really amped up the marketing of cybersecurity, but we’ve always done cybersecurity—firewalls, antivirus, spam filters, things like that. But cybersecurity is more tools outside of those things now, and there’s a kind of stack of those cybersecurity tools that really protects customers. There are still plenty of people that are kind of DIYing those things together, and may use this tool and that tool. We’re going to try and make them work together. And those DIY environments are when there are gaps in the coverage.
Brady: Why would the cryptocurrency create more awareness around cybersecurity?
Kelly: 15 years ago, you would have gotten an email from a person asking you to send them three Target gift cards at $50 a piece. Now, they ask for 5 bitcoins at $55,000 a piece. So the amount of money at stake and the ease of transferring that money without it being tracked is what has made it really increase awareness.
I can go over what a ransomware attack typically looks like. They start by spreading all these phishing emails all over. They managed to get through those filters, those layers of security, and an email gets to somebody’s inbox. They open it and click on a link, and that’s really how they get past all those layers. Once somebody clicks on a link, that computer is compromised. IBM had a study a couple of years ago that said—and it’s probably still true, if not more true today than ever—that hackers when they get on a system or a network, they’re on average an average of 287 days.
DJ: So what happens?
Kelly: Somebody will click a link and once they’re in that computer, they will wait to see what that person has access to. Then, they will get on to other employee computers until they have kind of taken over the whole footprint of the network and get the data. Then, once they get the data, they start uploading it to the dark web. Then, once they have enough, they encrypt everyone’s hard-drives and send the ransom saying something like “You have 72 hours to pay $250,000.”
Brady: Is the solution usually to pay the ransom?
Kelly: We always say to never pay a ransom… In fact, the government is starting to make laws to prevent people from making those payments because it just encourages bad behavior.
The key is to put yourself in a position to not to get hacked. Secondly, it’s important to be a in a position where you can recover from it quickly.
There’s a stat that says that 60% of small businesses that get ransomware attacked go out of business six months after the attack.
DJ: What are some things people can do right now to put themselves in a better situation?
Kelly: The only way to really know if someone is safe is to have a third-party audit. Everybody should get an audit to know where they’re at and they should get frequent audits. The reason it’s important to get frequent audits is because getting new printers could change the entire landscape of their security.
You should also have multi-factor authentication on every single account—your personal Twitter account, everything. Passwords aren’t good enough. Get a password manager so you’re not duplicating passwords. You need strong and secure passwords. But then you have to have multifactor authentication.
You should also be changing your passwords regularily—I would say at least every three months.
Brady: How often would you recommend people get audited?
Kelly: At least once a year. In between audits, you should have scanners on your network to look for vulnerabilities as they happen.
There are instances like an open network port on the wall. If you were using best security practices, that port wouldn’t be active. But, that can be a pain in the butt—we’re always balancing security and usability. So, a lot of times, the network port on the wall gets stays on. Anyone who plugs into that wall will probably have access to the server and that’s all a hacker needs, is to see that the server is there. Then, they can start trying to break into it.
DJ: What percentage of hackers come from outside of the United States?
Kelly: I would say it’s mostly overseas. All countries have state sponsored hackers.
DJ: What’s the most damage you have seen done in your role?
Kelly: We’ve had incidences, but nothing devastating. We work with this insurance company and this insurance company works with a law firm out of Bismarck. Well, that law firm got attacked and the hacker sent out a bunch of emails to clients. Six people got the email and two of them opened the email. One clicked the link.
That insurance agent that clicked the link didn’t do anything wrong. The email that they received was from a person they knew and a person they were corresponding with. And, the email asked them to do something that a lawyer would normally ask someone to do—it asked them to upload documents to a link in the email. So, they clicked the link and the 365 login popped up. They put in their username and password. Then, it popped up again. So, they entered the information again. This kept happening and happening until they eventually called the help desk. Thankfully, this was all over and done with in a matter of seconds because of all of the different layers of security we put on things. But, what was going on was the hacker was using the password info to automatically go to the account and change the cell phone number to their number—so that his two-factor authentication would go to the hacker’s phone. The next step was to send that payload to North Africa—that’s what stopped it because one of our layers of security is to make sure that people at this company can’t access their accounts when they’re outside of the United States
DJ: How is AI going to influence this?
Kelly: We’ve already caught hackers using AI to write custom scripts to make new malware that people click on. That kind of leads me to the next piece which is that in Eastern Europe, India, and Asia, this a commoditized business. These hacking efforts are businesses that have CEOs, HR departments, and training departments
There was actually was an uptick of this during COVID-19. When people were getting laid off in mass and they needed work, if they had a variable moral compass, they would go work for one of those companies and get trained on how to hack people. They have bonus structures and everything—it’s big business outside of the United States.
Brady: Can you tell me about the book?
Kelly: Myself and other peers in the industry all wrote chapters on specific topics. My chapter covers the five industries most likely to be the victim of a ransomware attack.
I’m part of a group that contains about 300 other managed service providers. There’s only one other peer in town that I would confide in about things, otherwise we are all pretty tight competitors locally. So, it’s nice to be part of a group with people outside of our metro area. We have quarterly conferences where we just openly share. We share financials with each other because most of us are computer nerds—a lot of us don’t know PML from GL. So, every month, we go through a different companies financials and how they structure their business. We also kind of look at their business throught the EOS filter (do they get it? do they want it? can they do it?) and we help them try to improve their business. We try to help educate each other on marketing, sales, and running a business.
Digital Plains LLC
digiplains.com
Facebook | /digitalplains
Instagram | @digitalplains
Youtube | @digitalplains
Linkedin | /digitalplains