Cybersecurity Awareness Month Tips: The Top Cyber Gaps Utah Businesses Need to Close Fast
The Fastest Ways to Fix Them Before They Cost Your Business
Cybersecurity Awareness Month Tips: The Top Cyber Gaps Utah Businesses Need to Close Fast
The Fastest Ways to Fix Them Before They Cost Your Business
────────────────────────────────
1. Employees Aren’t Trained to Spot Phishing Scams
2. Weak Passwords and Missing MFA
3. Outdated Software and Unpatched Systems
4. No Backup or Recovery Plan
5. Poor Vendor and Email Security
6. No Incident Response or Security Policy
────────────────────────────────
October is Cybersecurity Awareness Month, and for Utah businesses, that’s the perfect reminder to take a closer look at your company’s defenses.
Cyber threats aren’t just hitting big corporations. They’re hitting small and mid-sized businesses across Utah every day. From ransomware to phishing scams, most breaches start with the same few weaknesses.
However, closing these gaps doesn’t have to be complicated, or expensive. Here are the top cybersecurity gaps Utah businesses are facing right now and the fastest ways to fix them before they cost your business time, money, or reputation.
──────────────────────────────────────────────
1. Employees Aren’t Trained to Spot Phishing Scams
Even the best technology can’t protect against human error. In Utah, we’re seeing more phishing attacks targeting finance, legal, and nonprofit organizations, especially those handling sensitive data or donations.
We recommend scheduling regular cybersecurity training for your employees and simulated phishing tests. On top of that, use email filtering tools to block suspicious messages from reaching your staff. Be sure to also encourage them to pause and verify before clicking unexpected links or sending sensitive information.
Pro Tip: A short, quarterly training is more effective than one long annual session. It's also easier and more effective to have a local cybersecurity expert conduct it for you.
2. Weak Passwords and Missing MFA
Too many Utah businesses still rely on shared logins or basic passwords. Hackers know it, and they exploit it.
It's actually quite simple. Start by enabling multi-factor authentication (MFA) on all accounts (Microsoft 365, Google Workspace, VPNs, etc.) across your staff. MFA can block over 99% of automated attacks, and it’s often free to enable.
Then, use a password manager to generate and store complex passwords. It's also a good idea to eliminate shared credentials and limit access by role.
3. Outdated Software and Unpatched Systems
Old software is one of the most common security holes in Utah small businesses. When systems aren’t updated, vulnerabilities remain open for hackers to exploit.
A really easy cybersecurity tip is to simply turn on automatic updates for all of your operating systems and applications. Then, set a weekly schedule for patching your servers and workstations. If you want to go even further, run a quick vulnerability scan (many Utah IT firms offer these free in October).
4. No Backup or Recovery Plan
If ransomware hits tomorrow, could your team recover data within hours, or weeks? This is something you really need to take seriously.
Perhaps the most important thing you should do first is set up automated, encrypted backups of your most critical data. Then, go one step further by keeping one copy offline or off-network in case ransomware locks your systems. Be sure to test your restore process regularly so you’re not discovering problems mid-crisis.
5. Poor Vendor and Email Security
Many Utah businesses use third-party vendors (payment processors, IT providers, cloud software) without realizing they can also introduce risk.
You should verify your vendors’ security practices and compliance (e.g., HIPAA, PCI), then limit their access and disable unused accounts. It's also a good idea to require verification calls for wire transfers or payment changes to stop business email compromise scams. Even one phone call can stop a six-figure fraud attempt.
6. No Incident Response or Security Policy
Many Utah businesses don’t have a clear plan for what to do if a cyber incident happens, and that’s what causes small issues to spiral into disasters.
You can start by writing a simple incident response plan outlining who to call and what to do. Then, update or create basic cybersecurity policies (acceptable use, remote work, data protection). Make sure your business aligns with the NIST Cybersecurity Framework, and take advantage of Utah’s Cybersecurity Affirmative Defense Act (HB80) for added legal protection.
──────────────────────────────────────────────
This October: Take One Step to Protect Your Business
Don’t wait for a scare to make cybersecurity a priority. Start with a free employee cybersecurity training session from our Utah-based team.
You’ll learn:
How to spot phishing scams
How to build stronger passwords
How to respond fast when something feels off
────────────────────────────────
1. Employees Aren’t Trained to Spot Phishing Scams
2. Weak Passwords and Missing MFA
3. Outdated Software and Unpatched Systems
4. No Backup or Recovery Plan
5. Poor Vendor and Email Security
6. No Incident Response or Security Policy
────────────────────────────────
October is Cybersecurity Awareness Month, and for Utah businesses, that’s the perfect reminder to take a closer look at your company’s defenses.
Cyber threats aren’t just hitting big corporations. They’re hitting small and mid-sized businesses across Utah every day. From ransomware to phishing scams, most breaches start with the same few weaknesses.
However, closing these gaps doesn’t have to be complicated, or expensive. Here are the top cybersecurity gaps Utah businesses are facing right now and the fastest ways to fix them before they cost your business time, money, or reputation.
──────────────────────────────────────────────
1. Employees Aren’t Trained to Spot Phishing Scams
Even the best technology can’t protect against human error. In Utah, we’re seeing more phishing attacks targeting finance, legal, and nonprofit organizations, especially those handling sensitive data or donations.
We recommend scheduling regular cybersecurity training for your employees and simulated phishing tests. On top of that, use email filtering tools to block suspicious messages from reaching your staff. Be sure to also encourage them to pause and verify before clicking unexpected links or sending sensitive information.
Pro Tip: A short, quarterly training is more effective than one long annual session. It's also easier and more effective to have a local cybersecurity expert conduct it for you.
2. Weak Passwords and Missing MFA
Too many Utah businesses still rely on shared logins or basic passwords. Hackers know it, and they exploit it.
It's actually quite simple. Start by enabling multi-factor authentication (MFA) on all accounts (Microsoft 365, Google Workspace, VPNs, etc.) across your staff. MFA can block over 99% of automated attacks, and it’s often free to enable.
Then, use a password manager to generate and store complex passwords. It's also a good idea to eliminate shared credentials and limit access by role.
3. Outdated Software and Unpatched Systems
Old software is one of the most common security holes in Utah small businesses. When systems aren’t updated, vulnerabilities remain open for hackers to exploit.
A really easy cybersecurity tip is to simply turn on automatic updates for all of your operating systems and applications. Then, set a weekly schedule for patching your servers and workstations. If you want to go even further, run a quick vulnerability scan (many Utah IT firms offer these free in October).
4. No Backup or Recovery Plan
If ransomware hits tomorrow, could your team recover data within hours, or weeks? This is something you really need to take seriously.
Perhaps the most important thing you should do first is set up automated, encrypted backups of your most critical data. Then, go one step further by keeping one copy offline or off-network in case ransomware locks your systems. Be sure to test your restore process regularly so you’re not discovering problems mid-crisis.
5. Poor Vendor and Email Security
Many Utah businesses use third-party vendors (payment processors, IT providers, cloud software) without realizing they can also introduce risk.
You should verify your vendors’ security practices and compliance (e.g., HIPAA, PCI), then limit their access and disable unused accounts. It's also a good idea to require verification calls for wire transfers or payment changes to stop business email compromise scams. Even one phone call can stop a six-figure fraud attempt.
6. No Incident Response or Security Policy
Many Utah businesses don’t have a clear plan for what to do if a cyber incident happens, and that’s what causes small issues to spiral into disasters.
You can start by writing a simple incident response plan outlining who to call and what to do. Then, update or create basic cybersecurity policies (acceptable use, remote work, data protection). Make sure your business aligns with the NIST Cybersecurity Framework, and take advantage of Utah’s Cybersecurity Affirmative Defense Act (HB80) for added legal protection.
──────────────────────────────────────────────
This October: Take One Step to Protect Your Business
Don’t wait for a scare to make cybersecurity a priority. Start with a free employee cybersecurity training session from our Utah-based team.
You’ll learn:
How to spot phishing scams
How to build stronger passwords
How to respond fast when something feels off
Related
Happy Clients. Healthy Technology.
We founded Equinox with the vision of relieving daily stresses of technology by providing a higher level of service and support.
Since 2002, we have provided exceptional service and support to hundreds of clients. We build our services around protection and advancement for your business through proactive care, backup and disaster recovery, security, and technical support.
Orem, UT 84057