Common Cybersecurity Gaps We See in Utah Financial Firms
And how to close them fast
Common Cybersecurity Gaps We See in Utah Financial Firms
And how to close them fast
If you run a Utah financial firm, you already know this: your inbox is a target. Most attacks don’t start with some crazy dramatic hacking like you see in the movies. They start with one employee trusting the wrong message, one reused password, or one vendor account that quietly got compromised.
Verizon’s 2025 DBIR highlights that human involvement shows up in about 60% of breaches (Verizon).
In this article, we’ll break down the most common cybersecurity gaps in Utah financial firms, why they matter (specifically for finance teams), and what you can do this quarter to tighten things up without creating a compliance nightmare.
What are the most common cybersecurity gaps in Utah financial firms?
The most common cybersecurity gaps in Utah financial firms are weak protection against credential theft, ransomware exposure, inconsistent employee security habits, and unclear processes for wire and payment verification. These gaps often exist even when a firm has “good tools,” because day-to-day workflows and human behavior create openings attackers can use.
Why are financial firms such a consistent target?
Financial firms handle money movement, sensitive client data, and trusted communications. That combination is exactly what cybercriminals want.
In the Financial and Insurance sector, Verizon reports ransomware and the use of stolen credentials are each present in 30% of breaches, meaning attackers often win by getting someone’s login and then escalating from there (Verizon).
That’s why your “security posture” is also an operations issue on top of being an IT issue.
Gap #1: “We have MFA” … but it’s not being enforced everywhere
MFA helps, but not if it's only on a few systems. A common pattern we see is MFA on Microsoft 365, but not on:
CRM portals
Payroll platforms
Custodian portals
Remote access tools
Vendor systems that tie into your environment
Attackers love finding the one login that’s “almost protected.” Verizon also calls out MFA prompt bombing (spamming users with login prompts until someone approves one) showing up in 14% of incidents in their dataset (Verizon).
Some practical fixes include requiring MFA on every externally accessible system (not just email), using number matching or stronger methods where possible, and setting a rule that “If you didn’t initiate it, deny it and report it.”
Gap #2: Wire and payment processes rely on “trust,” not verification
This one is painful because it feels like good customer service: fast responses, flexible requests, “Sure, I’ll handle it.” That’s exactly what Business Email Compromise (BEC) depends on.
Verizon cites FBI IC3 data showing that more than $6.3 billion was transferred in 2024 as part of BEC scams, with a median extracted amount around $50,000 (Verizon).
This is a common misconception...“Our people would notice a fake email.” But the reality is that attackers don’t need a perfect fake, they just need a believable one at a busy moment.
Some ways to get around this include creating a two-step verification policy for any change in payment instructions, verifying via a known phone number (not the one in the email), and using a simple checklist for payment changes (short is better than perfect).
Gap #3: Security training exists… but it’s not changing behavior
Most firms have done “some training.” The issue is consistency and follow-through. Here’s why training still matters: Verizon found that users with recent training reported simulated phishing emails at about 21%, compared to a 5% base rate...roughly a 4x improvement (Verizon).
That’s a big deal in finance, because reporting speed often determines whether an incident becomes a minor cleanup… or a full-blown disaster.
You can fix this by running ongoing training (short + frequent beats long + annual), including phishing simulations that match finance workflows (invoice, ACH, DocuSign, payroll), and making reporting easier.
Gap #4: Password habits and “shared accounts” are still too common
Financial teams are busy. So shortcuts happen:
Shared logins for “finance@” tools
Passwords reused across systems
Credentials stored in spreadsheets or notes
Former employee accounts not fully removed
Stolen credentials are one of the main ways attackers get in. And in this industry, that’s not theoretical.
Practical fixes:
Eliminate shared accounts wherever possible.
Require a password manager (and train people to use it).
Review access quarterly (especially for money movement systems).
Gap #5: Vendor access and third-party tools aren’t being monitored closely enough
Utah financial firms often rely on outside partners for software, compliance, IT support, marketing platforms, and more. Many firms say “That vendor is big—they’re secure.” However, a vendor can be secure and still become the pathway into your firm if access isn’t controlled.
Some ways to fix this include keeping a simple list of vendors with access to systems or data, requiring MFA for vendor access, and removing vendor accounts when projects end.
Gap #6: Backups exist… but ransomware recovery isn’t tested
Many firms back up data. Fewer firms test recovery in a way that matches real-life downtime pressure. Ransomware is still a core threat in this sector. So the real question isn’t “Do we have backups?” The real questions are:
How fast can we restore?
Who decides what gets restored first?
What happens if the backup system is also impacted?
Practical fixes:
Test restores at least quarterly.
Keep one backup copy protected from deletion (immutable/offline strategy).
Document the top 5 systems needed to operate.
“What we see” vs “what good looks like”
Area | Common gap we see | What good looks like |
|---|---|---|
MFA | Only on email | MFA enforced across all logins that matter |
Wires/payments | Verify “when it feels off” | Verify every time with a known process |
Training | Annual checkbox | Ongoing training + phishing simulations + easy reporting |
Accounts | Shared logins/reused passwords | Unique accounts + password manager + quarterly access review |
Vendors | “They handle security” | Vendor inventory + least-privilege access + MFA required |
Backups | “We back up” | Tested recovery + clear priorities + ransomware-ready plan |
What do compliance expectations have to do with these gaps?
For many financial firms, you need to be protecting your data while also proving you're protecting your data.
The FTC Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information (FTC).
That matters because the gaps above (training, access controls, vendor oversight, incident readiness) are exactly the areas auditors and regulators tend to focus on.
How do you close cybersecurity gaps without overwhelming your team?
You close cybersecurity gaps by focusing on the “few things” that prevent the most common failures: secure logins, verified payment changes, trained employees who report quickly, controlled vendor access, and tested recovery. Most firms don’t need more tools. They need more consistency.
A simple 90-day plan:
Month 1: MFA everywhere + wire verification process
Month 2: employee training + phishing simulations + reporting workflow
Month 3: vendor access cleanup + backup restore test + incident checklist
How Equinox helps (and the best next step)
At Equinox IT Services, we help Utah financial firms close the real-world gaps that lead to fraud, downtime, and compliance stress, especially the ones tied to employee behavior and email risk.
If you want a low-risk way to improve fast, take advantage of our Security Awareness Training for Employees. Plus, you can try it out for free for 60 days. It’s designed to help your team spot phishing, report faster, and build better habits without disrupting work.
If you run a Utah financial firm, you already know this: your inbox is a target. Most attacks don’t start with some crazy dramatic hacking like you see in the movies. They start with one employee trusting the wrong message, one reused password, or one vendor account that quietly got compromised.
Verizon’s 2025 DBIR highlights that human involvement shows up in about 60% of breaches (Verizon).
In this article, we’ll break down the most common cybersecurity gaps in Utah financial firms, why they matter (specifically for finance teams), and what you can do this quarter to tighten things up without creating a compliance nightmare.
What are the most common cybersecurity gaps in Utah financial firms?
The most common cybersecurity gaps in Utah financial firms are weak protection against credential theft, ransomware exposure, inconsistent employee security habits, and unclear processes for wire and payment verification. These gaps often exist even when a firm has “good tools,” because day-to-day workflows and human behavior create openings attackers can use.
Why are financial firms such a consistent target?
Financial firms handle money movement, sensitive client data, and trusted communications. That combination is exactly what cybercriminals want.
In the Financial and Insurance sector, Verizon reports ransomware and the use of stolen credentials are each present in 30% of breaches, meaning attackers often win by getting someone’s login and then escalating from there (Verizon).
That’s why your “security posture” is also an operations issue on top of being an IT issue.
Gap #1: “We have MFA” … but it’s not being enforced everywhere
MFA helps, but not if it's only on a few systems. A common pattern we see is MFA on Microsoft 365, but not on:
CRM portals
Payroll platforms
Custodian portals
Remote access tools
Vendor systems that tie into your environment
Attackers love finding the one login that’s “almost protected.” Verizon also calls out MFA prompt bombing (spamming users with login prompts until someone approves one) showing up in 14% of incidents in their dataset (Verizon).
Some practical fixes include requiring MFA on every externally accessible system (not just email), using number matching or stronger methods where possible, and setting a rule that “If you didn’t initiate it, deny it and report it.”
Gap #2: Wire and payment processes rely on “trust,” not verification
This one is painful because it feels like good customer service: fast responses, flexible requests, “Sure, I’ll handle it.” That’s exactly what Business Email Compromise (BEC) depends on.
Verizon cites FBI IC3 data showing that more than $6.3 billion was transferred in 2024 as part of BEC scams, with a median extracted amount around $50,000 (Verizon).
This is a common misconception...“Our people would notice a fake email.” But the reality is that attackers don’t need a perfect fake, they just need a believable one at a busy moment.
Some ways to get around this include creating a two-step verification policy for any change in payment instructions, verifying via a known phone number (not the one in the email), and using a simple checklist for payment changes (short is better than perfect).
Gap #3: Security training exists… but it’s not changing behavior
Most firms have done “some training.” The issue is consistency and follow-through. Here’s why training still matters: Verizon found that users with recent training reported simulated phishing emails at about 21%, compared to a 5% base rate...roughly a 4x improvement (Verizon).
That’s a big deal in finance, because reporting speed often determines whether an incident becomes a minor cleanup… or a full-blown disaster.
You can fix this by running ongoing training (short + frequent beats long + annual), including phishing simulations that match finance workflows (invoice, ACH, DocuSign, payroll), and making reporting easier.
Gap #4: Password habits and “shared accounts” are still too common
Financial teams are busy. So shortcuts happen:
Shared logins for “finance@” tools
Passwords reused across systems
Credentials stored in spreadsheets or notes
Former employee accounts not fully removed
Stolen credentials are one of the main ways attackers get in. And in this industry, that’s not theoretical.
Practical fixes:
Eliminate shared accounts wherever possible.
Require a password manager (and train people to use it).
Review access quarterly (especially for money movement systems).
Gap #5: Vendor access and third-party tools aren’t being monitored closely enough
Utah financial firms often rely on outside partners for software, compliance, IT support, marketing platforms, and more. Many firms say “That vendor is big—they’re secure.” However, a vendor can be secure and still become the pathway into your firm if access isn’t controlled.
Some ways to fix this include keeping a simple list of vendors with access to systems or data, requiring MFA for vendor access, and removing vendor accounts when projects end.
Gap #6: Backups exist… but ransomware recovery isn’t tested
Many firms back up data. Fewer firms test recovery in a way that matches real-life downtime pressure. Ransomware is still a core threat in this sector. So the real question isn’t “Do we have backups?” The real questions are:
How fast can we restore?
Who decides what gets restored first?
What happens if the backup system is also impacted?
Practical fixes:
Test restores at least quarterly.
Keep one backup copy protected from deletion (immutable/offline strategy).
Document the top 5 systems needed to operate.
“What we see” vs “what good looks like”
Area | Common gap we see | What good looks like |
|---|---|---|
MFA | Only on email | MFA enforced across all logins that matter |
Wires/payments | Verify “when it feels off” | Verify every time with a known process |
Training | Annual checkbox | Ongoing training + phishing simulations + easy reporting |
Accounts | Shared logins/reused passwords | Unique accounts + password manager + quarterly access review |
Vendors | “They handle security” | Vendor inventory + least-privilege access + MFA required |
Backups | “We back up” | Tested recovery + clear priorities + ransomware-ready plan |
What do compliance expectations have to do with these gaps?
For many financial firms, you need to be protecting your data while also proving you're protecting your data.
The FTC Safeguards Rule requires covered financial institutions to develop, implement, and maintain an information security program designed to protect customer information (FTC).
That matters because the gaps above (training, access controls, vendor oversight, incident readiness) are exactly the areas auditors and regulators tend to focus on.
How do you close cybersecurity gaps without overwhelming your team?
You close cybersecurity gaps by focusing on the “few things” that prevent the most common failures: secure logins, verified payment changes, trained employees who report quickly, controlled vendor access, and tested recovery. Most firms don’t need more tools. They need more consistency.
A simple 90-day plan:
Month 1: MFA everywhere + wire verification process
Month 2: employee training + phishing simulations + reporting workflow
Month 3: vendor access cleanup + backup restore test + incident checklist
How Equinox helps (and the best next step)
At Equinox IT Services, we help Utah financial firms close the real-world gaps that lead to fraud, downtime, and compliance stress, especially the ones tied to employee behavior and email risk.
If you want a low-risk way to improve fast, take advantage of our Security Awareness Training for Employees. Plus, you can try it out for free for 60 days. It’s designed to help your team spot phishing, report faster, and build better habits without disrupting work.
Related
Happy Clients. Healthy Technology.
We founded Equinox with the vision of relieving daily stresses of technology by providing a higher level of service and support.
Since 2002, we have provided exceptional service and support to hundreds of clients. We build our services around protection and advancement for your business through proactive care, backup and disaster recovery, security, and technical support.
Orem, UT 84057