News / Utah / 

Salt Lake cybersecurity talk aims to help Utahns, business owners prevent online attacks

Greg Johnson gives his presentation during a cybersecurity talk on Thursday in Salt Lake City.

Greg Johnson gives his presentation during a cybersecurity talk on Thursday in Salt Lake City. (Jacob Scholl, KSL.com)



Estimated read time: 4-5 minutes

SALT LAKE CITY — To prevent falling victim to a cyber attack, Provo attorney Steven Sumsion uses an old adage from Benjamin Franklin: "An ounce of prevention is worth a pound of cure."

Sumsion was one of two featured speakers during a talk on cybersecurity and its impacts on Utah businesses Thursday in Salt Lake City, including how a Utah bill passed 2021 can help businesses defend themselves if they are the victim of a cyber attack. The talk was hosted by Utah Tech Leads, a nonpartisan group that focuses on the growth of Utah's tech industries.

Sumsion explained that while cyber attacks on larger companies like Facebook or meatpacking company JBS are more likely to make headlines, an increasing number of attacks are aimed at small businesses. A recent study from the U.S. Small Business Administration found 88% of small business owners felt their business could be at risk of a cyber attack.

Cyber attacks can come in the form of a simple email that could look legitimate, said Greg Johnson, CEO of Webcheck Security in Salt Lake City, during his presentation Thursday.

Johnson gave an example: on a presentation screen, he displayed a screenshot of a recent email he received that showed a link to a DocuSign page — an online tool to sign documents virtually. However, upon close inspection, the header of the email showed an email address listed as being based in Japan, and clicking the link and using login credentials would likely mean that information would be shared with someone orchestrating the cyber attack. This tactic is known as phishing — a type of cyber attack that aims to obtain a user's login credentials and user information.

More often than not, Johnson said, there are people behind these types of cyber attacks.

According to a 2021 study from Verizon on data breaches, roughly 85% of data breaches come from a human element, "meaning somebody opened the door and invited the bad actors in," Johnson said.

Attacks in Utah

On the same day as the Thursday talk, the FBI issued a private industry notification over social media that cyber attacks had been focusing on local governments and public agencies — something one northern Utah community knows all too well.

Clearfield City employees were locked out of their computers and phone lines for days following a ransomware attack, according to previous KSL reporting.

Months later, employees at the University of Utah felt the heat from a cyber attack when Ultimate Kronos Group, or UKG — a platform used to track payroll, scheduling and more — was the victim of an attack in December. The university itself was not victim of the attack, but university officials said afterward that the attack could have impacted overtime pay, hourly employees and medical leave, among other issues.

Resources for businesses

Utahns and Utah business owners have options to prevent falling victim to these types of attacks.

Johnson said that for the average person who may have their personal info leaked in larger cyber attacks, new federal legislation will require companies to disclose data breaches to the government. Johnson said that the federal bill, signed by President Joe Biden earlier this month, requires that cyber attacks be reported to the Cybersecurity and Infrastructure Security Agency, or CISA, within 72 hours and ransom payments must be reported within 24 hours.

Both Johnson and Simsion pointed to a Utah bill passed last year as a resource for businesses trying to protect themselves after cyber attacks.

The Utah Legislature passed HB80 in 2021, which allows businesses to protect themselves from litigation in the event they suffer a data breach. The bill, known as safe harbor legislation, allows companies to create a documented program of what to do in the event of an attack. If the plan is approved and followed in the event of an attack, the company would have an affirmative defense to litigation.

For smaller companies, there are tools like the cyber planner from the Federal Communications Commission, which helps businesses to create their own guides on cybersecurity.

Sumsion said something as simple as staff meetings on cyber security can be preventative measures to attacks. He added that if an employee sees an email they think could be suspicious, ask questions. Being skeptical could turn out to be the ounce of prevention needed to avoid the next cyber attack.

Related stories

Most recent Utah stories

Related topics

Silicon SlopesSalt Lake CountyUtah LegislatureScienceUtahBusiness & Tech
Jacob Scholl joined KSL.com as a reporter in 2021. He covers northern Utah communities, federal courts and technology.

SIGN UP FOR THE KSL.COM NEWSLETTER

Catch up on the top news and features from KSL.com, sent weekly.
By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

KSL Weather Forecast