Summary

Firewalls and other protections matter, but cyber-attackers are increasingly going around the tech and straight to the person. United's IT experts lay out three principles every utility should keep in mind to strengthen both their biggest attack surface and strongest early-warning system: people.

Turning Your Biggest Cybersecurity Risk into Your Strongest Defense

by | Jul 14, 2026 | Network Security

People may be the most important cybersecurity investment utilities can make.

In June, United Systems’ IT experts highlighted the growing cyber threat facing utilities and the four priorities for protecting critical infrastructure.

One recommendation stood above the rest: lock down users and train your staff.

Whiteboard comparing overcomplicated utility communication with clear customer language. One side uses technical jargon about elevated consumption patterns, while the other says a bill increased because of cold weather usage. Supporting notes emphasize that clarity reduces frustration and the goal is to be understood. Branded United Systems graphic about plain language in utility customer communication.

Today’s cybercriminals manipulate people, not just networks.

It’s a message echoed throughout the latest issue of Southwest Water Works Journal, where industry leaders emphasize that cybersecurity starts with people—not technology. (Read the issue)

“Technology can be patched overnight. People must be trained continuously,” says Corey Mason, United Network Services Manager.

“Firewalls and MFA matter, but attackers increasingly go around the tech and straight at the person. That means your employees are both the biggest attack surface and the biggest early-warning system.”

Phishing emails. Fake help desk calls. Impersonation texts. Even AI-generated voice cloning. Attackers know utilities often operate with lean security teams, so instead of trying to defeat sophisticated technology, they target human judgment.

“The tactics change, but the psychology doesn’t,” Mason stresses. “Urgency. Authority. Fear. ‘Act now’ pressure. Those levers stay constant even as the delivery method evolves—from email to text to phone to deepfake.”

“Train people to recognize the pattern, and they’ll be prepared for threats that haven’t even been invented yet.”

Mason says every utility should keep three principles in mind to strengthen their early-warning system:

  • Every employee is a sensor. A workforce that knows how to recognize and report suspicious activity becomes an additional layer of detection that attackers can’t simply hack around.
  • Simple habits stop most attacks. The single most effective habit is verifying any request involving money, passwords, or account changes through a second communication channel. Call a known phone number. Don’t simply reply to the email or text.
  • Culture matters as much as content. Frequent, bite-sized, no-blame training is far more effective than an annual compliance video. Employees should feel encouraged—and even praised—for reporting suspicious activity, even when it turns out to be nothing.

Those principles shouldn’t live only in conversation. They should be embedded in your organization’s written cybersecurity policies and procedures.

They should be reinforced through regular phishing simulations and security awareness exercises that help employees recognize real-world threats before they become real-world incidents.

United Systems provides free security awareness training and phishing simulations as part of our Managed IT solutions. Your employees stop being your weakest link and start catching what your firewall misses.

Ready to reduce friction across operations?

Coordinate billing, payments, customer service, metering, work orders, and operational workflows through utility-focused technology and support services. Talk with our team to learn how United Systems supports utilities through technology, operational services, metering, customer service, and workflow management.

United Systems & Software
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.