2025 Open Enrollment Checklist
August 2, 2024
2025 Open Enrollment Checklist

To get ready for open enrollment, employers who sponsor group health plans should be aware of compliance changes affecting the design and administration of their health plans for plan years beginning on or after Jan. 1, 2025. These changes include limits that are adjusted for inflation each year, such as the Affordable Care Act’s (ACA) affordability percentage and cost-sharing limits for high deductible health plans (HDHPs). Employers should review their health plan’s design to confirm that it has been updated, as necessary, for these changes.


In addition, any changes to a health plan’s benefits for the 2025 plan year should be communicated to plan participants through an updated summary plan description (SPD) or a summary of material modifications (SMM).


Health plan sponsors should also confirm that their open enrollment materials contain certain required participant notices, such as the summary of benefits and coverage (SBC), when applicable. Some participant notices must also be provided annually or upon initial enrollment. To minimize costs and streamline administration, employers should consider including these notices in their open enrollment materials.


Plan Design Changes

ACA Affordability Standard

The ACA requires ALEs to offer affordable, minimum-value health coverage to their full-time employees (and dependents) or risk paying a penalty to the IRS. This employer mandate is also known as the “pay-or-play” rules. An ALE is an employer with at least 50 full-time employees, including full-time equivalent employees, during the preceding calendar year.


An ALE’s health coverage is considered affordable if the employee’s required contribution for the lowest cost self-only coverage that provides minimum value does not exceed 9.5% (as adjusted) of the employee’s household income for the taxable year. For plan years beginning in 2024, the adjusted affordability percentage is 8.39%.


The affordability percentage for plan years beginning on or after Jan. 1, 2025, has not been released yet. Going forward, ALEs should take the following steps:


  • Monitor future developments for the IRS’ release of the affordability percentage for 2025; and
  • Once the affordability percentage is released, confirm that at least one of the health plans offered to full-time employees satisfies the ACA’s affordability standard. Because an employer generally will not know an employee’s household income, the IRS has provided three optional safe harbors that ALEs may use to determine affordability based on information that is available to them: the Form W-2 safe harbor, the rate-of-pay safe harbor and the federal poverty line safe harbor.


Out-of-Pocket Maximum Limits

Non-grandfathered health plans and health insurance issuers are subject to limits on cost sharing for essential health benefits (EHB). EHBs reflect the scope of benefits covered by a typical employer plan and must include items and services in 10 general categories, including emergency services, hospitalization, ambulatory patient services, prescription drugs, pregnancy, maternity and newborn care, mental health and substance use disorder services, rehabilitative and habilitative services, laboratory services, preventive and wellness services and chronic disease management, and pediatric services.


The annual limits on total enrollee cost sharing for EHB for plan years beginning on or after Jan. 1, 2025, are $9,200 for self-only coverage and $18,400 for family coverage. With this in mind, employers should take the following steps:


  • Review the out-of-pocket maximum limits for the health plan to ensure they comply with the ACA’s limits for the 2025 plan year; and
  • Keep in mind that the out-of-pocket maximum limits for HDHPs compatible with HSAs must be lower than the ACA’s limits. For the 2025 plan year, the out-of-pocket maximum limits for HDHPs are $8,300 for self-only coverage and $16,600 for family coverage.


Preventive Care Benefits

The ACA requires non-grandfathered health plans and issuers to cover a set of recommended preventive services without imposing cost-sharing requirements, such as deductibles, copayments or coinsurance, when the services are provided by in-network providers. The recommended preventive care services covered by these requirements are:


  • Evidence-based items or services with an A or B rating in recommendations of the U.S. Preventive Services Task Force;
  • Immunizations recommended by the Advisory Committee on Immunization Practices for routine use in children, adolescents and adults;
  • Evidence-informed preventive care and screenings in guidelines supported by the Health Resources and Services Administration (HRSA) for infants, children and adolescents; and
  • Other evidence-informed preventive care and screenings in HRSA-supported guidelines for women.


Health plans and issuers are required to adjust their first-dollar coverage of preventive care services based on the latest preventive care recommendations. In general, coverage must be provided for a newly recommended preventive health service or item for plan years beginning on or after the one-year anniversary of when the recommendation was issued. For example, health plans and issuers must cover screenings for anxiety disorders in adults, including pregnant and postpartum patients, effective for plan years beginning on or after June 30, 2024 (e.g., the plan year beginning Jan. 1, 2025, for calendar-year plans). More information on the recommended preventive care services is available at www.HealthCare.gov.


Before the beginning of the 2025 plan year, employers should take the following step:


  • Confirm the health plan covers the latest recommended preventive care services without imposing any cost sharing when the care is provided by in-network providers.


Health FSA Contributions

The ACA imposes a dollar limit on employees’ pre-tax contributions to a health FSA. This limit is indexed each year for cost-of-living adjustments. An employer may set their own dollar limit on employees’ contributions to a health FSA as long as the employer’s limit does not exceed the ACA’s maximum limit in effect for the plan year. For plan years beginning in 2024, the health FSA limit is $3,200. The IRS has not yet released the health FSA limit for plan years beginning in 2025. Moving forward, employers with health FSAs should take these steps:


  • Monitor future developments for the release of the health FSA limit for 2025;
  • Once the IRS releases the health FSA limit, confirm that employees will not be allowed to make pre-tax contributions in excess of the limit for the 2025 plan year; and
  • Communicate the health FSA limit to employees as part of the open enrollment process.


HDHP and HSA Limits

The IRS limits for HSA contributions, HDHP minimum deductibles and HDHP maximum out-of-pocket expenses all increase for 2025. The HSA contribution limits will increase effective Jan. 1, 2025, while the HDHP cost-sharing limits will increase effective for plan years beginning on or after Jan. 1, 2025. Looking ahead, employers should take these steps:



  • Check whether HDHP cost-sharing limits need to be adjusted for the 2025 limits; and
  • Communicate HSA contribution limits for 2025 to employees as part of the enrollment process.


The following table contains the HDHP and HSA limits for 2025 compared to 2024. It also includes the catch-up contribution limit that applies to HSA-eligible individuals age 55 and older, which is not adjusted for inflation and stays the same from year to year.

HDHPs: Expiration of Design Options

To be eligible for HSA contributions for a month, an individual must be covered under an HDHP as of the first day of the month and have no other impermissible coverage. In general, except for preventive care benefits, no benefits can be paid by an HDHP until the minimum annual deductible has been satisfied. However, there are a few narrow exceptions to the minimum deductible requirement, including the following exceptions that are expiring:


  • For plan years ending after Dec. 31, 2024, an HDHP is no longer permitted to provide benefits for COVID-19 testing and treatment without a deductible (or with a deductible below the minimum deductible for an HDHP); and
  • For plan years beginning on or after Jan. 1, 2025, an HDHP is no longer permitted to provide benefits for telehealth or other remote care services before plan deductibles have been met.


Due to these changes, employers with HDHPs should take these steps for plan years beginning in 2025:


  • Confirm that HDHPs will not pay benefits for COVID-19 testing and treatment before the annual minimum deductible has been met;
  • Confirm that HDHPs will not pay benefits for telehealth or other remote care services (except for preventive care benefits) before the annual minimum deductible has been met; and
  • Notify plan participants of any changes for the 2025 plan year regarding COVID-19 testing and treatment and telehealth services through an updated SPD or SMM.


EBHRA Limit

An excepted benefit health reimbursement arrangement (EBHRA) is an employer-funded health care account that reimburses employees for their eligible medical expenses on a tax-free basis. Employers can use EBHRAs to supplement their traditional group health plan coverage and help employees with their out-of-pocket medical expenses, including deductible, copayment and coinsurance amounts. Employers of all sizes may offer EBHRAs. Although an employer must offer a traditional group health plan, employees are not required to enroll in the employer’s group coverage (or any other type of coverage) to be eligible for the EBHRA.


Only employers can contribute to HRAs, including EBHRAs. EBHRAs are subject to a maximum amount that may be made newly available for the plan year. This maximum amount is adjusted annually for inflation. For 2024 plan years, the contribution limit is $2,100. This limit increases to $2,150 for plan years beginning in 2025.


Employers that sponsor EBHRAs should take the following steps:


  • Decide how much will be contributed to the EBHRA for eligible employees for the 2025 plan year, up to a maximum of $2,150; and
  • Communicate the EHBRA’s annual benefit amount to employees as part of the open enrollment process.


Mental Health Parity – Required Comparative Analysis for NQTLs

The Mental Health Parity and Addiction Equity Act (MHPAEA) requires parity between a group health plan’s medical/surgical benefits and its mental health or substance use disorder (MH/SUD) benefits. These parity requirements apply to financial requirements and treatment limits for MH/SUD benefits. In addition, any nonquantitative treatment limitations (NQTLs) placed on MH/SUD benefits must comply with MHPAEA’s parity requirements. For example, NQTLs include prior authorization, step therapy protocols, network adequacy and medical necessity criteria.


MHPAEA requires health plans and issuers to conduct comparative analyses of the NQTLs used for medical/surgical benefits compared to MH/SUD benefits. This analysis must contain a detailed, written and reasoned explanation of the specific plan terms and practices at issue and include the basis for the plan’s or issuer’s conclusion that the NQTLs comply with MHPAEA. Plans and issuers must make their comparative analyses available to specific federal agencies or applicable state authorities upon request. In recent years, the U.S. Department of Labor (DOL) has made MHPAEA compliance a top enforcement priority, with a primary focus being MHPAEA’s parity requirements for NQTLs. Considering this information, employers should take the following step:


  • Reach out to health plan issuers (or third-party administrators) to confirm that comparative analyses of NQTLs will be updated, if necessary, for the plan year beginning in 2025.


Prescription Drug Benefits – Creditable Coverage Determination

The Inflation Reduction Act of 2022 (IRA) includes several cost-reduction provisions affecting Medicare Part D plans, which may impact the creditable coverage status of employer-sponsored prescription drug coverage beginning in 2025. For example, effective for 2025, Medicare enrollees’ out-of-pocket costs for prescription drugs will be capped at $2,000.


Employers that provide prescription drug coverage to individuals who are eligible for Medicare Part D must inform these individuals and the Centers for Medicare and Medicaid Services (CMS) whether their prescription drug coverage is creditable, meaning that the employer’s prescription drug coverage is at least as good as Medicare Part D coverage. These disclosures must be provided on an annual basis and at certain other designated times, including when there is a change to a prescription drug benefit’s creditable coverage status.


Previously, CMS stated that one of the methods for determining whether coverage is creditable (the “simplified determination” method) would no longer be valid as of calendar year 2025, given the significant changes made to Medicare Part D by the IRA. However, CMS subsequently decided that it will continue to permit the use of the simplified determination methodology, without modification, for calendar year 2025 for group health plan sponsors who are not applying for the retiree drug subsidy.


Due to these developments, employers should take the following steps:


  • Confirm whether their health plans’ prescription drug coverage for 2025 is creditable or noncreditable as soon as possible to prepare to send the appropriate Medicare Part D disclosure notices; and
  • Continue to utilize the simplified determination method for determining whether prescription drug coverage is creditable for 2025, if applicable.


Open Enrollment Notices

Employers who sponsor group health plans should provide certain benefits notices in connection with their plans’ open enrollment periods. Some of these notices must be provided at open enrollment time, such as the SBC. Other notices, such as the WHCRA notice, must be distributed annually. Although these annual notices may be provided at different times throughout the year, employers often choose to include them in their open enrollment materials for administrative convenience.


In addition, employers should review their open enrollment materials to confirm that they accurately reflect the terms and cost of coverage. In general, any plan design changes for 2025 should be communicated to plan participants either through an updated SPD or an SMM.


Summary of Benefits and Coverage

The ACA requires health plans and health insurance issuers to provide an SBC to applicants and enrollees each year at open enrollment or renewal time. Federal agencies have provided a template for the SBC, which health plans and issuers are required to use. To comply with the SBC requirements, employers should include an updated SBC with open enrollment materials.


Take note that the plan administrator is responsible for providing the SBC for self-funded plans. For insured plans, the issuer usually prepares the SBC. If the issuer prepares the SBC, an employer is not required to also prepare an SBC for the health plan, although they may need to distribute the SBC prepared by the issuer.


Medicare Part D Notices

Group health plan sponsors must provide a notice of creditable or noncreditable prescription drug coverage to Medicare Part D-eligible individuals covered by, or who apply for, prescription drug coverage under the health plan. This creditable coverage notice alerts individuals about whether their prescription drug coverage is at least as good as the Medicare Part D coverage. The notice generally must be provided at various times, including when an individual enrolls in the plan and each year before Oct. 15 (when the Medicare annual open enrollment period begins). Model notices are available on the Centers for Medicare and Medicaid Services’ website.


Annual CHIP Notices

Group health plans covering residents in a state that provides a premium subsidy to low-income children and their families to help pay for employer-sponsored coverage must send an annual CHIP notice about the available assistance to all employees residing in that state. The DOL has provided a model notice. Employers should confirm they are using the most recent model notice, as the DOL updates it regularly.


Initial COBRA Notices

COBRA applies to employers with 20 or more employees who sponsor group health plans. Group health plan administrators must provide an initial COBRA notice to new participants and certain dependents within 90 days after plan coverage begins. The initial COBRA notice may be incorporated into the plan’s SPD. A model initial COBRA notice is available from the DOL.


SPDs

Plan administrators must provide an SPD to new participants within 90 days after plan coverage begins. Any changes made to the plan should be reflected in an updated SPD booklet or described to participants through an SMM. Also, an updated SPD must be furnished every five years if changes are made to SPD information or the plan is amended. Otherwise, a new SPD must be provided every 10 years.


Notices of Patient Protections

Under the ACA, group health plans and issuers that require the designation of a participating primary care provider must permit each participant, beneficiary and enrollee to designate any available participating primary care provider (including a pediatrician for children). Additionally, plans and issuers that provide obstetrical/gynecological care and require a designation of a participating primary care provider may not require preauthorization or referral for such care. If a health plan requires participants to designate a participating primary care provider, the plan or issuer must provide a notice of these patient protections whenever the SPD or similar description of benefits is provided to a participant. If an employer’s plan is subject to this notice requirement, they should confirm that it is included in the plan’s open enrollment materials. This notice may be included in the plan’s SPD. Model language is available from the DOL.


Grandfathered Plan Notices

If an employer has a grandfathered plan, they should make sure to include information about the plan’s grandfathered status in plan materials describing the coverage under the plan, such as SPDs and open enrollment materials. Model language is available from the DOL.


Notices of HIPAA Special Enrollment Rights

At or before the time of enrollment, an employer’s group health plan must provide each eligible employee with a notice of their special enrollment rights under HIPAA. This notice may be included in the plan’s SPD.


HIPAA Privacy Notices

The HIPAA Privacy Rule requires covered entities (including group health plans and issuers) to provide a Notice of Privacy Practices (or Privacy Notice) to each individual who is the subject of protected health information (PHI). Health plans are required to send the Privacy Notice at certain times, including to new enrollees at the time of enrollment. Also, at least once every three years, health plans must either redistribute the Privacy Notice or notify participants that the Privacy Notice is available and explain how to obtain a copy.


Self-insured health plans must maintain and provide their own Privacy Notices. However, special rules apply for fully insured plans, where the health insurance issuer, not the plan itself, is primarily responsible for the Privacy Notice.


Special Rules for Fully Insured Plans

The sponsor of a fully insured health plan has limited responsibilities with respect to the Privacy Notice, including the following:


  • If the sponsor of a fully insured plan has access to PHI for plan administrative functions, they are required to maintain a Privacy Notice and provide the notice upon request; and
  • If the sponsor of a fully insured plan does not have access to PHI for plan administrative functions, they are not required to maintain or provide a Privacy Notice.


A plan sponsor’s access to enrollment information, summary health information and PHI that is released pursuant to a HIPAA authorization does not qualify as having access to PHI for plan administration purposes.


Model Privacy Notices are available through the U.S. Department of Health and Human Services.


WHCRA Notices

Plans and issuers must provide a notice of participants’ rights to mastectomy-related benefits under the WHCRA at the time of enrollment and on an annual basis. The DOL’s compliance assistance guide includes model language for this disclosure.


SARs

Plan administrators required to file Form 5500 must provide participants with a narrative summary of the information in Form 5500, called a summary annual report (SAR). Group health plans that are unfunded (that is, benefits are payable from the employer’s general assets and not through an insurance policy or trust) are not subject to the SAR requirement. The plan administrator generally must provide the SAR within nine months of the close of the plan year. If an extension of time to file Form 5500 is obtained, the plan administrator must furnish the SAR within two months after the close of the extension period. A model notice is available from the DOL.


Wellness Program Notices

Group health plans that include wellness programs may be required to provide certain notices regarding the program’s design. As a general rule, these notices should be provided when the wellness program is communicated to employees and before employees provide any health-related information or undergo medical examinations. These notices are required in the following situations:


  • HIPAA Wellness Program Notice—HIPAA imposes a notice requirement on health-contingent wellness programs offered under group health plans. Health-contingent wellness plans require individuals to satisfy standards related to health factors (e.g., not smoking) to obtain rewards. The notice must disclose the availability of a reasonable alternative standard to qualify for the reward (and, if applicable, the possibility of waiver of the otherwise applicable standard) in all plan materials describing the terms of a health-contingent wellness program. The DOL’s compliance assistance guide includes a model notice that can be used to satisfy this requirement.
  • Americans with Disabilities Act (ADA) Wellness Program Notice—Employers with 15 or more employees are subject to the ADA. Wellness programs that include health-related questions or medical exams must comply with the ADA’s requirements, including an employee notice requirement. Employers must give participating employees þ a notice that tells them what information will be collected as part of the wellness program, with whom it will be shared and for what purpose, as well as includes the limits on disclosure and the way information will be kept confidential. The U.S. Equal Employment Opportunity Commission has provided a sample notice to help employers comply with this ADA requirement.


ICHRA Notices

Employers may use individual coverage health reimbursement arrangements (ICHRAs) to reimburse their eligible employees for insurance policies purchased in the individual market or for Medicare premiums. Employers with ICHRAs must provide a notice to eligible participants about the ICHRA and its interaction with the ACA’s premium tax credit. In general, this notice must be provided at least 90 days before the beginning of each plan year. Employers may provide this notice at open enrollment time if it is at least 90 days prior to the beginning of the plan year. A model notice is available for employers to use to satisfy this notice requirement.


LINKS AND RESOURCES

Sign up for our newsletter.

Embrace the Future of HCM: AI, Automation, and Scalability | Simco + isolved

March 24, 2025
The future of work is changing fast, and HR leaders are taking notice. More than half of companies are planning to switch their HCM platform this year—but not just for any solution. They’re looking for intelligent, scalable, and AI-driven technology that doesn’t just process payroll but actively enhances business operations. The days of rigid, outdated systems are over. Now, businesses need platforms that adapt, automate, and evolve alongside them. At Simco, we’re passionate about delivering the most advanced, transformative solutions to our clients. That’s why we’ve partnered with isolved, a recognized leader in the HCM space, to provide our clients with a powerful, AI-enabled platform that makes workforce management effortless. With a focus on automation, predictive analytics, and employee experience, isolved is changing the game for small and mid-sized businesses—and we’re here to help you make the most of it. Why isolved Stands Out in the HCM Market For the second consecutive year, Nucleus Research has named isolved a leader in its HCM Value Matrix for Small and Medium-Sized Businesses (SMBs). The firm’s analysis highlights isolved’s enterprise-grade functionality, designed specifically for SMBs looking to streamline operations, enhance compliance, and leverage AI to drive efficiency. isolved’s adaptability ensures it evolves alongside customer needs. Whether an organization’s HR function matures or its priorities shift, isolved is uniquely positioned to support its success through continuous innovation. In 2024, the company launched 480+ product enhancements directly driven by direct customer feedback. Nucleus Research’s report also highlights several key updates, including: isolved's Candidate Match Tool , an AI-powered feature that evaluates and ranks candidates, streamlining the hiring process. Enhanced Talent Acquisition Services , including recruitment process outsourcing (RPO), job placement assistance, and comprehensive hiring solutions for quick-service restaurants (QSRs). A Broadened Content Library, now with over 95,000 courses designed for employee training, compliance, and professional development. A Next-Gen Time Clock , featuring advanced facial recognition and remote access for secure and accurate time tracking. The Power of Partnership: Simco + isolved While technology is the foundation, the real value comes from how it’s applied. At Simco, we don’t just provide software—we offer a full-service HCM and advisory solution, ensuring that all aspects of workforce management integrate seamlessly. Our clients benefit from: A Dedicated Client Success Manager – Your go-to resource who oversees your relationship with Simco, ensuring that every service—HCM, HR advisory, benefits, insurance, and retirement—works together without gaps. A Fully Integrated HCM & Advisory Solution – No need to juggle multiple vendors for payroll, HR advisory, employee benefits, commercial insurance, and 401(k)/retirement plans. Simco is your one-stop shop for all workforce solutions.  Strategic Guidance & Ongoing Optimization – We help businesses maximize their investment in HCM technology while aligning it with compliance, employee engagement, and long-term growth goals. As businesses evolve, so do their workforce management needs. By combining isolved’s leading-edge technology with Simco’s hands-on service and industry expertise, we help businesses stay ahead of change, improve efficiency, and create better employee experiences. Ready to explore the future of HCM? Contact Simco today to learn how our partnership with isolved can transform your workforce operations.

How to Protect Your Business from Phishing Attacks and Spoofed Domains

March 3, 2025
Cybercriminals continue to evolve their tactics, making phishing attacks more sophisticated and harder to detect. Every day, countless phishing emails reach inboxes, often with the intent to steal sensitive information or spread malware. Unfortunately, many of these attacks succeed in just a matter of seconds— the median time for users to fall for phishing emails is less than 60 seconds according to the 2024 Verizon Data Breach Investigations Report . With stolen credentials being one of the most popular methods of attack, businesses face increasing risks as these types of cyber threats become more complex and dangerous. How Phishing and Spoofed Domains Work Phishing attacks aim to trick employees into revealing sensitive information, often through: Fraudulent Email Links – These emails appear to be from trusted sources but contain malicious links that install malware or steal login credentials. Look-Alike Domains – Hackers create fake websites that resemble real business portals, altering a single character in the domain (e.g., “micr0soft.com” instead of “microsoft.com”). Credential Theft – Once hackers obtain login credentials, they sell them on the dark web, leading to widespread data breaches. Red Flags: How to Identify a Phishing Email Unusual Sender Addresses – Cybercriminals often spoof email addresses to look like trusted sources. Carefully inspect the sender's domain name for typos, extra characters, or strange formatting. A genuine email from "paypal.com" could be faked as "paypall.com" or "paypal-support.com." Urgent or Threatening Language – Many phishing emails attempt to create a sense of urgency, claiming that an account will be suspended, a payment has failed, or legal action is imminent. If an email pressures you into immediate action, be suspicious. Unexpected Attachments or Links – Hover over hyperlinks before clicking to see the actual URL destination. If the web address looks unfamiliar or mismatched with the sender's identity, do not click. Similarly, attachments that appear out of context—especially ZIP files, PDFs, or Word documents—could contain malware. Requests for Sensitive Information – Legitimate organizations will never ask for passwords, Social Security numbers, or banking details via email. If an email requests confidential information, verify with the company directly using a trusted phone number. Generic Greetings or Poor Grammar – Emails that start with “Dear Customer” instead of your name, or those containing awkward phrasing and misspellings, often indicate phishing attempts. Many cybercriminals operate internationally and use machine translations, leading to unnatural wording. Best Practices to Protect Your Business Train Employees Regularly – Frequent security awareness training helps employees recognize phishing attempts. Past studies by Proofpoint show that companies with ongoing cybersecurity training reduce phishing-related breaches by up to 60%. Implement simulated phishing tests to reinforce learning. Enable Multi-Factor Authentication (MFA) – MFA significantly decreases the chances of an account being compromised, even if login credentials are stolen. Microsoft reports that MFA can block over 99% of automated cyberattacks . Ensure all employees activate MFA for business accounts. Verify Requests Independently – If an email asks for sensitive actions (e.g., wire transfers, login changes, or software downloads), confirm the request through a known and trusted contact method. Never use the phone number or link provided in the email —instead, visit the company's official website or call using a verified number. Monitor and Filter Emails – Implement robust email security tools that automatically flag suspicious messages. Advanced filtering systems, like those offered by Barracuda Networks, can block over 90% of phishing emails before they reach inboxes. Encourage a Report-First Culture – Employees should feel empowered to report suspicious emails even if they are unsure. IT teams can analyze these reports to strengthen cybersecurity measures. Early detection prevents widespread damage. Use a Password Manager – Employees often reuse passwords across multiple accounts, increasing security risks. Encourage the use of password managers like 1Password or LastPass to generate and store complex passwords securely. New Tactic: The Rise of QR Code Phishing ("Quishing") QR code phishing, or "quishing," is a new phishing tactic gaining momentum as attackers exploit the widespread use of QR codes. Unlike traditional phishing, which relies on malicious email links, quishing uses QR codes to redirect users to fake websites designed to steal login credentials. Several factors contribute to quishing's success: Ubiquity : QR codes are now commonly used for payments, tickets, and documents, reducing suspicion when they appear in emails. Minimal Text : Unlike traditional phishing emails, quishing messages often contain little text, making them harder for security systems to flag. Mobile Vulnerability : QR codes are scanned on personal devices, which typically lack the protection of corporate systems. According to Abnormal Security , 90% of quishing attacks involve credential phishing , where users are tricked into entering sensitive data. Another common tactic is using fraudulent MFA alerts, which account for 27% of attacks , while 21% involve fake document-signing requests . Final Thoughts At the end of the day, protecting your company from phishing and cyber threats requires more than just technology—it’s about the people behind it. By fostering a culture of awareness and encouraging open communication, you empower your employees to be the first line of defense. Together, with vigilance and the right tools in place, you can ensure the safety of your sensitive data and build a more secure future for your business.

7 Thoughtful Ways to Celebrate Employee Appreciation Day

February 28, 2025
Employee Appreciation Day, which falls on March 7th this year, is an ideal occasion to express gratitude for the hard work and dedication of your employees. At Simco, we recognize that employee appreciation shouldn’t be limited to just one day, but this day presents a special opportunity to go above and beyond in showing your team how much they mean to the success of your organization. When employees feel recognized and valued, it enhances morale, engagement, and ultimately, productivity. Here are several thoughtful and impactful ways to celebrate Employee Appreciation Day, creating lasting positive effects for both your employees and your company. 1. Personalized Appreciation Nothing shows employees you truly value them more than personalized recognition. Tailor your appreciation efforts to each individual, acknowledging their unique contributions and the impact they’ve made. Personalized gestures help employees feel recognized for the specific work they’ve done, making the appreciation feel authentic and meaningful. You can: Write Personalized Thank-You Notes : Take the time to write handwritten notes to your employees, thanking them for their specific achievements and how they contribute to the company’s overall success. Publicly Acknowledge Contributions : During a company meeting or via a group email, recognize each team member's individual contributions, celebrating their efforts with concrete examples. Employee Spotlights : Feature standout employees in your internal newsletter or on social media to highlight their unique strengths and hard work. 2. Host an Engaging Celebration Employee Appreciation Day is an excellent time to host a celebration that brings everyone together, whether virtually or in person. A well-planned event can boost morale and provide a chance for employees to connect with one another outside of their usual work routines. Ideas for celebration include: Catered Meals or Special Treats : Provide lunch, snacks, or a special treat to make the day feel celebratory. A fun lunch or dessert bar can offer an opportunity for employees to mingle and bond. Themed Events : Host a fun, themed event such as a retro office party or a “thank you” happy hour where employees can unwind and enjoy themselves. Virtual Celebration : For remote or hybrid teams, set up a virtual event like a game or trivia session where employees can engage and laugh together. 3. Offer Tangible Tokens of Appreciation While a simple thank-you is powerful, offering a meaningful gift can take employee appreciation to the next level. Thoughtful rewards can show your team that you not only recognize their hard work but are also willing to invest in their well-being. Consider: Gift Cards : Offer gift cards to popular retailers, restaurants, or online stores, allowing employees to pick out something they personally enjoy. Wellness Incentives : Gifts that promote health and wellness—such as fitness trackers, yoga classes, or access to mental health resources—show employees you care about their overall well-being. Company Merchandise : High-quality, branded merchandise like apparel, accessories, or tech gadgets can serve as a lasting reminder of your appreciation. 4. Invest in Professional Development One of the most meaningful ways to honor your employees is by helping them grow professionally. Employee Appreciation Day is a great time to invest in their future, whether through formal training, new opportunities, or fostering leadership skills. Ways to offer growth opportunities include: Learning Stipends : Offer financial support for employees to pursue further education, certifications, or online courses that align with their career goals. Internal Development Programs : Launch mentorship initiatives or leadership programs that enable employees to expand their skill sets within the organization. Growth Opportunities : Encourage employees to explore new roles or responsibilities that align with their career aspirations, reinforcing your commitment to their long-term success. 5. Encourage Peer Recognition Employee appreciation doesn’t have to be a one-way street from management to employees. Encouraging peer-to-peer recognition helps build a strong team culture, where employees feel supported and valued by their colleagues as well. This helps foster camaraderie and teamwork, which benefits the entire organization. Ideas for peer recognition: Peer-to-Peer Appreciation Platforms : Create an internal platform where employees can nominate or thank their colleagues for their contributions, highlighting specific ways they've gone above and beyond. Recognition Wall : Set up a virtual or physical wall where employees can post messages of appreciation for their peers, encouraging a culture of gratitude. Monthly Recognition : Implement a peer-nominated “Employee of the Month” program to recognize and reward employees for their ongoing contributions. 6. Give Back Employee Appreciation Day also provides an opportunity to show gratitude by giving back to the community. Many employees value working for companies that have a strong sense of corporate social responsibility. By organizing a charitable event or initiative, you demonstrate that your organization cares about making a positive difference beyond the workplace. Ideas for giving back include: Company Volunteer Days : Organize a day of service where employees can volunteer at a local charity or nonprofit, allowing them to contribute to causes they care about while bonding with their colleagues. Matching Donations : Offer to match employee donations to their favorite charities, demonstrating that you support their personal values and causes. Charitable Fundraising Events : Host fundraising activities or auctions with proceeds going to a charitable organization chosen by the team. 7. Seek Feedback Finally, a key part of showing appreciation is listening to your employees and gathering feedback on how they feel valued. Employee Appreciation Day offers the perfect occasion to ask for input on what makes them feel appreciated and what could be improved. This helps ensure that future efforts are even more meaningful. Ways to gather feedback: Anonymous Surveys : Send out a survey asking employees what makes them feel most appreciated and if they have any suggestions for improving recognition practices. One-on-One Check-ins : Arrange individual meetings with employees to hear their thoughts on workplace culture and recognition, providing an opportunity for honest feedback. Cultivating a Culture of Appreciation Year-Round Employee Appreciation Day is a special occasion, but the benefits of recognizing your team should last well beyond this single day. When employees feel consistently valued and appreciated, it leads to higher morale, greater job satisfaction, and increased engagement. By investing in recognition efforts, offering meaningful rewards, and fostering a culture of appreciation, you ensure that your team remains motivated, happy, and productive all year long. At Simco, we believe that lifting and supporting employees is integral to creating a thriving workplace. Whether you celebrate Employee Appreciation Day with gifts, events, or personalized recognition, taking the time to show gratitude is a small gesture that can have a lasting impact on both your employees and your business.

Have a question? Get in touch.

Share by: