Advice for Avoiding a Ransomware Attack
May 26, 2021
Advice for Avoiding a Ransomware Attack

Advice for Avoiding a Ransomware Attack


Earlier this month the country once again bore the consequences of a cyber security breach when Russian hackers, calling themselves DarkSide, coordinated an attack on the computer network of the Colonial Pipeline Co., a major gas pipeline that provides almost half of the gas supply to the East Coast of our country. The Colonial Pipeline Co. paid out a hefty ransom of $4.4 million to get control of their business network back from hackers who had taken over. The decision to pay the ransom did not come lightly and was not agreed upon by some experts, such as the FBI who maintain a policy of not paying ransom to terrorists, but the CEO felt obliged to get the gas supply up and running again for the millions of Americans who were being affected by the shortage of gas and millions more who would pay the price as supply could not keep up with demand.


Targeted attacks are no accident, there is a process that hackers follow that is somewhat predictable, but with awareness and security measures firmly in place are also preventable. Good security protocols that are followed and backed up by continuous monitoring of security are the only hope to prevent this from happening to you. Even with vigilant practices an organization weakest point is usually a human error, so training is imperative to prevention.


How ransomware works

The first step of a ransomware attack is reconnaissance. These bad actors research their targets in advance to determine the likelihood of ransom payment and they identify vulnerabilities and access points. Your business should stay vigilant in security measures and have access points monitored and checked regularly for flaws. Once access points are identified, the hackers use their skills exploiting these by obtaining credentials through phishing, using default passwords, or purchasing access to systems through the dark web. The best way to prevent this is to use secure passwords, double authentication, and train employees on staying vigilant against phishing. It’s also a good idea to have any terminated employees’ access completely cut off as early as possible in the separation process.


Once a hacker gains access to your network, the name of the game is to maintain an open door.  They do this by using malware to create back doors into the system that ensure maintained entry into your network. The next step is to encrypt or destroy your back ups and move through your network looking for additional systems and back-ups to control, encrypt or destroy. Once in control of your network these threat actors steal your data and use this as leverage to force the organization to pay a ransom by threatening to disclose the stolen data publicly and/or they encrypt as many files and systems as possible across the network to refuse you the ability to utilize your network.


Once your data and network are firmly in their handcuffs, a ransom will be requested to release the encrypted files and allow you access. If the victim organization chooses to pay the ransom, usually an experienced incident response firm is engaged to assist with the negotiation of the demand and facilitate the cryptocurrency payment. If the ransom is paid, a decryption key is provided by the hackers and data recovery can occur. If the ransom is not paid the organization must either recover the files from a clean back up or rebuild the files and system from scratch which could take several weeks or months to recover.  


What you can do to avoid ransomware attacks

The dark web is upon us and there are dark forces that work around the clock looking for large payouts and easy targets. Don’t be an easy target! Utilize your IT Security protocols vigilantly, consider a threat assessment by an expert and consider purchasing Cyber Security Insurance for breach response assistance. There are several products available to fit a variety of sizes and types of businesses that protect your business assets in the event of a breach of personally identifiable information, a hostile takeover of your network, interruption of your cloud or the introduction of malware to your system.


Talk to our licensed agent today about products available to protect your organization. In the underwriting process you may find additional tips on security measures that you hadn’t considered before and you can rely on a partner to help get your business through to the other side in case of a cyber security event.

 

The facts

In 2020 ransom and extortion claims accounted for 1 in every 5 cyber claims, up from 1 in every 10 cyber claims in 2018.

 

A ransomware attack on businesses is predicted every 11 seconds, and the global ransomware damage costs predicted to reach $20bn in 2021, up from $325m in 2015.


According to an AIG observation, network outages and business interruption from global ransom and extortion claims are lasting 7-10 days .


By 2025, global cybercrime costs is estimated to reach $10.5 trillion.

Sign up for our newsletter.

Your Guide to 4th of July Fun, Fireworks, and Celebrating Safely in Ontario County

June 30, 2025
The Fourth of July is almost here, and communities across Ontario County are gearing up for a weekend filled with parades, fireworks, and hometown celebrations. Whether you're heading out for live music and lawn games or simply enjoying time with friends and family, there are plenty of ways to celebrate locally. At Simco, we’re proud to support our neighbors with practical tips to enjoy the holiday safely, while making sure your insurance coverage is up to date and ready for the unexpected. Where to Watch Fireworks in Ontario County JULY 3 Farmington – Fireworks at dusk with food trucks and live music starting at 6 PM (Farmington Town Park) Honeoye Lake – The beloved “Ring of Fire” lights up the lake, with parking available at Sandy Bottom Park JULY 4 Canandaigua – Lincoln Hill Farms hosts an all-day celebration (1–10 PM) with fireworks after dark, music, games, and more. ($30 parking, cash only) JULY 5 Canandaigua North Shore – Keep the celebrations going with another round of fireworks at dark JULY 11 Geneva – Free Summerfest fireworks at 9:45 PM at the Geneva Recreation Center Parade Lineup JULY 3 Honeoye – Parade at 7 PM from United Church to Sandy Bottom Park. Stick around for the Honeoye Community Band and the Ring of Fire afterward! JULY 4 Canandaigua – The city’s annual 4th of July Parade kicks off at 10 AM from City Hall and heads south along Main Street JULY 12 Geneva – Firefighters Parade begins at 7 PM on Exchange Street, ending at the Geneva Rec Center for SummerFest festivities What Fireworks Are Legal in New York? While fireworks are a staple of July 4th, not everything that sparks and explodes is legal in New York State. Using illegal fireworks can actually void your insurance coverage if something goes wrong. What’s Allowed in NY: Ground-based or handheld sparkling devices (like cylindrical fountains or cones) Wooden sparklers/dipped sticks Party poppers Snappers (the small “pop” ones) What’s Not Allowed (and Not Covered): Aerial consumer fireworks Firecrackers Chasers Roman candles Skyrockets Bombs (even small ones!) Metal wire sparklers (they burn much hotter than they look) Quick Tip: If it launches into the sky or explodes, it’s not legal. Stick to sparklers and save yourself a potential insurance headache. Insurance Tips for a Safe Holiday A little awareness goes a long way in protecting your home, family, and peace of mind this 4th of July. Stay within NY guidelines. If an incident is caused by illegal fireworks, your insurer may deny the claim. Keep safety front and center. Supervise all activities involving sparklers or devices and keep water nearby for emergencies. Know what your policy covers. Not every homeowner’s policy includes damage from fireworks-related accidents. If you’re unsure, reach out. We’re happy to review your coverage. Report incidents quickly. Prompt reporting helps ensure claims are handled smoothly and effectively. From All of Us at Simco We’re wishing you a joyful, memorable, and safe Independence Day. Whether you’re lighting up the sky with sparklers or relaxing lakeside with family, we’re here to help you protect what matters most, before, during, and after the festivities. Have questions about your insurance coverage this summer? 📞 Call us at 585-394-5482 or visit our Contact Us page.

Understanding Accent Discrimination in the Workplace: How Employers Can Lead with Inclusion

June 25, 2025
As organizations continue to grow and diversify, the way we communicate at work is evolving, bringing new opportunities for inclusion as well as potential blind spots. One issue that often goes overlooked is accent discrimination: the tendency to judge, exclude, or undervalue individuals based on their speech patterns, dialect, or pronunciation. While accents are often rooted in geography, heritage, or culture, bias toward or against certain ways of speaking can influence decisions in hiring, promotions, evaluations, and daily interactions. For employers, particularly those in small to mid-sized organizations, understanding where this shows up and how to respond isn’t just about creating a respectful workplace. It’s also essential for risk mitigation and legal compliance. What Constitutes Accent Discrimination? Accent discrimination occurs when employees or candidates are treated unfairly due to the way they speak. This type of treatment may stem from overt, conscious bias, such as assuming someone is less capable based on how they sound, or from more subtle, unconscious preferences, like favoring those who speak in what’s perceived as a “standard” or “neutral” accent. Legally, accent-based discrimination can be considered a form of national origin discrimination, which is prohibited under Title VII of the Civil Rights Act. Many states reinforce these protections through their own civil rights laws. Employers should be aware that even unintentional practices, such as informal communication preferences or subjective feedback, can result in compliance issues or reputational damage. Clear Communication vs. Discriminatory Practice It is important to distinguish between legitimate communication needs and bias. In certain narrowly defined circumstances, an accent may be relevant to an employee’s ability to perform essential duties. For instance, in roles that require precise, real-time verbal communication, such as emergency response or high-risk operational jobs, an employer may need to assess whether a language barrier or speech pattern materially interferes with safety or accuracy. However, such evaluations must be backed by objective evidence and a clearly defined business necessity. Vague discomfort, personal preference, or client feedback based on unfamiliarity are not valid reasons to deny someone an opportunity. Any decision related to an accent must be both job-related and supported by measurable performance impacts. Standardize Hiring and Promotion Processes to Minimize Bias One of the most effective ways to reduce the risk of discrimination is by formalizing your hiring and promotion practices. Employers should examine whether their processes allow room for bias (conscious or unconscious) to influence decisions. Subjective impressions, especially in interviews or internal evaluations, can be disproportionately shaped by how a person speaks. To counteract this, companies should move toward structured, competency-based hiring frameworks. Use consistent criteria and scoring systems across all candidates, and rely on written assessments or role-specific tasks where appropriate. Similarly, promotions should be guided by documented performance metrics, not informal perceptions of professionalism or communication style. In doing so, not only do you reduce the chance for bias to affect outcomes, but you also make better staffing decisions that reflect skills, qualifications, and organizational fit: not speech patterns. Why This Matters More Now In today’s hybrid and remote work environments, the ability to navigate diverse communication styles has become even more important. With teams collaborating across geographic regions and cultural backgrounds, inclusivity in communication is essential for morale, cohesion, and productivity. Moreover, younger workers and job seekers are placing a high value on belonging and inclusion. Discriminatory or exclusionary behavior, intentional or not, can quickly erode trust and lead to disengagement or turnover, especially when tied to identity-based characteristics like accent or dialect. Employers who lead with fairness in communication are more likely to attract and retain talent, maintain strong teams, and avoid costly compliance missteps. Building a Culture Where All Voices Are Valued Ultimately, embracing different accents in the workplace is about genuine, judgment-free listening. Employers should encourage active listening practices, create space for respectful clarification when needed, and ensure employees feel safe speaking up, regardless of how they sound. Miscommunication is a solvable issue. Discrimination is not. Leaders who prioritize clarity, fairness, and consistency, rather than conformity, build workplaces that are both inclusive and high-performing. And the benefits go beyond compliance. They create environments where people thrive because they are heard and valued.

Balancing Holiday Time Off Requests Without Slowing Down Your Business

June 18, 2025
Between Independence Day, summer travel plans, and Labor Day on the horizon, time-off requests are about to pick up significantly, and with good reason. Employees need time to recharge, spend time with family, and enjoy the season. For employers, especially in small to mid-sized businesses, this means finding the delicate balance between fostering a supportive work culture that respects employees’ need for time away and managing the practical realities of maintaining adequate coverage, meeting deadlines, and keeping operations running smoothly. The good news? With thoughtful planning, clear communication, and the right tools in place, you can navigate this busy season effectively, ensuring your team gets the rest they deserve without compromising business continuity. Here are a few practical strategies to help you manage PTO during the summer months while keeping your business running smoothly:  1. Plan Early and Communicate Clearly Encourage employees to submit holiday PTO requests well in advance. Set a clear internal deadline (e.g., “All holiday time-off requests must be submitted by August 15”) and explain the process upfront, including: How requests will be reviewed and approved How overlapping requests will be handled Any blackout dates or essential coverage periods A clear and consistent approach eliminates guesswork, reduces friction, and helps everyone feel they’re being treated fairly. 2. Use a PTO Policy That Balances Fairness and Flexibility Your time-off policy should include guidelines for high-demand periods like Thanksgiving, Christmas, and New Year’s. Some companies use: First-come, first-served approvals A rotation system so everyone eventually gets prime time off A seniority or department-based system with built-in equity checks Whatever method you choose, consistency is key. A well-documented policy gives managers a framework to follow, and gives employees peace of mind that decisions are made justly, not arbitrarily. 3. Leverage Your HCM or Scheduling Technology If you're using a system like isolved , you already have powerful tools to streamline the PTO process. Automate request tracking, visualize department coverage in real time, and flag conflicts early to avoid blind spots. This gives HR and team leads the visibility they need to make smart, timely decisions. Bonus tip: Use system alerts to notify managers when coverage is thin, or configure it to close PTO windows automatically after a set date. These features take manual work off your plate while protecting productivity. 4. Cross-Train and Create Holiday Coverage Plans Rather than scrambling when someone’s out, prepare your team to adapt. Cross-train employees in advance so they can cover essential tasks if a teammate is unavailable. Before the busy season kicks in, put together a simple holiday coverage plan that outlines: Who will monitor essential tasks (client inquiries, payroll processing, etc.) What needs to get done and by whom each week Who’s available for backup support if needed A little upfront planning makes a big difference in keeping service levels steady during staff absences. 5. Appreciate Those Who Step Up Don’t let holiday contributions go unnoticed. Employees who work through the holidays or shift their schedules to ensure coverage deserve meaningful recognition. Consider: Spot bonuses or incentives Public recognition in a team meeting or internal email Additional time off (comp time) after the holidays Even small gestures show your team that their flexibility and dedication are valued, and that you see the extra effort. 6. Set Expectations With Clients (and With Your Team) If your operations will run on limited hours or staffing during the holidays, notify clients and partners well in advance. Clear communication avoids surprises and sets realistic expectations. Internally, define what’s essential versus what can wait, especially to avoid employees overworking during slower periods. When everyone understands what’s expected, your team can better prioritize, delegate, and breathe a little easier during the season. Final Thought: Flexibility Builds Loyalty The holiday season is a test of your workplace culture. How you support your team, especially when juggling competing needs, leaves a lasting impression. Even when saying no to a request, doing so with empathy and transparency reinforces a culture of trust, fairness, and respect. And in return, you'll see greater engagement, improved morale, and a team that’s ready to go the extra mile — during the holidays and beyond. Need help building better time-off workflows or updating your PTO policies before year-end? Simco’s HR and HCM experts are here to help. Let’s talk about how to balance compliance, efficiency, and employee satisfaction, all year round.

Have a question? Get in touch.