Cyber Security Awareness Month: Protecting Your Business from Digital Threats
October 2, 2023
Cyber Security Awareness Month: Protecting Your Business from Digital Threats

October is Cybersecurity Awareness Month, making it the perfect time to safeguard your business against the rising tide of cyber threats. Learn how to defend your company's digital assets and ensure long-term security.


Businesses, both large and small, are increasingly reliant on the internet for daily operations, creating attractive and potentially lucrative targets for cyber criminals.


With such heavy use of and reliance on computers and the internet by both large and small organizations, protecting these resources has become increasingly important. Learning about cyberattacks and how to prevent them can help you protect your company from security breaches.


Cyberattacks Compromise Your Company

Cyberattacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information or financial assets, corrupting data or causing operational disruption or shutdown.


Both third parties and insiders can use a variety of techniques to carry out cyberattacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.


Cyberattacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link. According to historical claim data analyzed by Willis Towers Watson, 90 percent of all cyber claims stemmed from some type of employee error or behavior. The high-profile Equifax, Snapchat and Chipotle data breaches were all caused by employee error or behavior.


A breach in cyber security can lead to unauthorized usage through tactics such as the following:


  • Installing spyware that allows the hacker to track Internet activity and steal information and passwords
  • Deceiving recipients of phishing emails into disclosing personal information
  • Tricking recipients of spam email into giving hackers access to the computer system
  • Installing viruses that allow hackers to steal, corrupt or delete information or even crash the entire system
  • Hijacking the company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers


Cyberattacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service (DoS) attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.


The Vulnerable Become the Victims

The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.


Cyber criminals look for weak spots and attack there, no matter how large or small the organization. Small businesses, for instance, are becoming a more attractive target as many larger companies tighten their cyber security. According to the industry experts, the cost of the average cyberattack on a small business is increasing exponentially and shows no signs of slowing down. Nearly 60 percent of the small businesses victimized by a cyberattack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it is too late because they fear the costs would be prohibitive.


Simple Steps to Stay Secure

With cyberattacks posing such a prominent threat to your business, it is essential to create a plan to deal with this problem. Implementing and adhering to basic preventive and safety procedures will help protect your company from cyber threats.


Following are suggestions from a Federal Communications Commission (FCC) roundtable and the DHS’s Stop.Think.Connect. program for easily implemented security procedures to help ward off cyber criminals. These suggestions include guidelines for the company as well as possible rules and procedures that can be shared with employees.


Security Tips for Your Company

Cyber security should be a company-wide effort. Consider implementing the following suggestions at your organization:


  • Install, use and regularly update anti-virus and anti-spyware software on all computers.
  • Download and install software updates for your operating systems and applications as they become available.
  • Change the manufacturer’s default passwords on all software.
  • Use a firewall for your internet connection.
  • Regularly make backup copies of important business data.
  • Control who can physically access your computers and other network components.
  • Secure any Wi-Fi networks.
  • Require individual user accounts for each employee.
  • Limit employee access to data and information, and limit authority for software installation.
  • Monitor, log and analyze all attempted and successful attacks on systems and networks.
  • Establish a mobile device policy and keep them updated with the most current software and anti-virus programs.


Security Tips for Employees

  • Use strong passwords, change them periodically and never share them with anyone. Never repeat a password across accounts.
  • Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email.
  • Don’t open suspicious links and emails; an indication that the site is safe is if the URL begins with https://.
  • Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device.


Securing Your Company’s Mobile Devices

Gone are the days when contact names and phone numbers were the most sensitive pieces of information on an employee’s phone. Now a smartphone or tablet can be used to gain access to anything from emails to stored passwords to proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.


The need for proper mobile device security is no different from the need for a well-protected computer network. Untrusted app stores will continue to be a major source of mobile malware which drives traffic to these stores. This type of “malvertising” continues to grow quickly on mobile platforms.


Most importantly, stay informed about cyber security and continue to discuss internet safety with employees.


Don’t Let it Happen to Your Company

According to the DHS, 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security. In addition to the listed tips, the FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.


A data breach could cripple your small business, costing you thousands or millions of dollars in lost revenue, sales, damages and reputation. Contact SimcoHR today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyberattacks.

Sign up for our newsletter.

Top 5 HR Trends That Will Shape Businesses in 2025

January 7, 2025
As 2025 kicks off, the HR landscape is evolving faster than ever before. Technology, shifting workforce expectations, and the need for businesses to be agile in a dynamic global environment are all driving change. What worked yesterday may not be enough today, and companies must adapt to stay ahead. Here are the top five HR trends you’ll need to watch closely in 2025: 1. AI is Changing the Hiring Game Artificial intelligence is no longer just a buzzword in HR—it’s a game-changer. Tools that can scan resumes, match candidates to roles, and even conduct initial assessments are becoming staples for businesses aiming to save time and improve hiring outcomes. In 2024, many organizations began integrating AI to remove unconscious bias and make their hiring practices more inclusive, and this trend is expected to accelerate. 2. Flexibility Isn’t Just a Perk Anymore Hybrid and remote work models are here to stay, but the conversation has shifted. In 2025, it’s less about offering flexibility and more about making it work effectively. Companies are adopting sophisticated tools for remote collaboration, redefining performance metrics, and ensuring policies address the nuances of managing both in-office and remote teams. The focus is on maintaining productivity without compromising employee well-being. 3. Wellness Goes Beyond Gym Memberships In recent years, wellness programs have evolved beyond basic offerings like gym memberships to address a wider range of employee needs. As companies recognize the link between employee well-being and productivity, they’re broadening their focus to include mental health, financial stability, and holistic support. In 2023 and 2024, for example, Delta expanded its employee wellness initiatives by improving access to mental health care. The airline worked with Spring Health, a new EAP provider, to create a larger and more diverse network of mental health professionals, offering better support for both employees and their household members. Looking ahead to 2025, wellness will become more deeply integrated into company cultures. Expect companies to go beyond providing reactive support to fostering proactive wellness through personalized tools, such as mental health apps, financial coaching, and enhanced benefits like paid leave for caregiving. With these programs, businesses are not just addressing immediate health concerns but also empowering employees to manage their overall well-being in a more holistic way. The focus will be on creating a supportive, sustainable work environment that helps employees thrive both at work and in their personal lives. 4. Upskilling is a Competitive Necessity Technology is evolving faster than ever, and companies are racing to keep up. Upskilling employees in areas like data analysis, AI, and emerging tech became a priority in 2024, and it’s clear that this trend will only grow. Businesses that invest in continuous learning programs—whether through certifications, on-the-job training, or digital learning platforms—are better positioned to stay ahead in their industries. 5. Data is Driving HR Decisions HR is leaning heavily on people analytics to guide decision-making. Instead of relying on intuition, businesses are using data to understand employee engagement, pinpoint reasons for turnover, and improve productivity. The emphasis on metrics like employee sentiment and workforce utilization gained traction last year, and more organizations are embedding analytics into their HR strategies to tackle challenges proactively. Final Thoughts The HR landscape in 2025 will be shaped by these transformative trends. Businesses that embrace innovation and prioritize their people will find themselves not just adapting but thriving in the evolving workplace. As these trends unfold, staying proactive and flexible will be the key to turning challenges into opportunities.

IRS Announces 2025 PCORI Fee Update

January 6, 2025
The IRS has released the 2025 Patient-Centered Outcomes Research Institute (PCORI) fee , which will increase to $3.47 per covered life —a $0.25 increase from 2024. This fee applies to plan years ending on or after October 1, 2024 , and before October 1, 2025 . What is the PCORI Fee? The PCORI fee was introduced as part of the Affordable Care Act (ACA) to help fund the research conducted by the Patient-Centered Outcomes Research Institute (PCORI). This research focuses on improving healthcare outcomes by comparing different medical treatments. The fee is levied on insurers, as well as self-insured and level-funded health plans. The fee is calculated based on the average number of covered lives under a plan and is due once a year, with the filing occurring during the second quarter on Form 720 , the Quarterly Federal Excise Tax Return . The payment is due by July 31 each year. Key Details for Employers and Plan Sponsors Who is Affected? : The fee applies to health insurers, self-insured health plans, and level-funded health plans. When is it Due? : The fee must be reported on Form 720 and paid by July 31 each year. How is it Calculated? : The fee is based on the average number of covered lives during the plan year. The updated $3.47 per covered life fee will be in effect for health plans with policy years ending between October 1, 2024, and October 1, 2025. Employers should be prepared to account for this increase when filing for 2025. For more information on the PCORI fee and its reporting requirements, consult the IRS Bulletin 2024-49 , published on December 2, 2024, or visit the IRS PCORI Fee page . 

Federal DOL Restores Simplified Tip Credit Rule: Employer Guidance

January 6, 2025
In a move welcomed by many employers in the hospitality and service industries, the U.S. Department of Labor (DOL) has officially reinstated the pre-2021 tip credit rule. This change, effective December 17, 2024, follows a recent court of appeals decision that vacated the “80/20/30” tip credit rule that had been implemented under the Trump administration. If you’re wondering what this means for your business, don’t worry—this update doesn’t require any immediate action on your part. What Was the "80/20/30" Rule? Before we dive into the implications of the DOL’s latest rule change, let’s quickly review the "80/20/30" rule. This rule, introduced in 2021, placed specific restrictions on how much time tipped employees (such as waitstaff and bartenders) could spend on non-tip-generating duties (e.g., cleaning, setting up, and other side work). The rule essentially required that tipped workers spend at least 80% of their work hours on tip-generating activities to continue qualifying for the tip credit. Moreover, under the "80/20/30" rule, employers could no longer use the tip credit to offset wages for certain non-tip-producing activities, and they had to ensure that employees spent no more than 30 minutes at a time on side duties. This increased the burden on employers, as it required more careful tracking of employee duties and work hours to remain in compliance. Why Was the Rule Vacated? The court of appeals decision in August 2024 ruled that the "80/20/30" rule was too restrictive and inconsistent with the intent of the Fair Labor Standards Act (FLSA), which allows employers to take a tip credit for workers who perform both tipped and non-tipped duties. The court found that the new rule created unreasonable administrative burdens and restrictions that were not in line with past practices or legal precedents. In response to this ruling, the DOL moved quickly to restore the pre-2021 tip credit rule. What Does the Reinstatement of the Pre-2021 Rule Mean for Employers? With the reinstatement of the pre-2021 tip credit rule, the DOL has effectively simplified the way employers can apply the tip credit to their workers. Under the prior rule, employees who perform a combination of tipped and non-tipped duties can still qualify for the tip credit, as long as their primary job responsibility is related to tipped work. Employers no longer have to track the precise breakdown of time spent on tip-generating vs. non-tip-generating activities in the same way. This returns to the more flexible guidelines where as long as tipped employees perform "related" duties (e.g., cleaning their station, setting up for service), they can still receive the tip credit for those hours, provided those activities don’t dominate their workday. What Action Is Needed from Employers? For most employers, this change will not require any immediate action, as the final rule effectively restores the pre-2021 approach. The main thing to note is that employers should continue to comply with the broader requirements of the Fair Labor Standards Act (FLSA) and ensure they are properly paying employees at least the federal minimum wage (including tips) when they apply the tip credit. Here are a few things to keep in mind: Reassess Timekeeping Systems: While the rule change simplifies some aspects of record-keeping, employers still need to ensure they have a timekeeping system in place that accurately tracks the hours worked by tipped employees. It is essential to ensure that the wages (base pay plus tips) equal at least the federal minimum wage. No Need for Immediate Adjustments: If you were already applying the pre-2021 tip credit rule, no changes are necessary on your part. For those who had adjusted to the "80/20/30" rule, reverting back to the previous method should not require significant changes. State and Local Laws: Employers should still be mindful of any state or local laws that may have stricter requirements than federal law. Always check your state’s labor regulations to ensure full compliance. Why Is This Change Important? The reinstatement of the simplified tip credit rule provides relief to many employers, particularly in industries like restaurants, hotels, and other service-based businesses where tipping is common. The pre-2021 rule is seen as more employer-friendly, offering more flexibility in how tipped employees can spend their time without losing eligibility for the tip credit. For employers, this means less administrative burden, reduced risk of compliance issues, and potentially fewer legal challenges. This shift is a step toward simplifying labor law compliance for businesses already struggling with the complexities of wage and hour rules. Looking Ahead As we move further into 2025, it’s important for employers to stay informed of any future changes in federal labor regulations. While this change restores a previous rule, the DOL’s stance on tip credits and wage issues can continue to evolve. Employers in tip-dependent industries should continue to monitor updates from the Department of Labor and legal rulings to ensure ongoing compliance. The DOL’s restoration of the pre-2021 tip credit rule is a welcome change for many businesses, offering a return to simpler guidelines and less restrictive requirements. For most employers, no immediate action is required, but it’s always a good idea to review your practices to ensure they align with the updated rule. If you need further assistance in navigating these changes, reach out to Simco to ensure your business stays compliant in 2025 and beyond. 

Have a question? Get in touch.

Share by: