Cyber Security Awareness Month: Protecting Your Business from Digital Threats
October 2, 2023
Cyber Security Awareness Month: Protecting Your Business from Digital Threats

October is Cybersecurity Awareness Month, making it the perfect time to safeguard your business against the rising tide of cyber threats. Learn how to defend your company's digital assets and ensure long-term security.


Businesses, both large and small, are increasingly reliant on the internet for daily operations, creating attractive and potentially lucrative targets for cyber criminals.


With such heavy use of and reliance on computers and the internet by both large and small organizations, protecting these resources has become increasingly important. Learning about cyberattacks and how to prevent them can help you protect your company from security breaches.


Cyberattacks Compromise Your Company

Cyberattacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information or financial assets, corrupting data or causing operational disruption or shutdown.


Both third parties and insiders can use a variety of techniques to carry out cyberattacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.


Cyberattacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link. According to historical claim data analyzed by Willis Towers Watson, 90 percent of all cyber claims stemmed from some type of employee error or behavior. The high-profile Equifax, Snapchat and Chipotle data breaches were all caused by employee error or behavior.


A breach in cyber security can lead to unauthorized usage through tactics such as the following:


  • Installing spyware that allows the hacker to track Internet activity and steal information and passwords
  • Deceiving recipients of phishing emails into disclosing personal information
  • Tricking recipients of spam email into giving hackers access to the computer system
  • Installing viruses that allow hackers to steal, corrupt or delete information or even crash the entire system
  • Hijacking the company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers


Cyberattacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service (DoS) attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.


The Vulnerable Become the Victims

The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.


Cyber criminals look for weak spots and attack there, no matter how large or small the organization. Small businesses, for instance, are becoming a more attractive target as many larger companies tighten their cyber security. According to the industry experts, the cost of the average cyberattack on a small business is increasing exponentially and shows no signs of slowing down. Nearly 60 percent of the small businesses victimized by a cyberattack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it is too late because they fear the costs would be prohibitive.


Simple Steps to Stay Secure

With cyberattacks posing such a prominent threat to your business, it is essential to create a plan to deal with this problem. Implementing and adhering to basic preventive and safety procedures will help protect your company from cyber threats.


Following are suggestions from a Federal Communications Commission (FCC) roundtable and the DHS’s Stop.Think.Connect. program for easily implemented security procedures to help ward off cyber criminals. These suggestions include guidelines for the company as well as possible rules and procedures that can be shared with employees.


Security Tips for Your Company

Cyber security should be a company-wide effort. Consider implementing the following suggestions at your organization:


  • Install, use and regularly update anti-virus and anti-spyware software on all computers.
  • Download and install software updates for your operating systems and applications as they become available.
  • Change the manufacturer’s default passwords on all software.
  • Use a firewall for your internet connection.
  • Regularly make backup copies of important business data.
  • Control who can physically access your computers and other network components.
  • Secure any Wi-Fi networks.
  • Require individual user accounts for each employee.
  • Limit employee access to data and information, and limit authority for software installation.
  • Monitor, log and analyze all attempted and successful attacks on systems and networks.
  • Establish a mobile device policy and keep them updated with the most current software and anti-virus programs.


Security Tips for Employees

  • Use strong passwords, change them periodically and never share them with anyone. Never repeat a password across accounts.
  • Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email.
  • Don’t open suspicious links and emails; an indication that the site is safe is if the URL begins with https://.
  • Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device.


Securing Your Company’s Mobile Devices

Gone are the days when contact names and phone numbers were the most sensitive pieces of information on an employee’s phone. Now a smartphone or tablet can be used to gain access to anything from emails to stored passwords to proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.


The need for proper mobile device security is no different from the need for a well-protected computer network. Untrusted app stores will continue to be a major source of mobile malware which drives traffic to these stores. This type of “malvertising” continues to grow quickly on mobile platforms.


Most importantly, stay informed about cyber security and continue to discuss internet safety with employees.


Don’t Let it Happen to Your Company

According to the DHS, 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security. In addition to the listed tips, the FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.


A data breach could cripple your small business, costing you thousands or millions of dollars in lost revenue, sales, damages and reputation. Contact SimcoHR today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyberattacks.

Sign up for our newsletter.

New York Employers Must Update Employee Handbooks for Reproductive Health Rights

February 3, 2025
Overview of the New Ruling New York employers are once again required to provide a notice in their employee handbooks about reproductive health rights following a recent ruling from the U.S. Court of Appeals for the Second Circuit. The ruling vacated a previous permanent injunction that had blocked the enforcement of the law, meaning employers must now comply with the New York Reproductive Health Bias Law (Labor Law § 203-e). Reproductive Health Bias Law Requirements The Reproductive Health Bias Law was enacted in November 2019 to ensure employees and their dependents can make reproductive health decisions without facing discrimination in the workplace. The law prohibits employers from taking retaliatory actions against employees regarding their reproductive health decisions and requires employers to keep employees' reproductive health information confidential unless there is prior written consent. Under the law, employers must include a notice in their employee handbooks informing employees of their rights and remedies under the Act. This is an essential update that must be made to comply with the law. Impact of the Second Circuit Ruling Religious organizations had challenged the law, arguing that the notice requirement violated their First Amendment rights. However, the Second Circuit disagreed, ruling that the notice requirement was lawful and similar to other workplace disclosure laws. The court noted that while the policy motivating the law may be controversial, the law itself and the obligation for employers to comply are not in question. Action Required for Employers Even though there is no specific penalty for failing to comply with the notice requirement, employers are encouraged to review and update their employee handbooks in light of the court's ruling to ensure they are compliant with the law. For Simco Clients: For clients who utilize Simco’s employee handbook services, rest assured this requirement is already included, and no additional steps are needed.

Pre-Employment Drug Testing: What Job Seekers Need to Know

February 1, 2025
Pre-employment drug testing is a hiring practice that has sparked debate in recent years. While some industries rely on it for safety and compliance, others are rethinking its necessity—especially as marijuana laws evolve. If you're actively job searching, knowing what to expect can help you prepare, avoid surprises, and understand your rights. Who Still Requires Drug Testing? Not all industries conduct pre-employment drug testing, but for certain roles, it's still a non-negotiable requirement. Some of the most common sectors where testing remains standard include: Transportation & Public Safety – Truck drivers, pilots, transit operators, and law enforcement Healthcare & Childcare – Nurses, physicians, pharmacists, and daycare providers Government & Military Contracts – Federal employees, military personnel, and defense contractors Manufacturing & Construction – Heavy equipment operators and industrial workers handling hazardous materials However, policies vary widely even within these industries. Some companies are now loosening restrictions for non-safety-sensitive positions, recognizing that outdated drug testing policies may limit their talent pool. What Substances Are Typically Screened? Most pre-employment drug tests screen for common illicit substances, but the depth of testing can vary. Standard screenings include: Five-Panel Test – Detects marijuana, cocaine, amphetamines, opiates, and PCP Expanded Panel Tests – Can include benzodiazepines, barbiturates, synthetic opioids, and even alcohol Employers may use different types of tests, including urine, saliva, blood, or hair follicle analysis. Hair follicle testing, for example, can detect drug use from months prior—something applicants should be mindful of. The Evolving Landscape of Marijuana Testing One of the most significant changes in pre-employment drug testing involves marijuana. With over half of U.S. states legalizing marijuana in some form, companies are reevaluating their stance. Some states prohibit employers from disqualifying candidates for off-duty marijuana use. Other states still allow testing but require employers to prove impairment, not just presence. Federally regulated positions, such as those in transportation, maintain strict no-tolerance policies. This shift means that while some applicants may no longer face automatic disqualification for marijuana use, it’s still important to know an employer’s policy before assuming it won’t impact hiring decisions. What Happens If You Fail a Pre-Employment Drug Test? The consequences of failing a drug test depend on multiple factors, including company policy, industry regulations, and state laws. In regulated industries (e.g., transportation, healthcare, federal employment), a failed test almost always results in immediate disqualification. Some employers allow re-testing or a waiting period before reapplying, particularly for marijuana use in certain states. If you have a valid prescription for a tested substance (e.g., opioids or ADHD medication), you may need to provide documentation to avoid disqualification. Additionally, some companies offer assistance programs or second-chance policies, especially if an applicant is upfront about past use or addiction recovery. Do Employers Really Benefit from Drug Testing? With the workforce evolving, many companies are questioning whether traditional drug testing policies still serve their intended purpose. Some argue that testing reduces liability, improves workplace safety, and ensures reliable employees. However, others believe that outdated policies exclude qualified candidates, especially in a competitive job market. The Arguments for Drug Testing: Reduces workplace accidents in safety-sensitive roles Ensures compliance with federal and industry regulations Discourages drug use in high-responsibility positions The Arguments Against Drug Testing: May eliminate qualified candidates for non-safety-sensitive roles Does not account for impairment vs. past use (especially with marijuana) Can be costly and time-consuming for employers Companies that still require drug testing must weigh these factors and ensure their policies align with modern workforce expectations. The Future of Pre-Employment Drug Testing The debate over drug testing isn’t going away anytime soon. As laws and attitudes continue shifting, companies may move toward impairment-based testing rather than zero-tolerance screening. This means job seekers should stay informed, especially in industries where testing is likely to remain a requirement. For now, the best approach is to understand employer expectations, know your legal protections, and be prepared for potential screenings as part of the hiring process.

OSHA Form 300A Requirements: Key Deadlines for Employers

January 30, 2025
Workplace Posting for Form 300A Begins February 1 Employers with 11 or more employees at any point in 2024 must display the Occupational Safety and Health Administration (OSHA) Form 300A, Summary of Work-Related Injuries and Illnesses, from February 1 to April 30. Even if no recordable incidents occurred in 2024, this posting is mandatory. The form must be certified by a company executive and displayed prominently in each workplace where employee notices are typically posted. Certain businesses are exempt from OSHA’s regular recordkeeping requirements, including this posting, if they employ 10 or fewer people or if their primary business activity is considered low hazard according to OSHA's guidelines. A full list of low-hazard industries, categorized by NAICS codes, is available here . However, even exempt companies must report fatalities or incidents resulting in hospitalization, amputation, or loss of an eye. Electronic Submission of Form 300A Due by March 2 Businesses with 250 or more employees from the previous year, or those with 20-249 employees in high-risk industries, must submit their Form 300A data electronically through OSHA's Injury Tracking Application (ITA) by March 2, 2025. This requirement applies based on the number of employees at a specific location, not the entire company. Employers under State Plans are also required to submit electronically. Exemptions from this electronic submission apply to employers who: Are exempt from OSHA's regular recordkeeping rules. Had fewer than 20 employees in the past year. Had between 20 and 249 employees but aren’t in the designated high-risk industries. Additional resources, FAQs, and access to the ITA are available on OSHA’s ITA page . Submission of Forms 300 and 301 Required by March 2 Employers in high-hazard industries with 100 or more employees are required to submit data from both their Form 300 (Log of Work-Related Injuries and Illnesses) and Form 301 (Injury and Illness Incident Report) through the ITA, in addition to their Form 300A submission. Help with Coverage Determination Employers can use OSHA’s ITA Coverage Application to assess whether they need to submit injury and illness data electronically or refer to the State Plan for specific reporting requirements.

Have a question? Get in touch.

Share by: