Cyber Security Awareness Month: Protecting Your Business from Digital Threats
Oct 02, 2023
Cyber Security Awareness Month: Protecting Your Business from Digital Threats

October is Cybersecurity Awareness Month, making it the perfect time to safeguard your business against the rising tide of cyber threats. Learn how to defend your company's digital assets and ensure long-term security.


Businesses, both large and small, are increasingly reliant on the internet for daily operations, creating attractive and potentially lucrative targets for cyber criminals.


With such heavy use of and reliance on computers and the internet by both large and small organizations, protecting these resources has become increasingly important. Learning about cyberattacks and how to prevent them can help you protect your company from security breaches.


Cyberattacks Compromise Your Company

Cyberattacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information or financial assets, corrupting data or causing operational disruption or shutdown.


Both third parties and insiders can use a variety of techniques to carry out cyberattacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.


Cyberattacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link. According to historical claim data analyzed by Willis Towers Watson, 90 percent of all cyber claims stemmed from some type of employee error or behavior. The high-profile Equifax, Snapchat and Chipotle data breaches were all caused by employee error or behavior.


A breach in cyber security can lead to unauthorized usage through tactics such as the following:


  • Installing spyware that allows the hacker to track Internet activity and steal information and passwords
  • Deceiving recipients of phishing emails into disclosing personal information
  • Tricking recipients of spam email into giving hackers access to the computer system
  • Installing viruses that allow hackers to steal, corrupt or delete information or even crash the entire system
  • Hijacking the company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers


Cyberattacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service (DoS) attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.


The Vulnerable Become the Victims

The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.


Cyber criminals look for weak spots and attack there, no matter how large or small the organization. Small businesses, for instance, are becoming a more attractive target as many larger companies tighten their cyber security. According to the industry experts, the cost of the average cyberattack on a small business is increasing exponentially and shows no signs of slowing down. Nearly 60 percent of the small businesses victimized by a cyberattack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it is too late because they fear the costs would be prohibitive.


Simple Steps to Stay Secure

With cyberattacks posing such a prominent threat to your business, it is essential to create a plan to deal with this problem. Implementing and adhering to basic preventive and safety procedures will help protect your company from cyber threats.


Following are suggestions from a Federal Communications Commission (FCC) roundtable and the DHS’s Stop.Think.Connect. program for easily implemented security procedures to help ward off cyber criminals. These suggestions include guidelines for the company as well as possible rules and procedures that can be shared with employees.


Security Tips for Your Company

Cyber security should be a company-wide effort. Consider implementing the following suggestions at your organization:


  • Install, use and regularly update anti-virus and anti-spyware software on all computers.
  • Download and install software updates for your operating systems and applications as they become available.
  • Change the manufacturer’s default passwords on all software.
  • Use a firewall for your internet connection.
  • Regularly make backup copies of important business data.
  • Control who can physically access your computers and other network components.
  • Secure any Wi-Fi networks.
  • Require individual user accounts for each employee.
  • Limit employee access to data and information, and limit authority for software installation.
  • Monitor, log and analyze all attempted and successful attacks on systems and networks.
  • Establish a mobile device policy and keep them updated with the most current software and anti-virus programs.


Security Tips for Employees

  • Use strong passwords, change them periodically and never share them with anyone. Never repeat a password across accounts.
  • Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email.
  • Don’t open suspicious links and emails; an indication that the site is safe is if the URL begins with https://.
  • Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device.


Securing Your Company’s Mobile Devices

Gone are the days when contact names and phone numbers were the most sensitive pieces of information on an employee’s phone. Now a smartphone or tablet can be used to gain access to anything from emails to stored passwords to proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.


The need for proper mobile device security is no different from the need for a well-protected computer network. Untrusted app stores will continue to be a major source of mobile malware which drives traffic to these stores. This type of “malvertising” continues to grow quickly on mobile platforms.


Most importantly, stay informed about cyber security and continue to discuss internet safety with employees.


Don’t Let it Happen to Your Company

According to the DHS, 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security. In addition to the listed tips, the FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.


A data breach could cripple your small business, costing you thousands or millions of dollars in lost revenue, sales, damages and reputation. Contact SimcoHR today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyberattacks.

Sign up for our newsletter.

DOL Announces Final Overtime Rule Increasing Salary Levels for White-collar Employees

30 Apr, 2024
On April 23, 2024, the U.S. Department of Labor (DOL) announced a final rule to amend current requirements employees in white-collar occupations must satisfy to qualify for an overtime exemption under the Fair Labor Standards Act (FLSA). The final rule will take effect on July 1, 2024. Increased Salary Level The FLSA white-collar exemptions apply to individuals in executive, administrative, professional, and some outside sales and computer-related occupations. Some highly compensated employees may also qualify for the FLSA white-collar overtime exemption. To qualify for this exemption, white-collar employees must satisfy the standard salary level test, among other criteria. This salary level is a wage threshold that white-collar employees must receive to qualify for the exemption. Starting July 1, 2024, the DOL’s final rule increases the standard salary level from: $684 to $844 per week ($35,568 to $43,888 per year); and $107,432 to $132,964 per year for highly compensated employees. On Jan. 1, 2025, the standard salary level will then increase from: $844 to $1,128 per week ($43,888 to $58,656 per year); and $132,964 to $151,164 per year for highly compensated employees. Automatic Updates The DOL’s final rule also includes mechanisms allowing the agency to automatically update the white-collar salary level thresholds without having to rely on the rulemaking process. Effective July 1, 2027, and every three years thereafter, the DOL will increase the standard salary level. The agency will apply up-to-date wage data to determine new salary levels. Impact on Employers The first salary level increase in July is expected to impact nearly 1 million workers, while the second increase in January is expected to affect approximately 3 million workers. Employers should become familiar with the final rule and evaluate what changes they may need to adopt to comply with the rule’s requirements. Legal challenges to the rule are anticipated, which may delay the final rule’s implementation.

New York Passes Prenatal Leave, Sets End Date for COVID-19 Leave

29 Apr, 2024
The recently enacted New York budget for fiscal year 2024-25 includes provisions mandating paid prenatal leave for the state’s workers, beginning Jan. 1, 2025, and repealing the New York COVID-19 sick leave law, effective July 31, 2025. Paid Prenatal Personal Leave The budget amends the state sick leave law by adding what is being touted as a first-in-the-nation requirement that all employers provide their employees with 20 hours of paid prenatal personal leave per 52-week period, starting Jan. 1, 2025. The amendment does not require employees to accrue the new leave, nor does it impose a waiting period before employees may use the leave; the full 20 hours must be made available on Jan. 1, 2025. Employees on leave must be paid their regular rate of pay or minimum wage if the applicable minimum wage is higher; however, employers are not required to pay out unused prenatal personal leave when an employee separates from employment. Permitted Uses of Prenatal Personal Leave Prenatal personal leave may be taken for health care services received by an employee during their pregnancy or related to the pregnancy, including physical examinations, medical procedures, monitoring and testing, and discussions with a health care provider related to the pregnancy. The new provisions do not require advance notification or documentation after the fact for using leave. Interaction With Paid Sick Leave and FMLA Leave The new requirement is in addition to the annual sick leave the law already mandates, which ranges from 40-56 hours and may be paid or unpaid, depending on the employer’s size and income. The amendment does not indicate that the leave runs concurrently with any federal Family and Medical Leave Act (FMLA) leave taken for prenatal care, meaning the state prenatal personal leave would be in addition to any FMLA leave taken for this purpose. Sunset Date for COVID-19 Leave The budget also establishes July 31, 2025, as the expiration date for New York’s COVID-19 employee sick leave law . The law took effect at the beginning of the COVID-19 pandemic, on March 18, 2020, and requires leave of up to 14 days, depending on the size and income of the employer. As with the regular sick leave law, whether leave must be paid also depends on the size and income of the employer. The sunsetting of the law comes in the wake of expired states of emergency and changed recommendations for isolation and quarantine. Steps for Employers New York employers should prepare for the start of paid prenatal personal leave in January 2025 and watch for any agency regulations and guidance implementing the new leave entitlement. Employers should also train managers and supervisors about the new requirements and make sure employee policies and handbooks are up to date. Employers should continue to allow COVID-19 sick leave when it applies and keep in mind that other leave requirements, such as paid sick leave, may allow employees to take time off from work for illness, including COVID-19.

FTC Announces Rule Banning Noncompetes

25 Apr, 2024
On April 23, 2024, the Federal Trade Commission (FTC) voted to issue a final rule that would ban noncompete agreements in virtually all employment relationships. The final rule has not yet been filed in the Federal Register, but is scheduled to take effect 120 days after such filing. Final Rule The final rule defines a noncompete clause as a term or condition of employment that prohibits a worker from, penalizes a worker for or functions to prevent a worker from: (i) Seeking or accepting work in the United States with a different person where such work would begin after the conclusion of the employment that includes the term or condition; or (ii) Operating a business in the United States after the conclusion of the employment that includes the term or condition. Such terms or conditions include employee contracts or workplace policies, whether written or oral. Subject to very limited exceptions, the final rule provides that: The use of noncompete clauses will be banned as of the effective date; Any existing noncompete clauses (other than those entered into with senior executives) will be invalidated; Employers must notify all employees (other than senior executives whose existing noncompete agreements will remain enforceable) that their existing noncompete agreements will not be enforced. Currently, the enforceability of noncompete clauses is determined by state and local legislatures and courts. The FTC rule would instead govern the enforceability of noncompete clauses at the federal level and supersede any less restrictive state laws or judicial interpretations. Legal Challenges On April 24, 2024, the U.S. Chamber of Commerce sued the FTC, seeking to block the final rule. The complaint was filed in the U.S. District Court for the Eastern District of Texas and argues that the FTC lacks the authority to issue rules that define unfair methods of competition. Additional legal challenges are likely, so employers should monitor for updates and anticipate potential uncertainty in the coming months. Next Steps for Employers Employers may consider reviewing existing employee agreements or form agreements (such as new hire paperwork) to determine whether any contain noncompete clauses that would be invalidated under the rule. Employers may also begin preparing revisions to such agreements and consider whether to use alternatives to noncompete clauses (e.g., nondisclosure clauses) to protect competitive business information.

Have a question? Get in touch.

Share by: