Cyber Security Awareness Month: Protecting Your Business from Digital Threats
October 2, 2023
October is Cybersecurity Awareness Month, making it the perfect time to safeguard your business against the rising tide of cyber threats. Learn how to defend your company's digital assets and ensure long-term security.
Businesses, both large and small, are increasingly reliant on the internet for daily operations, creating attractive and potentially lucrative targets for cyber criminals.
With such heavy use of and reliance on computers and the internet by both large and small organizations, protecting these resources has become increasingly important. Learning about cyberattacks and how to prevent them can help you protect your company from security breaches.
Cyberattacks Compromise Your Company
Cyberattacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information or financial assets, corrupting data or causing operational disruption or shutdown.
Both third parties and insiders can use a variety of techniques to carry out cyberattacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.
Cyberattacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link. According to historical claim data analyzed by Willis Towers Watson, 90 percent of all cyber claims stemmed from some type of employee error or behavior. The high-profile Equifax, Snapchat and Chipotle data breaches were all caused by employee error or behavior.
A breach in cyber security can lead to unauthorized usage through tactics such as the following:
- Installing spyware that allows the hacker to track Internet activity and steal information and passwords
- Deceiving recipients of phishing emails into disclosing personal information
- Tricking recipients of spam email into giving hackers access to the computer system
- Installing viruses that allow hackers to steal, corrupt or delete information or even crash the entire system
- Hijacking the company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers
Cyberattacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service (DoS) attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.
The Vulnerable Become the Victims
The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.
Cyber criminals look for weak spots and attack there, no matter how large or small the organization. Small businesses, for instance, are becoming a more attractive target as many larger companies tighten their cyber security. According to the industry experts, the cost of the average cyberattack on a small business is increasing exponentially and shows no signs of slowing down. Nearly 60 percent of the small businesses victimized by a cyberattack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it is too late because they fear the costs would be prohibitive.
Simple Steps to Stay Secure
With cyberattacks posing such a prominent threat to your business, it is essential to create a plan to deal with this problem. Implementing and adhering to basic preventive and safety procedures will help protect your company from cyber threats.
Following are suggestions from a Federal Communications Commission (FCC) roundtable and the DHS’s Stop.Think.Connect. program for easily implemented security procedures to help ward off cyber criminals. These suggestions include guidelines for the company as well as possible rules and procedures that can be shared with employees.
Security Tips for Your Company
Cyber security should be a company-wide effort. Consider implementing the following suggestions at your organization:
- Install, use and regularly update anti-virus and anti-spyware software on all computers.
- Download and install software updates for your operating systems and applications as they become available.
- Change the manufacturer’s default passwords on all software.
- Use a firewall for your internet connection.
- Regularly make backup copies of important business data.
- Control who can physically access your computers and other network components.
- Secure any Wi-Fi networks.
- Require individual user accounts for each employee.
- Limit employee access to data and information, and limit authority for software installation.
- Monitor, log and analyze all attempted and successful attacks on systems and networks.
- Establish a mobile device policy and keep them updated with the most current software and anti-virus programs.
Security Tips for Employees
- Use strong passwords, change them periodically and never share them with anyone. Never repeat a password across accounts.
- Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email.
- Don’t open suspicious links and emails; an indication that the site is safe is if the URL begins with https://.
- Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device.
Securing Your Company’s Mobile Devices
Gone are the days when contact names and phone numbers were the most sensitive pieces of information on an employee’s phone. Now a smartphone or tablet can be used to gain access to anything from emails to stored passwords to proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.
The need for proper mobile device security is no different from the need for a well-protected computer network. Untrusted app stores will continue to be a major source of mobile malware which drives traffic to these stores. This type of “malvertising” continues to grow quickly on mobile platforms.
Most importantly, stay informed about cyber security and continue to discuss internet safety with employees.
Don’t Let it Happen to Your Company
According to the DHS, 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security. In addition to the listed tips, the FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
A data breach could cripple your small business, costing you thousands or millions of dollars in lost revenue, sales, damages and reputation. Contact SimcoHR today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyberattacks.
Sign up for our newsletter.
Every June, National Safety Month serves as a reminder that workplace safety is about far more than compliance. Organized by the National Safety Council, the annual campaign encourages organizations to focus on injury prevention, employee well-being, and creating safer work environments. While safety conversations often center around preventing accidents, many employers overlook the broader impact safety has on their business. Workplace injuries can affect productivity, employee morale, absenteeism, workers' compensation costs, turnover, and even an organization's reputation. The good news is that meaningful improvements do not always require major investments or large-scale initiatives. In many cases, the most effective safety improvements come from identifying everyday risks before they become larger problems. Here are four areas employers should evaluate as they work to strengthen workplace safety and reduce risk. 1. Review Hazards That Have Become "Normal" One of the biggest challenges in workplace safety is that regular exposure can make certain risks feel normal. A cluttered walkway, a damaged handrail, or poor lighting in a warehouse aisle may not seem urgent if employees navigate around them every day without incident. But the risks that become part of the daily routine are often the easiest to overlook. Over time, employees may learn to work around the hazard instead of reporting it, which increases the chance that a preventable issue eventually turns into an injury. Walk through your workplace with fresh eyes and ask supervisors and employees what concerns they see but have gotten used to. Some of the most valuable safety improvements come from addressing the issues everyone has quietly accepted as “just how things are.” 2. Look Beyond Physical Safety When people think about workplace safety, they often picture hard hats, warning signs, and protective equipment. Physical safety is critical, but employee well-being extends beyond preventing physical injuries. Fatigue, stress, burnout, and mental health challenges can all contribute to workplace incidents. Employees who are distracted, exhausted, or overwhelmed are more likely to make mistakes, miss warning signs, or take shortcuts that increase risk. National Safety Month's focus on holistic worker health reflects a growing recognition that employee well-being and workplace safety are closely connected. Employers can support both by encouraging reasonable workloads, promoting work-life balance, providing access to employee assistance resources, and fostering a workplace culture where employees feel comfortable speaking up when they need support. 3. Don't Ignore Your Driving Exposure Many organizations underestimate how much risk exists outside the walls of their workplace. Employees who drive for work, whether occasionally or daily, create exposure that can have significant financial and operational consequences. If employees operate company vehicles or drive on company business, consider reviewing: Driver qualification requirements Vehicle inspection procedures Distracted driving policies Motor vehicle record review practices Accident reporting procedures Even organizations that do not maintain a fleet often have employees traveling between locations, visiting clients, or running business-related errands. Safe driving practices should be part of every organization's overall safety strategy. 4. Pay Attention to the Small Incidents Many serious injuries are preceded by smaller incidents, near misses, or repeated unsafe behaviors. Unfortunately, these warning signs are often dismissed because no one was hurt. A near miss is valuable information, and provides an opportunity to identify risks and make corrections before an injury occurs. Encourage employees to report hazards, close calls, and safety concerns without fear of blame. The goal is not to assign fault, but to learn from small incidents before they become larger ones. Organizations that consistently track and address near misses often gain valuable insight into patterns that might otherwise go unnoticed. Safety Is a Business Strategy Strong safety programs help protect employees, but they also support broader business goals. Fewer injuries can mean lower workers' compensation costs, reduced absenteeism, improved productivity, and stronger employee retention. Employees who feel safe at work are often more engaged, more productive, and more likely to stay with an organization long term. Safety shouldn't be viewed as a once-a-year initiative. The most successful organizations treat it as an ongoing process of identifying risks, improving procedures, and supporting employees. Questions to Ask This Month As National Safety Month approaches, consider discussing these questions with your leadership team: Are there workplace hazards we've become accustomed to? Do employees feel comfortable reporting safety concerns? How are we supporting employee well-being beyond physical safety? Are our driving and vehicle-related risks being addressed? What recent near misses can help us improve? Sometimes the most valuable safety improvements begin with a simple conversation. At Simco , we work with organizations to help align HR, benefits, payroll, compliance, and commercial insurance strategies that support a safer, more productive workplace. Whether you're reviewing workplace policies, evaluating risk management practices, or preparing for future growth, taking a proactive approach to safety can benefit both your employees and your business.
June in Upstate New York has a way of bringing everyone outside. Graduation parties fill backyards, grills get fired up, pools open for the season, and weekends start revolving around family, friends, neighbors, and good weather. Most homeowners think about the fun parts of hosting: food, seating, parking, decorations, and whether the weather will cooperate. Insurance is usually not at the top of the checklist. But when you invite people onto your property, you also take on a certain level of responsibility for their safety. That does not mean you should be afraid to host. It simply means it is worth understanding how liability works, where common risks show up, and when it may be a good idea to review your homeowners insurance before summer gatherings begin. What does liability mean for homeowners? Liability, in the context of homeowners insurance, generally refers to your financial responsibility if someone is injured or their property is damaged and you are found legally responsible. For example, a guest could trip on uneven patio stones, fall on a wet pool deck, get bitten by a dog, or be injured during a backyard game. In some situations, the liability portion of a homeowners policy may help with expenses such as legal defense costs, settlements, or medical-related claims, depending on the details of the situation and the terms of the policy. Every policy is different, and coverage depends on the facts of the claim. Still, liability coverage is one of the most important parts of a homeowners policy, especially for people who regularly host guests. Summer gatherings can create more exposure than homeowners realize A typical backyard party may feel casual, but from an insurance perspective, there are a lot of moving pieces. Guests may be walking through your yard, driveway, garage, deck, patio, or pool area. Children may be running around. People may be using stairs, outdoor furniture, grills, fire pits, trampolines, or playsets. If alcohol is served, the level of responsibility can become even more complicated. In Upstate NY, summer entertaining often includes properties with larger yards, older homes, uneven walkways, detached garages, rural driveways, lake access, pools, docks, or recreational vehicles. These features can make a home a wonderful place to gather, but they can also create risks that should be managed thoughtfully. The key question is not, “Could something go wrong?” The better question is, “Have I taken reasonable steps to make the property safe, and do I understand what my insurance may or may not cover?” Common hosting risks to think about before guests arrive Some risks are easy to overlook because they are part of everyday life at home. A loose step you have learned to avoid may not be obvious to a first-time guest. A dog that is comfortable around your family may react differently in a crowded backyard. A pool that feels routine to you may be a major attraction for children at a party. Before hosting, it is worth walking your property the way a guest would. Look for uneven walkways, loose railings, poor lighting, wet surfaces, cluttered stairs, exposed extension cords, unstable outdoor furniture, or areas where children could wander unsupervised. If you have a pool, trampoline, fire pit, grill, pond, dock, or other attractive feature, think carefully about supervision and access. These are often the areas where accidents happen quickly. You don't need to make your home perfect. But taking a few practical steps before a party can reduce the chance of injury and help show that you took safety seriously. Alcohol adds another layer of responsibility Many graduation parties, BBQs, and summer gatherings include alcohol. For hosts, this is an area where caution matters. New York has laws that can create consequences for providing alcohol to minors. Even beyond legal concerns, alcohol can increase the chance of falls, arguments, poor decisions, or unsafe driving after a party. If alcohol will be served, hosts should think about how it will be monitored, especially at graduation parties where underage guests may be present. Keep alcohol in a controlled area, avoid self-serve access for minors, and consider having non-alcoholic options readily available. It is also wise to pay attention to guests who may need a ride or should not be driving. This is not just a legal issue. It is a safety issue, a community issue, and potentially an insurance issue. Are pools, trampolines, and backyard features covered? Many homeowners assume that if something is on their property, it is automatically covered under their policy. That is not always the case. Certain features, such as pools, trampolines, diving boards, treehouses, docks, or recreational equipment, may need to be disclosed to your insurance carrier. Some companies have specific eligibility rules, safety requirements, exclusions, or underwriting guidelines around these risks. For example, an insurer may want to know whether a pool is fenced, whether a trampoline has a safety net, or whether there are certain structures on the property. If your home has changed since your policy was written, your coverage may not reflect your current situation. This is one reason a summer insurance review can be so valuable. If you added a pool, built a deck, installed a fire pit, bought a trampoline, added a dog, or started hosting more often, it may be time to check in with your agent. Why your liability limit matters Homeowners insurance policies include liability limits. That limit is the maximum amount the policy may pay for a covered liability claim, subject to the policy terms. The challenge is that serious injuries can become expensive quickly. Medical bills, legal fees, lost wages, and settlement costs can add up, especially if an accident results in long-term injury. Many homeowners have not looked at their liability limit in years. Some may have selected a limit when they first bought the home and never revisited it. But life changes. Home values change. Assets change. Families grow. Teen drivers, pets, pools, boats, camps, and frequent entertaining can all change your overall risk picture. A higher homeowners liability limit may be available, and some households may also benefit from a personal umbrella policy. When an umbrella policy may be worth discussing A personal umbrella policy provides additional liability protection above the limits of certain underlying policies, such as homeowners, auto, or recreational vehicle insurance. It is designed for larger liability claims where the underlying policy limit may not be enough. For summer hosts, an umbrella policy can be especially worth discussing if you have a pool, own a boat or recreational vehicle, have teen drivers, entertain often, own a rental or seasonal property, or simply want additional protection for your assets. Umbrella coverage is not a replacement for a homeowners policy. It works alongside eligible underlying policies, and it has its own terms, limits, and exclusions. But for many households, it can be a practical way to strengthen their overall protection. Do renters and condo owners need to think about liability too? Yes. Liability is not just a concern for traditional homeowners. If you rent a home or apartment and host friends for a summer gathering, renters insurance may include personal liability coverage. If you own a condo or townhouse, your condo policy may include liability coverage as well. However, the details can vary, and shared spaces may introduce additional considerations. For example, if a guest is injured inside your rented apartment, on your balcony, or in an area you are responsible for maintaining, your policy may come into play. If the injury occurs in a common area, the situation may involve the landlord, property owner, HOA, or condo association. The main point is simple: if you host guests, liability coverage is worth understanding, regardless of whether you own a house. A few simple steps before your next gathering Before your next graduation party, BBQ, pool day, or backyard get-together, take a little time to prepare your property. Make sure walkways are clear, stairs are well lit, railings are secure, and outdoor areas are free of obvious hazards. Keep pets separated if they may become overwhelmed. Supervise pools and play areas. Be thoughtful about alcohol, especially when minors are present. Check that grills, fire pits, and extension cords are placed safely. It is also smart to review your homeowners, renters, or condo insurance before hosting season gets into full swing. Ask about your liability limit, medical payments coverage, any exclusions that may apply, and whether an umbrella policy makes sense for your household. Hosting should feel enjoyable, not stressful Summer gatherings are part of what makes this season special in Upstate NY. Whether you are celebrating a graduate, inviting neighbors over for a cookout, or opening the pool for the first time, a little preparation can go a long way. Insurance may not be the most exciting part of party planning, but it can be one of the most important. Understanding your liability coverage helps you host with more confidence, protect your guests, and avoid surprises if something unexpected happens. Before the guests arrive, take a few minutes to look around your property and review your coverage. It is a small step that can make a big difference. If you are unsure whether your current policy fits your summer plans, our Personal Insurance Team at Simco Insurance & Wealth Management can help you review your options and understand what coverage may make sense for you and your family.
For many employers, managing a 401(k) plan has become more time-consuming than expected. What should feel like a straightforward administrative process often turns into ongoing coordination between payroll systems, retirement providers, HR teams, and compliance partners. The challenge usually is not the retirement plan itself. More often, the friction comes from the systems and processes supporting it. Manual uploads, delayed updates, repeated reconciliation work, and disconnected data flows can quietly create extra administrative burden over time. Because these issues develop gradually, many organizations begin treating them as “just part of the process.” But they do not have to be. As retirement administration continues to evolve, employers are taking a closer look at the operational side of their plans and asking whether their current processes are truly efficient, scalable, and aligned. Here are five questions worth asking about your organization’s 401(k) administration process. 1. Are We Still Manually Uploading Payroll Files? One of the most common inefficiencies in retirement administration is still surprisingly widespread: manually extracting payroll data and uploading files from one system to another every pay period. While this process may seem manageable, it creates unnecessary administrative work and introduces opportunities for error. Payroll teams often spend time formatting files, validating contribution data, and confirming whether updates were successfully processed. Over time, those extra steps add up. Modern payroll integrations can automate much of this process by securely transferring contribution, eligibility, and employee census data directly between systems. That reduces repetitive manual work while helping ensure retirement information stays current and accurate. If your team still relies heavily on manual uploads each pay cycle, it may be worth evaluating whether your current process is creating more administrative lift than necessary. 2. How Many Systems Need to Be Checked to Confirm an Update Went Through? This is where many employers begin to feel the operational strain of disconnected systems. An employee updates their deferral amount. A payroll change is processed. A loan repayment adjustment is made. Then someone has to verify whether the update actually flowed correctly between platforms. In environments where systems are not fully connected, HR and payroll teams often become the “checkpoint” between vendors, manually confirming updates and troubleshooting discrepancies after the fact. This is also where the difference between one-way and two-way integrations becomes important. A one-way, or 180° integration, typically sends payroll information outward to the retirement provider but does not automatically sync updates back into the payroll or HCM system . A two-way, or 360° integration, allows updates to move between systems automatically, helping reduce duplicate work and missed changes. The less time teams spend double-checking systems, the more time they can spend supporting employees and broader business priorities. 3. Could We Easily Pull Accurate Data for Compliance Testing and Reporting? Retirement plans operate within a highly regulated environment, and compliance depends heavily on accurate, timely data. Annual testing and reporting often require employers to provide detailed information including compensation data, contribution amounts, hire dates, demographic information, eligibility records, and more. For organizations using disconnected systems, collecting that information can become a time-intensive process. Missing fields, outdated data, or formatting inconsistencies often lead to repeated file requests and last-minute corrections during annual testing periods. This creates stress not only for HR and payroll teams, but also for plan administrators, TPAs, and recordkeepers responsible for maintaining compliance standards. Integrated payroll and retirement systems help streamline this process by automatically capturing and syncing data throughout the year, improving visibility and reducing the need for manual data gathering when reporting deadlines approach. 4. How Much Time Is HR Spending Fixing Preventable Errors? Many retirement administration issues do not start as major problems. More often, they begin as small discrepancies that require manual follow-up, whether it is a contribution that does not align with payroll data, an incorrect eligibility date, a delayed deferral update, or an incomplete census file. On their own, these issues may seem relatively minor. Over time, however, they create a significant amount of reactive work for HR and payroll teams that are left validating information, correcting inconsistencies, and coordinating between systems and providers. What makes this especially frustrating is that many of these issues are preventable. They are often the result of disconnected systems, delayed synchronization, or processes that rely too heavily on manual intervention. When teams spend large portions of their time validating data, reconciling discrepancies, and coordinating between providers, it becomes harder to focus on strategic priorities like employee engagement, workforce planning, and benefits strategy. Reducing friction behind the scenes can have a meaningful impact on both operational efficiency and the employee experience. 5. Is Our Current Process Built to Scale as We Grow? Processes that work for a smaller workforce can quickly become difficult to manage as an organization grows. More employees mean more payroll activity, more contribution data, more eligibility tracking, and more opportunities for inconsistencies across systems. Without connected infrastructure, administrative complexity tends to grow alongside headcount. That is why many employers are reevaluating whether their current retirement administration processes are sustainable long term. The goal is not simply to “manage” the workload, but to create systems that scale efficiently without increasing manual effort at the same pace. Connected payroll, HR, and retirement systems can help organizations reduce administrative burden, improve accuracy, and create a more streamlined experience for both employers and employees. A More Connected Approach to Retirement Administration A well-run 401(k) plan should not require constant oversight to function smoothly. When payroll, HR, and retirement administration systems work together, organizations gain better visibility into data, fewer manual touchpoints, improved reporting efficiency, and greater confidence in their processes overall. At Simco , we help employers simplify workforce management by aligning payroll, HR, benefits, and retirement administration through more connected systems and support models. For organizations evaluating their current retirement administration process, sometimes the most valuable first step is simply asking the right questions. Looking Ahead Retirement administration will likely continue becoming more data-driven, integrated, and compliance-focused in the years ahead. Employers that take time now to evaluate how information flows between payroll, HR, and retirement systems will be better positioned to reduce operational friction, support employees more effectively, and scale with greater confidence over time.
