During the past few months, the workforce has found itself in unprecedented situations regarding all aspects of a typical day to day business. This has lead to the CARES Act Programs, the PPP loans, and now dealing with a slow opening of states in phases. We understand that it is beyond common to have questions and concerns that may be leading you to say, “now what?” We hope the following information will be a helpful guide in leading your small or mid-size business in the right direction during our time back to “normal.”
CARES Act Programs
Our world has been stricken by a global pandemic that has placed businesses of all sizes in unprecedented situations. With the introduction of the CARES Act came the introduction of many different programs geared to help small and mid-size companies have left a lot of these employers saying, “NOW WHAT?” Below are multiple commonly asked questions along with resources created to help strategize for moving forward.
What is available?
Paycheck Protection Program (PPP)
The CARES Act created a program to help bridge payroll expenses through June 30, 2020. The PPP will be administered by the Small Business Administration (SBA).
For non-seasonal employers, the average monthly payroll is the average total monthly payments for payroll during the one-year period preceding the date of loan origination
For seasonal employers, the average monthly payroll is the average total monthly payments for the payroll period between February 15, 2019, through June 30, 2019, or March 1, 2019, through June 30, 2019, at the election of the borrower
For businesses that were not in operation from February 15, 2019, to June 30, 2019, the average monthly payroll is the average total monthly payments the payroll period between January 1, 2020, to February 29, 2020.
How do I apply for the loan?
You can apply for the PPP loan through any SBA recognized lenders.
Employers may defer employer share of Social Security tax deposits due for the period beginning 3/27/20 through 12/31/2020.
Payment schedule for deferred taxes:
50% due by 12/31/2021
50% due by 12/31/2022
PEO client employers would assume sole liability for payment of any deferred taxes when the client directs
the PEO to defer tax payment with respect to wages paid by the PEO under this deferral option.
The Employee Workforce
It seems like the last few months we have been in a cloud of uncertainty, but it seems to be leaning more to our days going back to what will be known as the new normal. We don’t know exactly what that is, but here at eESI, we just want to make sure we are here every step of the way as a resource. Employees are starting to head back, but NOW WHAT? Find out strategies and answers to your questions below:
If you offer an employee work and they refuse?
You do not have to pay them
You do not have to let them take PTO or vacation
They may be eligible for state or local mandatory sick leave
They are not qualified for FFCRA EPSL (unless they otherwise meet one of the six reasons for qualification)
Be sure to involve all management team in decisions
Monitor federal, state, and local closure orders, re-opening guidelines, industry practices, and geographic considerations (federal guidance)
If enrolled in the SBA Paycheck Protection Program, remember employers have until June 30, 2020, to restore full-time employment and salary levels for changes made between February 15 and April 16, 2020
Be aware of Current Phase-In per Industry
Link Phase in to Sheila’s table from Shertz
Latest Update with States Reopening:
Greg Abbott had ordered all Texans to stay home through April 30.
On May 5, he announced a reopening of certain businesses starting May 8.
Salons are allowed to open May 8, with restrictions such as one customer per stylist and 6 feet between stations and customers waiting. Masks are strongly recommended by not mandatory.
****Gyms and exercise facilities, non-essential manufacturing, and business offices will be allowed to reopen May 18, with restrictions such as keeping capacity at 25% and ensuring social distancing.
All retail stores, restaurants, movie theaters, malls, museums, and libraries were permitted to reopen on Friday, May 1, but must limit their capacity to 25% of their listed occupancy.
The state’s “safer at home” order took effect on April 27 and is in effect until May 27.
Retail businesses can reopen with curbside delivery and elective medical procedures can resume. Businesses such as personal training and dog grooming can reopen with social distancing.
Retail businesses began to reopen May 1, while people will be permitted to return to non-essential office work on May 4. The state also joined with Nevada and three West Coast states to coordinate their Covid-19 reopening plans.
Polis warned people not to think the coronavirus emergency is over, however. “It’s not going to be life as normal. We’re in this for the long haul, but it’s sustainable for the medium term,” Polis said in a press conference the day the order was lifted.
Denver Mayor Michael Hancock extended the city’s stay-at-home order until at least May 8.
What are safety precautions that you can be taking?
Disinfect office and all areas
Consider OSHA Guidelines/Laws
Masks, gloves, face shields, etc.. (some industries are mandatory)
Must include everyone and record info
Keep confidential, and not with employees file
Limit access to info
Can ask if experiencing COVID-19 related symptoms
Don’t single out employees
Any other testing must be filed with the CDC and other agencies
Any testing could trigger ADA protection and/or state laws
There is no EEOC guidance on antibody testing, yet…
Train all employees on appropriate cleaning and disinfection, hand hygiene, and respiratory etiquette
Train managers regarding “do’s” and “don’ts” of pre-employment
Train management team to ensure understanding of new leave options, eligibility, and retaliation concerns
Ensure management understands any negative comments about the use of FFCRA leave may support claims of retaliation
Consider limiting traveling
Close common gathering areas (lunchrooms, etc…)
If employees are feeling ill – send them home
If an employee has close contact with a person who is lab-confirmed to have COVID-19; They need to self-quarantine for 14 days
Limit in-person contact, limit in-person meetings
Consider staggering shifts
Respond promptly to all safety concerns
Look at the current handbook
Leave of Absence, FMLA, ADA, etc…
Process for requesting leave
Document your plan to bring back employee(s)
IT: Protecting Your Business
The stay at home orders has increased the need for cybersecurity more than ever due to a large percentage of employees working from home. Business IT departments understand more than ever the growing threats to your companies and are working tirelessly to bring peace to businesses of all sizes. With employees coming back to work and moving back from remote working, NOW WHAT? What are some of the threats, what are IT, teams, doing moving forward?
What are the common threats?
Malware – Malicious Software
Umbrella term for any program that’s meant to cause harm or steal data
Includes: viruses, worms, trojans, ransomware, spyware, etc.
This is a social engineering attack that uses email or a website to infect your machine with malware or collect your data
Typically appear as innocent or from a legitimate source
Relies on psychological triggers (such as fear or a sense of urgency) to trick you into giving up your data or executing malware
Man in the middle attack
When a transaction occurs on the internet, it typically has to go from point A to point B. A man in the middle attack happens when an unauthorized actor interrupts the flow of information and inserts themselves between point A and B so that they can collect or spy on that data
Typically occurs via malware or through an unsecured public Wi-Fi network
This is when an unauthorized actor uses your password to log into your stuff
Usually, when people say they’ve been hacked, this is what they actually mean
Some different methods:
Brute-force – When the attacker uses a program to generate millions of possible password combinations to guess the correct password
This is typically the least effective unless you have a very simple and obvious password (e.g. password or 123456789)
Dictionary attack – When the attacker uses combinations of common words or known information about you to try to guess your password.
This is usually more effective as people tend to use something they know and can easily memorize as their password (e.g. birthdate + pet name)
This is when your computer is infected with malware that’s collecting every keystroke you’ve made, enabling a hacker to get your username and passwords.
Keyloggers will typically know what website your app you’re attempting to log into and collect the keystrokes to get your credentials
This would be an attack from within your organization
Typically either due to a malicious employee or by negligence and inadequate security practices/training
This is typically the most damaging and hardest to detect because:
you trust your employees and they do have a legitimate need to have access to data to do their jobs
you don’t have a security policy or team to respond to security issues
How can we protect against them?
For all of these common threats, a central theme in protecting against them is employee training. Employees should know at a high level what threats are out there, and what they can do to mitigate the damage. It is also important to have a plan in place, a security policy that layout the guidelines of how company resources should be used and secured. You also need some security software to protect against malware and provide visibility and insight into your network. And on top of all that, you need a team (either internal or outsourced) to manage and respond to security threats as the cybersecurity landscape is constantly changing and threats are ever-present. It’s not a matter of IF you get hacked, but WHEN. The question to ask is “When I am under attack, will my organization be ready to respond?”
What are IT teams doing moving forward?
The COVID-19 pandemic has really changed things in our economy and for many companies has shifted where work happens. As many companies have gone remote, and will likely stay remote even after the pandemic is over, the question of “How do I protect my organization from cyber threats?” has become more complicated. Companies will have to reassess where they are now most vulnerable, what is most important to protect and align their security policy and procedures to what they find.
It is very common to ask yourself “Now What” when it comes to some of these questions. We are in unprecedented times due to COVID-19 and it has left us all wondering “Now What?” We want to take the stress off your plate and leave you with strategies and suggestions on how to handle any scenarios you haven’t had to face as an employer before.
If you have any further questions you would like for us to answer fill out the form below: