During the past few months, the workforce has found itself in unprecedented situations regarding all aspects of a typical day to day business. This has lead to the CARES Act Programs, the PPP loans, and now dealing with a slow opening of states in phases. We understand that it is beyond common to have questions and concerns that may be leading you to say, “now what?” We hope the following information will be a helpful guide in leading your small or mid-size business in the right direction during our time back to “normal.”

CARES Act Programs

Our world has been stricken by a global pandemic that has placed businesses of all sizes in unprecedented situations. With the introduction of the CARES Act came the introduction of many different programs geared to help small and mid-size companies have left a lot of these employers saying, “NOW WHAT?” Below are multiple commonly asked questions along with resources created to help strategize for moving forward.

Paycheck Protection Program (PPP)

The CARES Act created a program to help bridge payroll expenses through June 30, 2020. The PPP will be administered by the Small Business Administration (SBA).

  • For non-seasonal employers, the average monthly payroll is the average total monthly payments for payroll during the one-year period preceding the date of loan origination
  • For seasonal employers, the average monthly payroll is the average total monthly payments for the payroll period between February 15, 2019, through June 30, 2019, or March 1, 2019, through June 30, 2019, at the election of the borrower
  • For businesses that were not in operation from February 15, 2019, to June 30, 2019, the average monthly payroll is the average total monthly payments the payroll period between January 1, 2020, to February 29, 2020.
  • Employers generally entitled to a tax credit equal to 50% of “qualified wages” with respect to each employee for the quarter.
  • The credit can be taken immediately against the employer portion of Social Security taxes that are due.
  • Employers may defer employer share of Social Security tax deposits due for the period beginning 3/27/20 through 12/31/2020.
  • Payment schedule for deferred taxes:
    • 50% due by 12/31/2021
    • 50% due by 12/31/2022
  • PEO client employers would assume sole liability for payment of any deferred taxes when the client directs
  • the PEO to defer tax payment with respect to wages paid by the PEO under this deferral option.

The Employee Workforce

It seems like the last few months we have been in a cloud of uncertainty, but it seems to be leaning more to our days going back to what will be known as the new normal. We don’t know exactly what that is, but here at eESI, we just want to make sure we are here every step of the way as a resource. Employees are starting to head back, but NOW WHAT? Find out strategies and answers to your questions below:

  • You do not have to pay them
  • You do not have to let them take PTO or vacation
  • They may be eligible for state or local mandatory sick leave
  • They are not qualified for FFCRA EPSL (unless they otherwise meet one of the six reasons for qualification)
  • This should disqualify them from unemployment
  • Be sure to involve all management team in decisions
  • Monitor federal, state, and local closure orders, re-opening guidelines, industry practices, and geographic considerations (federal guidance)
  • If enrolled in the SBA Paycheck Protection Program, remember employers have until June 30, 2020, to restore full-time employment and salary levels for changes made between February 15 and April 16, 2020
  • Be aware of Current Phase-In per Industry
    • Link Phase in to Sheila’s table from Shertz
  • Texas
    • Greg Abbott had ordered all Texans to stay home through April 30.
    • On May 5, he announced a reopening of certain businesses starting May 8.
    • Salons are allowed to open May 8, with restrictions such as one customer per stylist and 6 feet between stations and customers waiting. Masks are strongly recommended by not mandatory.
    • ****Gyms and exercise facilities, non-essential manufacturing, and business offices will be allowed to reopen May 18, with restrictions such as keeping capacity at 25% and ensuring social distancing.
    • All retail stores, restaurants, movie theaters, malls, museums, and libraries were permitted to reopen on Friday, May 1, but must limit their capacity to 25% of their listed occupancy.
  • Colorado
    • The state’s “safer at home” order took effect on April 27 and is in effect until May 27.
    • Retail businesses can reopen with curbside delivery and elective medical procedures can resume. Businesses such as personal training and dog grooming can reopen with social distancing.
    • Retail businesses began to reopen May 1, while people will be permitted to return to non-essential office work on May 4. The state also joined with Nevada and three West Coast states to coordinate their Covid-19 reopening plans.
    • Polis warned people not to think the coronavirus emergency is over, however. “It’s not going to be life as normal. We’re in this for the long haul, but it’s sustainable for the medium term,” Polis said in a press conference the day the order was lifted.
    • Denver Mayor Michael Hancock extended the city’s stay-at-home order until at least May 8.
  • Disinfect office and all areas
  • Consider OSHA Guidelines/Laws
  • Provide PPE
  • Masks, gloves, face shields, etc.. (some industries are mandatory)
  • Testing
  • Temperature taking
  • Must include everyone and record info
  • Keep confidential, and not with employees file
  • Limit access to info
  • Can ask if experiencing COVID-19 related symptoms
  • Don’t single out employees
  • Any other testing must be filed with the CDC and other agencies
  • Any testing could trigger ADA protection and/or state laws
  • There is no EEOC guidance on antibody testing, yet…
  • Train all employees on appropriate cleaning and disinfection, hand hygiene, and respiratory etiquette
  • Train managers regarding “do’s” and “don’ts” of pre-employment
  • Train management team to ensure understanding of new leave options, eligibility, and retaliation concerns
  • Ensure management understands any negative comments about the use of FFCRA leave may support claims of retaliation
  • Consider limiting traveling
  • Close common gathering areas (lunchrooms, etc…)
  • If employees are feeling ill – send them home
  • If an employee has close contact with a person who is lab-confirmed to have COVID-19; They need to self-quarantine for 14 days
  • Limit in-person contact, limit in-person meetings
  • Consider staggering shifts
  • Respond promptly to all safety concerns
  • Look at the current handbook
  • Leave of Absence, FMLA, ADA, etc…
  • Process for requesting leave
  • Rehire Policy
  • PTO/Sick Policy
  • Document your plan to bring back employee(s)

IT: Protecting Your Business

The stay at home orders has increased the need for cybersecurity more than ever due to a large percentage of employees working from home. Business IT departments understand more than ever the growing threats to your companies and are working tirelessly to bring peace to businesses of all sizes. With employees coming back to work and moving back from remote working, NOW WHAT? What are some of the threats, what are IT, teams, doing moving forward?

  • Malware – Malicious Software
    • Umbrella term for any program that’s meant to cause harm or steal data
    • Includes: viruses, worms, trojans, ransomware, spyware, etc.
  • Phishing
    • This is a social engineering attack that uses email or a website to infect your machine with malware or collect your data
    • Typically appear as innocent or from a legitimate source
    • Relies on psychological triggers (such as fear or a sense of urgency) to trick you into giving up your data or executing malware
  • Man in the middle attack
    • When a transaction occurs on the internet, it typically has to go from point A to point B. A man in the middle attack happens when an unauthorized actor interrupts the flow of information and inserts themselves between point A and B so that they can collect or spy on that data
    • Typically occurs via malware or through an unsecured public Wi-Fi network
  • Password attack
    • This is when an unauthorized actor uses your password to log into your stuff
    • Usually, when people say they’ve been hacked, this is what they actually mean
    • Some different methods:
      • Brute-force – When the attacker uses a program to generate millions of possible password combinations to guess the correct password
        • This is typically the least effective unless you have a very simple and obvious password (e.g. password or 123456789)
      • Dictionary attack – When the attacker uses combinations of common words or known information about you to try to guess your password.
        • This is usually more effective as people tend to use something they know and can easily memorize as their password (e.g.  birthdate + pet name)
      • Keylogging
        • This is when your computer is infected with malware that’s collecting every keystroke you’ve made, enabling a hacker to get your username and passwords.
        • Keyloggers will typically know what website your app you’re attempting to log into and collect the keystrokes to get your credentials
  • Insider threat
    • This would be an attack from within your organization
      • Typically either due to a malicious employee or by negligence and inadequate security practices/training
    • This is typically the most damaging and hardest to detect because:
      • you trust your employees and they do have a legitimate need to have access to data to do their jobs
      • you don’t have a security policy or team to respond to security issues

For all of these common threats, a central theme in protecting against them is employee training. Employees should know at a high level what threats are out there, and what they can do to mitigate the damage. It is also important to have a plan in place, a security policy that layout the guidelines of how company resources should be used and secured. You also need some security software to protect against malware and provide visibility and insight into your network. And on top of all that, you need a team (either internal or outsourced) to manage and respond to security threats as the cybersecurity landscape is constantly changing and threats are ever-present. It’s not a matter of IF you get hacked, but WHEN. The question to ask is “When I am under attack, will my organization be ready to respond?”

The COVID-19 pandemic has really changed things in our economy and for many companies has shifted where work happens. As many companies have gone remote, and will likely stay remote even after the pandemic is over, the question of “How do I protect my organization from cyber threats?” has become more complicated. Companies will have to reassess where they are now most vulnerable, what is most important to protect and align their security policy and procedures to what they find.

It is very common to ask yourself “Now What” when it comes to some of these questions. We are in unprecedented times due to COVID-19 and it has left us all wondering “Now What?” We want to take the stress off your plate and leave you with strategies and suggestions on how to handle any scenarios you haven’t had to face as an employer before.

If you have any further questions you would like for us to answer fill out the form below:

Now What