Archive for September, 2016

Yahoo Confirms Data Breach, 500 Million Users Vulnerable

Monday, September 26th, 2016
Yahoo Data Breach - Ohio CPA Firm

Yahoo recently confirmed it was the victim of a large-scale data breach, which left more than 500 million users vulnerable two years ago. Read on to learn more.

Just when you think you can breathe a sigh of relief, we’re told to suck that air back in and brace for the inevitable fallout of what is now being considered the largest confirmed data breach of a single company’s computer network to date. According to officials at Yahoo, hackers gained access to more than 500 million user accounts registered with the technology company two years ago. And because so many people use Yahoo for their email, finances, fantasy sports and so on, everybody is being urged to take action immediately – before the cybercriminals have a chance to exploit the stolen data.

Read Also: Cloud-Based Data Storage Solutions Aren’t Risk-Free

Why Worry?

Depending on the type of information you have stored on your user account, there are all kinds of dangers associated with this type of data breach. Yahoo officials confirmed that hackers successfully gained access to user names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions.

If you are one of those people who use the same password across all your online accounts, the recovery process will be difficult. Changing your Yahoo password is only the first step in the recovery process. Because cybercriminals can use the information collected to attempt to log in to other websites, you will also need to comb through your other online accounts to make sure they remain secure.

In the meantime, consider utilizing the following password best practices.

  • Change your passwords quarterly – especially those that protect your email accounts, domain logins and online banking accounts.
  • Use passphrases with at least 12 characters consisting of upper and lower case letters, numbers and special characters.
  • Never share your passphrases with others and, if you enter your passphrase on a public computer, change it once you are able to log on to your account from a secure location.
  • Use two-step verifications whenever they are available.

Think Before You Click

In addition to maintaining your passwords by taking advantage of the best practices listed above, stay vigilant when it comes to email safety. In particular, consider every unsolicited email and communication you receive as untrustworthy. A single click of the mouse can open up the flood gates and can leave your company’s network vulnerable to a myriad of cyber threats.

By Steve Roth, IT Director (New Philadelphia office)

Check out these article for even more password tips:

8 Tips For Crafting A Strong Password

Passwords Are Like Underwear …

Then And Now: Data Security In America Since The Target Breach

Share Button

Fall Into Tax Prep …

Thursday, September 22nd, 2016
tax planning

Today is the first day of Fall, how are you getting your taxes ready for the end of the year?

According to the calendar, summer 2016 has officially come to an end. But, fortunately for you, there are a lot of reasons to smile in autumn! From sipping on a pumpkin spice latte while snuggling deeper into your favorite hoodie to enjoying a great college football game with friends and family; these months certainly seem to bring with them a certain type of comfort and tranquility. Did you know that you can extend this calmness and well-being into the tax season as well? All it takes is a little tax prep on your part. Then, when January rolls around, you can rest easy knowing that you are prepared and poised to take advantage of more tax savings than ever before.

Take a look at these helpful articles to get you started on the right foot.

Organization Is The Key To Your Tax Prep Success

  • File Faster With This Tax Prep Checklist It’s that time of year again – time to gather your information and prepare to file your tax return. If you want the process to go smoothly, make sure to gather and organize your information before sitting down with your tax preparer. You may be surprised how fast the entire filing process goes if you spend a little time preparing!
  • If You Can’t Avoid It, Organize It: Organization Is Critical To Financial Planning and Tax Preparation Tax planning is one of the essentials to personal financial planning and wealth creation. And taxes are one of those things you need to think about all year long, not just during filing season. Having recently filed (or extended) your return, it’s time to take a look back and a look forward and determine how you can be better prepared for next year’s tax season.
  • Stay Organized Year-Round To Make Tax Prep EasierThe best advice to get ready to prepare your taxes is “don’t wait!” Stay organized year-round in accumulating information that will be needed for tax filing.

Wondering what more can do to better prepare the upcoming tax season? Reach out to the team at Rea & Associates for some tips. And while you have a professional tax advisor on the phone, schedule a day and time to meet with them to discuss your unique tax situation. The best way to optimize your tax savings is to work one-on-one with the experts and meeting times fill up fast once tax season begins!

Share Button

Late Rollovers May Benefit From New IRS Guidance

Tuesday, September 20th, 2016
IRS Lifts Restrictions | Retirement Savings | Ohio CPA Firm

American taxpayers can celebrate now that a range of restrictions known to hinder taxpayers’ efforts to save for their golden years due to circumstances beyond their control have been lifted by the IRS. This is a big win that will save thousands of IRAs from the harsh bite of needless and accelerated taxation. Keep reading to learn more.

Did you miss the deadline to rollover your retirement plan or traditional IRA funds due to circumstances beyond your control? In the past, such an issue would have resulted in issues on your tax return and/or an expensive private letter ruling request, culminating in a full-fledged assault on your retirement nest egg. Fortunately, the IRS released new guidance that may eliminate this costly headache by simplifying the way retirement rollovers are managed when they are made outside of the 60-day rollover deadline.

Effective Aug. 24, 2016, according to the IRS, taxpayers who miss the 60-day deadline for at least one of the 11 specific reasons outlined in Rev. Proc. 2016-47, may avoid immediate taxation if a self-certification letter is submitted to the IRA trustee or plan administrator.  Under the new rule, as long as the reason for their tardiness meets one or more of the 11 conditions outlined in the provision and the late rollover contribution is completed “as soon as practicable after the applicable reason (s) no longer prevents the taxpayer from making the contribution. The practicable timeframe is noted as 30 days in the guidance.

Read Also: Brush Up On These New Tax Form Due Dates

With regard to the validity of the taxpayer’s claim, the revenue procedure indicates that self-certification is all that’s required to be completed and submitted to the trustee or plan administrator. Please note, however, that the self-certification is not to be considered a waiver of the 60-day requirement as the IRS reserves the right to deny the request if an audit finds that the taxpayer failed to meet the requirements of Rev. Proc. 2016-47.

11 Reasons To File Your Late Rollover Contribution Self-Certification Letter

As long as the IRS has not previously denied the taxpayer’s waiver request made with respect to a rollover contribution of all or part of a related distribution, the 11 conditions considered to be acceptable for missing the 60-day deadline are:

  1. An error was committed by the financial institution receiving the contribution or making the distribution to which the contribution relates;
  2. The distribution having been made in the form of a check, was misplaced and never cashed;
  3. The distribution was deposited into and remained in an account that the taxpayer mistakenly thought was an eligible retirement plan;
  4. The taxpayer’s principal residence was severely damaged;
  5. A member of the taxpayer’s family died;
  6. The taxpayer or a member of the taxpayer’s family was seriously ill;
  7. The taxpayer was incarcerated;
  8. Restrictions were imposed by a foreign country;
  9. A postal error occurred;
  10. The distribution was made on account of a levy under § 6331 and the proceeds of the levy have been returned to the taxpayer; or
  11. The party making the distribution to which the rollover relates delayed providing information that the receiving plan or IRA required to complete the rollover despite the taxpayer’s reasonable efforts to obtain the information.

This is a big win for the American taxpayer, as it effectively lifts a range of restrictions known to hinder taxpayers’ efforts to save for their golden years due to circumstances beyond their control – saving “thousands of IRAs from the harsh bite of needless and accelerated taxation.” To make a certified late rollover contribution, your letter must also adhere to certain specifications. I recommend customizing the letter provided by the IRS in Rev. Proc. 2016-47. It can be accessed here. Once you have completed the letter, remember to retain a copy of it in your files to ensure it is available if the IRS requests this information during an audit.

Email Rea & Associates to learn more about how this new provision will be beneficial to you.

By Wendy Shick, CPA, CFP (Mentor office)

Check out these articles for more great helpful information to review as you prepare to file your taxes:

Can My Summer Daycare Expenses Earn A Tax Credit?

How Will A Tax Credits And Incentives Plan Benefit Your Business?

Environmentally Friendly Tax Savings

Share Button

Help The FBI Find A Defense Against Ransomware

Monday, September 19th, 2016
Help Fight Ransomware - Ohio CPA Firm

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.

The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

Read Also: Could Your Company Be Ransomware’s Next Victim?

A Closer Look At Ransomware

A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:

1)     Restore the machine by using backup media, or

2)     Accommodate the hacker’s demands and pay their ransom.

And both options are less than ideal.

What To Do If Your Company’s Network Becomes Infected

Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.

“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”

Read Also: How Much Is Your Data Worth To Criminals?

Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:

  • Provide law enforcement with a greater understanding of the threat
  • Help justify Ransomware investigations
  • Contribute relevant information to ongoing Ransomware cases

Help Arm The FBI With Information

The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Click here to read the FBI’s complete announcement.

To learn more about protecting your business from cybercrime, download the free whitepaper, “Cybercrime: The Invisible Threat That Haunts Your Business.”

Share Button

It’s National Payroll Week – So What Does That Mean?

Monday, September 5th, 2016

Launched as an initiative to recognize those who work in the payroll industry while helping to educate all American workers about the make-up of their paychecks, National Payroll Week takes place every year during the week of Labor Day. Presented by the American Payroll Association, this year (2016), National Payroll Week is slated for Sept. 5-9.

National Payroll Week 2016 - Ohio CPA Firm

Image credit: National Payroll Week’s website

Here at Rea, we love a good celebration! So, here are four great articles that provide some insight payroll professionals might find useful.

  1. Don’t Get Tripped Up By Payroll – Managing your entity’s payroll isn’t always as easy as simply rewarding your employee an agreed upon compensation for a hard day’s work. And because salaries and related benefits are usually the largest expenditures of most governmental entities, it’s absolutely imperative that your payroll amounts are calculated correctly. Avoid making costly mistakes and make sure you have the proper checks and balances in place to ensure that you are properly calculating payroll every time.
  2. New DOL Rule Shakes Up Exemption Threshold –The Department of Labor (DOL) announced its publication of a final rule to update the regulations governing the exemption of certain classes of employees from minimum wage and overtime pay protections of the Fair Labor Standards Act (FLSA). The final rule, which goes into effect Dec. 1, provides for an updated salary and compensation threshold for executive, administrative and professional (EAP) employees to be considered exempt as well as provides an amendment to the salary basis test to allow employers to utilize nondiscretionary bonuses and incentive payments to satisfy up to 10 percent of the new standard salary level.
  3. Payroll, HR Departments Targeted By Cyber Criminals Over the last few years, the threat of refund fraud and identity theft has become a very real concern, and criminals have proven that they will go to great lengths to get the information they need to complete their scams. This recent phishing scam is no exception.
  4. Dangers of Paying Under the Table – It’s not a surprise to many people that some workers are paid “under the table.” It’s a common practice in industries using temporary workers, such as construction, repair and other trades. Keep reading to learn more why paying under the table is a no-no.

Do you need a hand in managing your company’s payroll responsibilities? Email Rea & Associates, to find out how working with a team of expert payroll professionals can enhance your business.

Share Button

Summer May Be Over But Top Blog Posts Are Always In Season

Friday, September 2nd, 2016

I don’t know about you, but September seemed to come out of nowhere! But fear not. Even though summer is officially over, we still have a lot to celebrate – like all those great blog posts we featured on Dear Drebit last month?! So, before we officially make the leap into fall, join me as I take a look back at some of the top posts business owners were reading in August.

  1. Get Ready, Get Set, Get Shopping! Were you one of the many shoppers flooding stores the first weekend in August in search of some great back-to-school bargains? If so, then you were able to take advantage of this year’s Sales Tax Holiday. Missed it? That is ok, read on to learn more about it and how you can take advantage of these savings next year.
  2. How To React To A Data Breach It was 2013 when a medium-sized library in Ohio found itself in the midst of a data breach that would later serve as a powerful case study warning against the very real threat of electronic fraud. While originally developed by the Ohio Auditor of State’s office as a tool for government entities throughout the state, Cash Management 240: Financial Fraud – A Case Study, has found usefulness beyond just the government sphere. Read more about it now!
  3. Did Fraudsters Counterfeit Your Organization’s Checks?The internet can be a valuable tool for so many honest, well-meaning people. Unfortunately, it can also be a playground for fraudsters. Keep reading to find out how fraudsters are counterfeiting checks.
  4. How Can You Track Use Tax in QuickBooks?Do you filed for use tax amnesty with QuickBooks? How are you going to track it daily going forward? The answer is as simple as 1-2-3.
  5. Could An FSA Bring Value To Your Business’s Benefit Plan? Does your company’s benefit package feature access to a Flexible Spending Account? Have you considered adding one in the past but still have questions? As health costs continue to rise, we continue to learn more and more about how this pre-tax health benefit can help level the playing field for employees. But in order to get maximum benefit from this incentive, your team needs to know what it’s capable of doing. Read on to learn more.

Did we leave you wanting more? Great! We love to hear from you about what information or updates you are looking forward to seeing this month. Just reach out to us with your question or topic and one of our accounting and business consulting experts may pick it up for a future post!

Share Button

Cloud-Based Data Storage Solutions Aren’t Risk-Free

Thursday, September 1st, 2016
Cloud-Based Storage Solution | Rea & Associates - Ohio CPA Firm

If you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider. Read on to learn more.

I am regularly asked by clients, friends and family whether they should be concerned with storing their data in a cloud-based environment. My answer: Absolutely.

Even though cloud-based data storage solutions are managed by storage and security professionals (at least hopefully), there’s really no way to determine whether their authentication policies and data security procedures are always in line with industry standards. Because I’m acutely aware of these standards and best practices, I would have a hard time entrusting a cloud-based data storage enterprise with copious amounts of my company’s sensitive information.

Download The Free Whitepaper: Cybercrime: The Invisible Threat That Haunts Your Business

At the end of the day, your company’s data and the data you collect is your responsibility. Therefore, your IT team is ultimately responsible for verifying whether it’s properly secured and whether a proper authentication protocol is in place to ensure that those accessing data are approved to do so. When you work with a cloud-based data storage solutions business, your control over data security procedures is significantly limited.

And just because we haven’t heard much about these types of breaches in the past, doesn’t mean they don’t happen. Consider, for example, the latest “mega-breach,” that has affected millions of Dropbox users.

The Dropbox Breach

According to reports, more than 68 million Dropbox user accounts and associated information, including user names and passwords, were discovered online. The company said Dropbox user information stolen by hackers and distributed via the Internet was the result of a previously disclosed data breach from 2012. Unfortunately, the company and the company’s users are still being hurt by this attack. In response, Dropbox said in a statement that it was forcing password resets.

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, head of trust and security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

Protect Your Data To Protect Your Company

Most professionals in the data security field – including myself – believe that any and every site can be hacked. Therefore, in an effort to protect our companies and the businesses and individuals we serve, our goal is to provide comprehensive cybersecurity education to all employees while striving to be aware of all data security issues that may have occurred. Hopefully we will know about any data breach long before cybercriminals have a chance to post information on the Internet or before our businesses are notified of an issue by the FBI or Secret Service.


Want to know why data security professionals say that your company’s employees are your weakest link? This video highlights a common security breach method used by hackers to gain access to your company.


You can take a proactive stance against cybercriminals with the following data security protocols.

  • Don’t just install a firewall, constantly monitor your firewall. Your IT team can constantly monitor your company’s firewall through the use of Security Information and Event Management (SIEM) or Intrusion Detection Systems (IDS) programs. You can also work with an external service provider to provide this essential service.
  • Passwords are powerful, protect them. Require your employees to use complex passwords to log onto your company’s network and change those passwords regularly. Secondary authentication is also important to use wherever possible.
  • Don’t wait for disaster to strike – actively defend your company. Routinely test the access controls of your employees. Not all employees require access to all company data. Instead, only grant access to the data your employees need to do their jobs.
  • Educate, educate, educate. It seems like there are new phishing attempts, ransomware attacks and malware issues every day. But just because you hear that they are happening doesn’t mean your employees are aware. Make sure you keep your employees up to speed. Doing so may just stop them from clicking on a potentially dangerous email.

If, for whatever reason, you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then, pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider.

At the end of the day, all you can do is take ownership of your data and be proactive when it comes to verifying the safety and security of your organization’s data. Email Rea & Associates to learn more.

By Joe Welker, CISA (New Philadelphia)

For more tips and insight to help keep your company safe from cybercriminals, listen to episode 41: “the hacked & the hacked nots” on unsuitable on Rea Radio.

Share Button