Yahoo recently confirmed it was the victim of a large-scale data breach, which left more than 500 million users vulnerable two years ago. Read on to learn more.
Just when you think you can breathe a sigh of relief, we’re told to suck that air back in and brace for the inevitable fallout of what is now being considered the largest confirmed data breach of a single company’s computer network to date. According to officials at Yahoo, hackers gained access to more than 500 million user accounts registered with the technology company two years ago. And because so many people use Yahoo for their email, finances, fantasy sports and so on, everybody is being urged to take action immediately – before the cybercriminals have a chance to exploit the stolen data.
Depending on the type of information you have stored on your user account, there are all kinds of dangers associated with this type of data breach. Yahoo officials confirmed that hackers successfully gained access to user names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions.
If you are one of those people who use the same password across all your online accounts, the recovery process will be difficult. Changing your Yahoo password is only the first step in the recovery process. Because cybercriminals can use the information collected to attempt to log in to other websites, you will also need to comb through your other online accounts to make sure they remain secure.
In the meantime, consider utilizing the following password best practices.
Change your passwords quarterly – especially those that protect your email accounts, domain logins and online banking accounts.
Use passphrases with at least 12 characters consisting of upper and lower case letters, numbers and special characters.
Never share your passphrases with others and, if you enter your passphrase on a public computer, change it once you are able to log on to your account from a secure location.
Use two-step verifications whenever they are available.
Think Before You Click
In addition to maintaining your passwords by taking advantage of the best practices listed above, stay vigilant when it comes to email safety. In particular, consider every unsolicited email and communication you receive as untrustworthy. A single click of the mouse can open up the flood gates and can leave your company’s network vulnerable to a myriad of cyber threats.
By Steve Roth, IT Director (New Philadelphia office)
Check out these article for even more password tips:
Today is the first day of Fall, how are you getting your taxes ready for the end of the year?
According to the calendar, summer 2016 has officially come to an end. But, fortunately for you, there are a lot of reasons to smile in autumn! From sipping on a pumpkin spice latte while snuggling deeper into your favorite hoodie to enjoying a great college football game with friends and family; these months certainly seem to bring with them a certain type of comfort and tranquility. Did you know that you can extend this calmness and well-being into the tax season as well? All it takes is a little tax prep on your part. Then, when January rolls around, you can rest easy knowing that you are prepared and poised to take advantage of more tax savings than ever before.
Take a look at these helpful articles to get you started on the right foot.
Organization Is The Key To Your Tax Prep Success
File Faster With This Tax Prep Checklist – It’s that time of year again – time to gather your information and prepare to file your tax return. If you want the process to go smoothly, make sure to gather and organize your information before sitting down with your tax preparer. You may be surprised how fast the entire filing process goes if you spend a little time preparing!
Wondering what more can do to better prepare the upcoming tax season? Reach out to the team at Rea & Associates for some tips. And while you have a professional tax advisor on the phone, schedule a day and time to meet with them to discuss your unique tax situation. The best way to optimize your tax savings is to work one-on-one with the experts and meeting times fill up fast once tax season begins!
American taxpayers can celebrate now that a range of restrictions known to hinder taxpayers’ efforts to save for their golden years due to circumstances beyond their control have been lifted by the IRS. This is a big win that will save thousands of IRAs from the harsh bite of needless and accelerated taxation. Keep reading to learn more.
Did you miss the deadline to rollover your retirement plan or traditional IRA funds due to circumstances beyond your control? In the past, such an issue would have resulted in issues on your tax return and/or an expensive private letter ruling request, culminating in a full-fledged assault on your retirement nest egg. Fortunately, the IRS released new guidance that may eliminate this costly headache by simplifying the way retirement rollovers are managed when they are made outside of the 60-day rollover deadline.
Effective Aug. 24, 2016, according to the IRS, taxpayers who miss the 60-day deadline for at least one of the 11 specific reasons outlined in Rev. Proc. 2016-47, may avoid immediate taxation if a self-certification letter is submitted to the IRA trustee or plan administrator. Under the new rule, as long as the reason for their tardiness meets one or more of the 11 conditions outlined in the provision and the late rollover contribution is completed “as soon as practicable after the applicable reason (s) no longer prevents the taxpayer from making the contribution. The practicable timeframe is noted as 30 days in the guidance.
With regard to the validity of the taxpayer’s claim, the revenue procedure indicates that self-certification is all that’s required to be completed and submitted to the trustee or plan administrator. Please note, however, that the self-certification is not to be considered a waiver of the 60-day requirement as the IRS reserves the right to deny the request if an audit finds that the taxpayer failed to meet the requirements of Rev. Proc. 2016-47.
11 Reasons To File Your Late Rollover Contribution Self-Certification Letter
As long as the IRS has not previously denied the taxpayer’s waiver request made with respect to a rollover contribution of all or part of a related distribution, the 11 conditions considered to be acceptable for missing the 60-day deadline are:
An error was committed by the financial institution receiving the contribution or making the distribution to which the contribution relates;
The distribution having been made in the form of a check, was misplaced and never cashed;
The distribution was deposited into and remained in an account that the taxpayer mistakenly thought was an eligible retirement plan;
The taxpayer’s principal residence was severely damaged;
A member of the taxpayer’s family died;
The taxpayer or a member of the taxpayer’s family was seriously ill;
The taxpayer was incarcerated;
Restrictions were imposed by a foreign country;
A postal error occurred;
The distribution was made on account of a levy under § 6331 and the proceeds of the levy have been returned to the taxpayer; or
The party making the distribution to which the rollover relates delayed providing information that the receiving plan or IRA required to complete the rollover despite the taxpayer’s reasonable efforts to obtain the information.
This is a big win for the American taxpayer, as it effectively lifts a range of restrictions known to hinder taxpayers’ efforts to save for their golden years due to circumstances beyond their control – saving “thousands of IRAs from the harsh bite of needless and accelerated taxation.” To make a certified late rollover contribution, your letter must also adhere to certain specifications. I recommend customizing the letter provided by the IRS in Rev. Proc. 2016-47. It can be accessed here. Once you have completed the letter, remember to retain a copy of it in your files to ensure it is available if the IRS requests this information during an audit.
The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.
The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.
A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:
1) Restore the machine by using backup media, or
2) Accommodate the hacker’s demands and pay their ransom.
And both options are less than ideal.
What To Do If Your Company’s Network Becomes Infected
Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.
“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”
Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:
Provide law enforcement with a greater understanding of the threat
Help justify Ransomware investigations
Contribute relevant information to ongoing Ransomware cases
Help Arm The FBI With Information
The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).
Date of Infection
Ransomware Variant (identified on the ransom page or by the encrypted file extension)
Victim Company Information (industry type, business size, etc.)
How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
Requested Ransom Amount
Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
Ransom Amount Paid (if any)
Overall Losses Associated with a Ransomware Infection (including the ransom amount)
Victim Impact Statement
The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Click here to read the FBI’s complete announcement.
To learn more about protecting your business from cybercrime, download the free whitepaper, “Cybercrime: The Invisible Threat That Haunts Your Business.”
Launched as an initiative to recognize those who work in the payroll industry while helping to educate all American workers about the make-up of their paychecks, National Payroll Week takes place every year during the week of Labor Day. Presented by the American Payroll Association, this year (2016), National Payroll Week is slated for Sept. 5-9.
Here at Rea, we love a good celebration! So, here are four great articles that provide some insight payroll professionals might find useful.
Don’t Get Tripped Up By Payroll – Managing your entity’s payroll isn’t always as easy as simply rewarding your employee an agreed upon compensation for a hard day’s work. And because salaries and related benefits are usually the largest expenditures of most governmental entities, it’s absolutely imperative that your payroll amounts are calculated correctly. Avoid making costly mistakes and make sure you have the proper checks and balances in place to ensure that you are properly calculating payroll every time.
New DOL Rule Shakes Up Exemption Threshold –The Department of Labor (DOL) announced its publication of a final rule to update the regulations governing the exemption of certain classes of employees from minimum wage and overtime pay protections of the Fair Labor Standards Act (FLSA). The final rule, which goes into effect Dec. 1, provides for an updated salary and compensation threshold for executive, administrative and professional (EAP) employees to be considered exempt as well as provides an amendment to the salary basis test to allow employers to utilize nondiscretionary bonuses and incentive payments to satisfy up to 10 percent of the new standard salary level.
Dangers of Paying Under the Table – It’s not a surprise to many people that some workers are paid “under the table.” It’s a common practice in industries using temporary workers, such as construction, repair and other trades. Keep reading to learn more why paying under the table is a no-no.
Do you need a hand in managing your company’s payroll responsibilities? Email Rea & Associates, to find out how working with a team of expert payroll professionals can enhance your business.
I don’t know about you, but September seemed to come out of nowhere! But fear not. Even though summer is officially over, we still have a lot to celebrate – like all those great blog posts we featured on Dear Drebit last month?! So, before we officially make the leap into fall, join me as I take a look back at some of the top posts business owners were reading in August.
Get Ready, Get Set, Get Shopping! – Were you one of the many shoppers flooding stores the first weekend in August in search of some great back-to-school bargains? If so, then you were able to take advantage of this year’s Sales Tax Holiday. Missed it? That is ok, read on to learn more about it and how you can take advantage of these savings next year.
How To React To A Data Breach – It was 2013 when a medium-sized library in Ohio found itself in the midst of a data breach that would later serve as a powerful case study warning against the very real threat of electronic fraud. While originally developed by the Ohio Auditor of State’s office as a tool for government entities throughout the state, Cash Management 240: Financial Fraud – A Case Study, has found usefulness beyond just the government sphere. Read more about it now!
Could An FSA Bring Value To Your Business’s Benefit Plan? – Does your company’s benefit package feature access to a Flexible Spending Account? Have you considered adding one in the past but still have questions? As health costs continue to rise, we continue to learn more and more about how this pre-tax health benefit can help level the playing field for employees. But in order to get maximum benefit from this incentive, your team needs to know what it’s capable of doing. Read on to learn more.
Did we leave you wanting more? Great! We love to hear from you about what information or updates you are looking forward to seeing this month. Just reach out to us with your question or topic and one of our accounting and business consulting experts may pick it up for a future post!
If you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider. Read on to learn more.
I am regularly asked by clients, friends and family whether they should be concerned with storing their data in a cloud-based environment. My answer: Absolutely.
Even though cloud-based data storage solutions are managed by storage and security professionals (at least hopefully), there’s really no way to determine whether their authentication policies and data security procedures are always in line with industry standards. Because I’m acutely aware of these standards and best practices, I would have a hard time entrusting a cloud-based data storage enterprise with copious amounts of my company’s sensitive information.
At the end of the day, your company’s data and the data you collect is your responsibility. Therefore, your IT team is ultimately responsible for verifying whether it’s properly secured and whether a proper authentication protocol is in place to ensure that those accessing data are approved to do so. When you work with a cloud-based data storage solutions business, your control over data security procedures is significantly limited.
And just because we haven’t heard much about these types of breaches in the past, doesn’t mean they don’t happen. Consider, for example, the latest “mega-breach,” that has affected millions of Dropbox users.
The Dropbox Breach
According to reports, more than 68 million Dropbox user accounts and associated information, including user names and passwords, were discovered online. The company said Dropbox user information stolen by hackers and distributed via the Internet was the result of a previously disclosed data breach from 2012. Unfortunately, the company and the company’s users are still being hurt by this attack. In response, Dropbox said in a statement that it was forcing password resets.
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, head of trust and security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
Protect Your Data To Protect Your Company
Most professionals in the data security field – including myself – believe that any and every site can be hacked. Therefore, in an effort to protect our companies and the businesses and individuals we serve, our goal is to provide comprehensive cybersecurity education to all employees while striving to be aware of all data security issues that may have occurred. Hopefully we will know about any data breach long before cybercriminals have a chance to post information on the Internet or before our businesses are notified of an issue by the FBI or Secret Service.
Want to know why data security professionals say that your company’s employees are your weakest link? This video highlights a common security breach method used by hackers to gain access to your company.
You can take a proactive stance against cybercriminals with the following data security protocols.
Don’t just install a firewall, constantly monitor your firewall. Your IT team can constantly monitor your company’s firewall through the use of Security Information and Event Management (SIEM) or Intrusion Detection Systems (IDS) programs. You can also work with an external service provider to provide this essential service.
Passwords are powerful, protect them. Require your employees to use complex passwords to log onto your company’s network and change those passwords regularly. Secondary authentication is also important to use wherever possible.
Don’t wait for disaster to strike – actively defend your company. Routinely test the access controls of your employees. Not all employees require access to all company data. Instead, only grant access to the data your employees need to do their jobs.
Educate, educate, educate. It seems like there are new phishing attempts, ransomware attacks and malware issues every day. But just because you hear that they are happening doesn’t mean your employees are aware. Make sure you keep your employees up to speed. Doing so may just stop them from clicking on a potentially dangerous email.
If, for whatever reason, you do decide to store your company’s data on the cloud, be sure to thoroughly investigate the cloud environment you intend on using. Then, pay close attention to whether their security controls and processes, including rollover sites or backup and testing procedures, adhere to industry standards. It’s also best practice to request a SOC (Service Organization Controls) SOC Report from your cloud provider.
At the end of the day, all you can do is take ownership of your data and be proactive when it comes to verifying the safety and security of your organization’s data. Email Rea & Associates to learn more.