Archive for the ‘Ohio’ Category

How To Become A Millionaire

Thursday, May 26th, 2016

Kick Your Lottery Ticket Habit

Your Money Multiplied - Ohio CPA Firm

PHOTO CREDIT: Akron Beacon Journal
The odds of winning Powerball are 1 in 292 million. The odds of winning Mega Millions are 1 in 259 million. The odds of winning Ohio’s Classic Lotto are 1 in 14 million. But if you were to invest the money you would normally spend the lottery into a 401(k) plan, your chances of winning big are all but guaranteed!

I recently found myself standing in line at a local convenience store behind a guy who was in the process of redeeming his winning $2 scratch-off lottery ticket for another chance to uncover his fortune. My mind started to wander and it wasn’t long before I starting wondering how much the Ohio lottery takes in every year and how a person’s lottery habit could be transformed into a pretty substantial retirement plan.

According to the annual report from the Ohio Lottery Commission, about $2.8 billion was collected by the Ohio Lottery between July 1, 2014 and June 30, 2015. Perhaps even more shocking is that more than half of these funds, or $1.55 billion, was a direct result of instant ticket sales – the scratch-offs! Since we know that Ohio has about 9 million residents who are 18-years-old and legally permitted to play the lottery, we can conclude that the average Ohioan is spending $323 annually on the lottery. (And since I know that I spend $0, I can only assume that there are men and women out there spending $600 or more on lottery tickets every year!)

Read Also: Don’t Get Blown Away By A Cash Windfall

For Fun or For Money?

Whether you view the lottery as a form of inexpensive entertainment or “a convenient and accessible tool for radically altering [your] standard of living,” if your objective is to obtain financial security … there’s a better way.

Countless studies have been conducted in order to explain why those with lower incomes tend to spend more of their income on the lottery. Some of the reports are simply astounding. Just a decade ago 21 percent of those who played believed that the lottery was the most practical path to wealth. It’s this skewed thought process that continues to drive lower income residents in particular to spend a significant portion of their income on these tactics rather than invest in more effective wealth enhancement solutions.

  • The odds of winning Powerball are 1 in 292 million.
  • The odds of winning Mega Millions are 1 in 259 million.
  • The odds of winning Ohio’s Classic Lotto are 1 in 14 million.
  • The odds of winning Ohio Rolling Cash 5 are 1 in 575,757.
  • And if you want to know how many prizes are left for the popular scratch-off games in Ohio on any given day you can find that out here.
  • But if you were to invest the money you would normally spend the lottery into a 401(k) plan, your chances of winning big are all but guaranteed!

Your Money Multiplied

Let’s assume a 30-year-old who normally spends $25 a week on the lottery (or $100 a month) decides to invest these funds into a 401(k). What would happen to the investment if we were to assume the following conditions?

  • The employer matches 50 cents on each dollar, bringing the total monthly investment to $150.
  • We assume an 8% average annual return on the investment.

In 35 years, the $100 he previously spent on the lottery plus the $50 his employer is kicking in would come to around $344,000 when you factor in the 8% average annual return. What’s incredible to consider is that over the course of 35 years, this individual will have only invested $1,200 per year of personal income (or $42,000 total).

Now, what if the employee decided to kick their monthly $100 lottery habit earlier at the age of 21?  If we were to apply the same conditions outlined above, in 44 years (when the employee reaches age 65), the same investment and company match would result in a 401(k) plan worth $1,457,677. Over the course of this 44-year career only $52,800 in personal funds would be contributed to the plan, but with the company match and 8% average annual return, the funds would continue to multiply – 27 times to be exact!

Don’t pass up on an opportunity to facilitate a discussion about retirement savings and the big impact even a few dollars can make over time. Email the retirement plan services team at Rea & Associates for tips to help you start the conversation and keep it going.

By Steve Renner, QKA (New Philadelphia office)

For more insight into our retirement plan services, check out these articles:

Don’t Let These Common Retirement Plan Mistakes Hurt Your Business

How Your Plan Design Can Help Improve Your Retirement Plan Participation

Retirement Plan Participants Are Content To Watch Their Savings Simmer

Share Button

Phishing Scam Is A Threat To Ohio Businesses

Monday, March 28th, 2016
IRS Phishing Scam - Ohio CPA Firm

You can take a proactive stance when it comes to protecting your company from these scams by encouraging your employees to pay close attention to emails that request sensitive information, such as the names of employees, Social Security numbers, dates of birth, addresses and/or salary information or copies of employee’s W-2 information.

The Ohio Department of Taxation (ODT) is echoing phishing scam alerts made by the IRS earlier this month in an effort to protect businesses and employees state-wide from identity theft and tax fraud.

Read Also: Payroll, HR Departments Targeted By Cyber Criminals

According to ODT, payroll and human resources offices at companies nationwide – including some in Ohio – reportedly received emailed requests that appear to be sent from a high ranking member of the company’s management team requesting confidential payroll data. While the emails appear to be legitimate, they are actually being sent by cybercriminals who are looking to fool employees into sending them detailed payroll and W-2 information. The imposters then use the information to file fraudulent tax returns.

“The scam has worked on more than 30 companies resulting in the theft of W-2 tax information for thousands of current and former employees,” ODT’s news release states. “The W-2 form contains an employee’s Social Security number, salary and other confidential data. This information enables thieves to create a realistic looking, but fraudulent tax return requesting a tax refund that is then filed with Ohio or other states, and the IRS.”

The frequency of tax fraud and identity theft continues to increase at an alarming rate. This tax season alone, the IRS reported an approximate 400 percent increase in phishing and malware incidents – a surge that was addressed back in February.

“If your CEO appears to be emailing you for a list of company employees, check it out before you respond,” said IRS Commissioner John Koskinen. “Everybody has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

You can take a proactive stance when it comes to protecting your company from these scams by encouraging your employees to pay close attention to emails that request sensitive information, such as the names of employees, Social Security numbers, dates of birth, addresses and/or salary information or copies of employee’s W-2 information. You can also let them know that they should never send sensitive information until a conversation takes place, either in-person or over the phone, with the member of management seeking the information. You can also check out the information provided here for general insight from ODT that could be used to help your employees identify phishing attempts and email scams.

If your Ohio business has been the victim of or experienced this or any other type of email phishing scheme, contact ODT immediately at 800.282.1780 to protect against potential tax fraud and safeguard Ohio taxpayer dollars.

Those who are interested in learning more about the increasing threat of cybercrime should check out The Columbus Cybersecurity Series. Presentations are scheduled to take place throughout the year and will focus on ways to help business owners learn more about cyber threats. The first installment is scheduled for Wednesday, April 6. The event is free but registration is required to attend. Attendees will walk away with new insight into these attacks as well as tips and advice that will help you protect your business.

By Lisa Beamer, CPA (New Philadelphia office)

Want to protect your employees from identity theft and tax fraud or need help recovering? Check out these articles:

How Can You Protect Yourself From Tax Fraud

Identity Theft Prevention: Tips To Reduce Your Risk of Becoming a Victim

How To Recover From Identity Theft & Refund Fraud

Share Button

Protect Yourself From Identity Theft & Refund Fraud

Wednesday, March 16th, 2016

It’s unfortunate that identity theft and refund fraud have become commonplace in our society, especially during tax season. On the other hand, it’s reassuring to see our government agencies stepping up to protect taxpayers from this threat.

In Ohio, the Identification Confirmation Quiz has been especially successful. Last year, the quiz helped prevent an estimated $259.1 million from going to fraudsters. At a federal level, during the 2013 filing season, the IRS launched a number of counter attacks to prevent around $24.2 billion from being claimed as the result of bogus income tax returns.

Read Also: How To Recover From Identity Theft & Refund Fraud

Even though identity theft and refund fraud show no signs of slowing down, in addition to the state-wide and federal efforts to protect taxpayers, there are ways you can help protect yourself. During tax season, take care when choosing your tax preparer. It’s important to be sure that they take their responsibility to safeguard your information very seriously. And, all year long, take common-sense precautionary measures that include:

  • Keeping your computer secure.
  • Avoiding phishing email and malware.
  • Protecting your personal information on and offline.

Few things are worse than suspecting, and then confirming, that you have had your identity stolen. Recovering from such a violation can be overwhelming. The good news is that you don’t have to go through it alone. Your tax preparer can help you along the way. Email Rea & Associates to learn more.

This article was originally published in the March 2016 edition of Consult The Expert column published in Columbus Business First.

By Ashley Matthews, CPA (Dublin office)

Want to learn more about the refund fraud epidemic? These articles will help.

Join The Fight Against Identity Theft & Income Tax Fraud

Should I still Be Concerned About Identity Theft And Tax Fraud?

Quiz Results Are In – And The News Is Good

Share Button

Five Reasons To Fall In Love With Your Financial Advisor

Friday, February 12th, 2016

While your financial advisor is probably the last person you are thinking about during those romantic holidays, you may want to reconsider and here’s why …

You share the same financial goals.

Whether the topic of conversation is on your personal finances or your business’s financial wellbeing, your financial advisor genuinely cares about your current and future economic security. That’s why they are always looking for ways to save you money – not just during tax season, all year long. Read “Don’t Miss Your Chance to Secure Tax-Free Wealth” to learn about five tax savings strategies you may have missed.


5 reasons to fall in love with your financial advisor from Rea & Associates

They are not afraid to ask for help.

Because they want your future to be financially sound, your financial advisor is not only happy to call in outside reinforcements and other industry experts to weigh in on key financial decisions, they insist on it. It’s just not realistic for one person to have all the answers, especially in business matters, which is why your financial advisor likely has a contact list full of bankers, lawyers, real estate brokers, city officials and many other industry leaders and business experts. Read “Getting by with A Little Help from Your Friends” for tips to help you identify the right advisors to help you overcome your unique challenges.

They have your back.

From helping you identify ways to protect your business against fraud to helping you avoid spending more money than is necessary during large negotiations, your financial advisor is always looking out for your best interest. Are you looking for ways to prevent occupational fraud in your business or do you need to know the true value of a property you are interested in purchasing? Either way, your financial advisor has the expertise and experience needed to keep you from being taken advantage of. Check out the article “Are Your Employees Skimming from the Top?” and “How to Make Your Building Work for You with a Cost Segregation Study” for more insight into these topics.

They always have good advice.

It should go without saying that your financial advisor has worked with their fair share of business owners. So, when it comes to knowing the ins and outs of running a business, they have a lot of good advice and can give you some great insight into techniques that have worked as well as warning you about others that may have fallen short of meeting expectations. Your financial advisor may not always provide you with the answer you were looking for, but if you bring them into the conversation they will always be there to give you the sound advice you need. Listen to episode 18 of unsuitable on Rea Radio to hear a veteran financial advisor talk about the positive psychology of having hard conversations.”

Help is always right around the corner.

If you have a personal finance question or are in need of expert business advice, email Rea & Associates to speak with one of our expert financial advisors today.

By Denell Skelton, CPA (Coshocton office)

Are you looking for more business tips and insight? Subscribe to unsuitable on Rea Radio on SoundCloud or iTunes and listen to new podcast episodes every week. Listen to these episodes to learn more:

Stuck on $5 million

Outsourcing: Quite Possibly Your Most Powerful Resource

The Revenue Sin

Share Button

Ohio’s Identity Theft Quiz Returns – With Modifications

Tuesday, February 2nd, 2016

Last year, Ohio’s Department of Taxation rolled out the Identification Confirmation Quiz, which required many Ohioans to prove their identities before receiving a refund. Needless to say, there were more than a few unhappy campers. However, despite its shortcomings, the quiz did what it was supposed to do – helped thwart tax fraud, which is why the Ohio tax quiz will make another appearance in 2016.

Read Also: How To Recover From Identity Theft & Tax Fraud

So, how successful was the quiz at stopping fraudsters from stealing refunds? Very. One Ohio news source reported that the quiz helped identify an estimated 234,336 fraudulent refund requests worth $259.1 million in 2015. The year prior, only 64,693 requests were reportedly stopped.

“We are committed to combating tax fraud and ensuring that tax refunds are paid only to legitimate filers,” said Joe Testa, Ohio tax commissioner, in an op-ed piece on the Ohio Bar Association’s website on Jan. 6. “We believe we’re among the leaders in the country in aggressively combating these fraud schemes. Last year, the Identity Confirmation Quiz was instrumental in that fight.”

Testa did go on to say that, after reviewing feedback from last year’s tax season, changes were made to the types of questions asked in an attempt to improve the entire process while facilitating a better experience overall. He said that further improvements were made to the department’s tax return analysis, which should result in fewer taxpayers from being required to take the quiz in order to receive a refund.

Tax fraud and identity theft continues to be a major problem throughout the nation, but you don’t have to stand by and do nothing. This article will provide you with some tips to help reduce your risk of becoming a victim.

By Lisa Beamer, CPA (New Philadelphia office)

Want more safety tips to help get you through tax season unscathed? Check out these articles:

Join The Fight Against Identity Theft & Income Tax Fraud

When Scammers Demand That You Pay Up, IRS Says You Should Hang Up

Let’s Talk About The F-Word

Share Button

Join The Fight Against Identity Theft & Income Tax Fraud

Friday, January 29th, 2016

Income tax identity theft and refund fraud has become a huge problem over the last few years; and while billions of dollars are finding their way into the pockets of fraudsters, the IRS is working hard to shut down these schemes.

The IRS paid roughly $5.8 billion dollars in fraudulent refunds to identity thieves over the course of the 2013 filing season. While that is a huge number, it could have been a lot worse. During the same time period, the amount the IRS successfully prevented or recovered totaled around $24.2 billion. But these statistics only take into consideration the fraud we know about.

Identity theft isn’t just a threat during tax season, scammers are exploiting a lot of cracks in your armor. Listen to episode 12: the great data saver on unsuitable on Rea Radio for insight from Joe Welker, CISA, Rea’s IT Audit Manager

The Unknown Number

While it is nice to know that the IRS is working hard to prevent identity theft and refund fraud, the truth is that we don’t yet have all the information to determine how bad the income tax fraud epidemic really is. This means that we continue to be at risk of becoming a fraud victim again this tax season. Perhaps if we knew how many fraudulent tax returns went on to be processed and how many billions of dollars were paid out to scammers looking to make a quick buck we could finally make some educated assumptions about the likelihood of being defrauded out of your refund check.

I don’t like not having all the necessary information.

Read Also: Ohio Department of Taxation Stops Thieves From Stealing Millions

This year, income tax fraud is expected to be higher than ever. This video, produced by abc6 out of Columbus, Ohio, shines more light on the topic of identity theft in Ohio.

Calling In Reinforcements

The IRS has realized that identity theft and refund fraud are threats that are showing no signs of going away. So the agency has requested help. The Internal Revenue Service, in cooperation with state tax administrators and tax industry leaders, has formed a public-private sector partnership to identify and test more than 20 new data elements on tax return submissions that will be shared with the IRS to detect and prevent fraudulent filings. The software industry is doing its part by putting enhanced identity validation requirements in place to protect customers and their personal information from identity thieves.

As of October 2015, 34 state departments of revenue and 20 tax industry members have signed memorandums of understanding regarding coalition’s roles, responsibilities and information sharing measures. More states are expected to sign on later.

Taxpayers Are Encouraged To Fight Back Against Fraud

Over the last 3 years, the IRS has initiated more than 3,000 fraud investigations. Those investigations have gone forward to convict and sentence close to 2,000 thieves to around 40 months in prison apiece. But there is still much to be done. They are doing their part.  We as taxpayers have to do ours.

In January, the IRS launched the “Taxes. Security. Together.” initiative to educate taxpayers on income tax identity theft and ways they can safeguard their information and protect themselves. According to the agency, there are several ways you can protect yourself from identity theft – especially during tax season:

  • Keep your computer secure
  • Avoid phishing email and malware
  • Protect your personal information

Above all, choose your tax preparer wisely and make sure they take their responsibility to safeguard your information very seriously. A tax preparer can also help if you do encounter a situation in which your information could be compromised.

By Ashley Matthews, CPA (Dublin office)

Want to take steps to ensure that you won’t be a fraud victim this year? These articles feature information that can help.

Should I still be concerned about identity theft and tax fraud?

How can you protect yourself from tax fraud

Identity Theft Prevention: Tips To Reduce Your Risk of Becoming a Victim

How To Recover From Identity Theft & Refund Fraud

Share Button

Business Leaders Were Reading What?!

Monday, December 28th, 2015

2015′s Most Popular Blog Posts

Best Business Blog Posts 2015- Ohio CPA FirmIf you take a moment to scroll through the list of categories, authors and archives on the right-hand side of this page, it’s pretty clear to see just how active Rea’s team of experts are when it comes to providing leaders in the business community with accurate, timely and easy to digest content. We are fortunate to have so much experience and expertise on our staff, and their eagerness to serve you better has allowed us to maintain a bi-weekly electronic newsletter, a quarterly print newsletter, three blogs and a handful of electronic segment specific newsletters. That’s a lot of content – but we are not even thinking about slowing down! I hope you hang around my lily pad for awhile. I’m pretty sure you’ll find a lot of great little tidbits to read about in 2016 too. Until then, I want to invite you to take a look at some of our most popular blog posts and articles. And, if you haven’t already, take a moment to look through the newsletters we offer and sign up to have news, tips and valuable information delivered to your inbox all year long!

Top 5 Dear Drebit Posts In 2015

Dear Drebit is updated every few days with timely information and advice. In addition to covering current trends and issues, readers are also invited to ask financial and business questions on the page, which will be answered by one of Rea’s industry experts. Here are last year’s top posts:

  1. How Far Back Can The IRS Go For Auditing?
  2. Theft Safeguards To Cause Tax Return Delays In Ohio
  3. Six Things 401K Plan Sponsors Need To Do Now
  4. New Adjustments Will Affect Your 2015 Tax Return
  5. File Faster With This Tax Prep Checklist

5 Most Popular Posts On Brushing Up Blog

Brushing Up: The Dental Accounting Blog features a variety of finance and business advice specifically tailored to dental professionals. From purchasing a practice, knowing what to expect from a career in dentistry and hiring the best staff for your practice to general accounting advice, tips for cashing out at retirement and tax tips, this blog is a valuable tool for dental professionals who are looking for ways to secure long-term success in their career. The year’s most-read blog posts are:

  1. How Sales & Use Taxes Apply To Ohio Dental Practices
  2. 6 QuickBooks Tips Every Dentist Should Know
  3. Could A Crown Be A Tax Deduction?
  4. 10 Year-End Tax Planning Strategies For Dentists
  5. Buying An Established Dental Practice? Master The Changeover 

Cultivating Your Business Readers Choose Top 5 2015 Posts

The Cultivating Your Business blog is a resource provided to clients and visitors on the firm’s Know & Grow website. Updated a few times per month, business owners have access to advice, tips and general insight into how to grow their businesses and realize an optimal return on their investment upon retirement. Here are the top blog posts from last year:

  1. Bad Buy-Sell Agreement Claims Another Family Dinner
  2. Will Your Summer Reading List Make You A Better Business Owner?
  3. WARNING: Free Business Valuation Offer Is Unbelievable
  4. Uncover The Secrets To Cashing In On Your Business
  5. How To Communicate To Your Employees That You’re Selling Your Business

Top 10 Articles In Rea’s Library In 2015

In addition to our blogs, the Rea team publishes a lot of other valuable content in print and electronic newsletters. We make sure that all these articles are easily accessible in our article library. This is where you will find many of our niche pieces as well as a lot of general accounting tips and insights. Take a look at some of our most popular posts over the last year.

  1. What Is The Mid-Quarter Convention?
  2. Dangers Of Paying Under The Table
  3. Revenue Recognition Changes Are Coming
  4. Football Ticket Deductions
  5. 401K Loans And Keeping Your Plan In Compliance
  6. Take Control Of Your Vendor Master In Nine Steps
  7. Why Your Traditional Employee Management Method Is Failing
  8. The Birth Of The Taxpayer’s Estate
  9. Parting Is Such Sweet Sorrow: But What About Your 401K?
  10. Purchasing Cards Compromise Business Security
Share Button

Congress Gives Taxpayers An Early Christmas Present

Monday, December 21st, 2015

PATH Act Makes Several Key Tax Provisions Permanent

PATH Act Makes Several Key Tax Provisions Permanent | Rea & Associates | Ohio CPA Firm

Congress finally made good on its promise to make take a more definitive stance on the future of many popular tax provisions last week when members voted in favor of making many of them permanent. Other tax provisions received a temporary extension. Read on to learn more.

There is nothing like waiting until the last minute to complete a task. We’ve all been there and we all promise we’ll never do it again. Unfortunately (especially when it comes to determining the future of several valuable tax provisions) our government has fallen victim to the same bad habit.

Year after year, Congress promises to address the future of many expired tax provisions, and year after year they fail to make a definitive decision – opting only to pass legislation that extends the provisions for another year. In the meantime, taxpayers are expected to take on the impossible task of navigating the terrain amidst legislative uncertainty. Happily, things are about to change.

Listen To Our Podcast Taxes Are Like Fishing To Learn More About Tax Strategy

Congress finally made good on its promise to make take a more definitive stance on the future of many popular tax provisions last week when members voted in favor of making many of them permanent. Other tax provisions received a temporary extension. The legislation, Protecting Americans From Tax Hikes Act of 2015 (PATH Act), is retroactive to Jan. 1, 2015, and provides taxpayers a level of certainty that they have been without for quite some time.

This legislation offers a lot of relief to individuals and businesses, alike. Here’s an overview of what you can expect moving forward.

Key Tax Provisions Made Permanent By The PATH Act:

  • 15-year recovery period for qualified leasehold improvements, qualified restaurant buildings and improvements, and qualified retail improvements
  • Extension and modification of the research & development credit, including allowing certain small businesses to claim the credit against AMT liability and employer’s payroll (ie: FICA) liability
  • 179 expensing limitations and phase out increased to $500,000 and $2 million respectively
  • Exclusion of 100 percent of gain on certain small business stock
  • Extension of tax-free distributions from IRAs for charitable purposes
  • Earned income tax credit
  • Child tax credit

Key Provisions Extended Through 2019

  • Extension of the new markets tax credit in which Congress authorized $3.5 billion allocation of credits each year from 2015 until 2019
  • Extension and expansion of the work opportunity tax credit
  • Bonus depreciation is extended at 50 percent for 2015 through 2017, 40 percent for 2018, and 30 percent for 2019

Key Provisions Extended Through 2016

  • Extension and expansion of empowerment zone tax incentives
  • Two-year moratorium on the 2.3 percent medical excise tax imposed on the sale of medical devices
  • Extension of energy efficient commercial buildings deduction

In addition to the extension of key tax provisions, the PATH act also puts more scrutiny on the operations of the IRS. IRS agents will be held accountable for knowing and acting in accordance with the taxpayer bill of rights and prohibits the use of IRS business for political gain.

The passage of the PATH act is a huge victory for American taxpayers, and will allow them to partner more efficiently and effectively with their tax advisors on key issues in years to come without the uncertainty that has plagued them for many years.

Be sure to set up an appointment to speak with your tax advisor or financial planner to talk about how the PATH act will impact your ability to take advantage of tax planning strategies. Do you have questions about specific aspects of the PATH act? Fill out the form on the top, right side of this page to submit your question to Dear Drebit.

By Ashley Matthews (Dublin office)

Are you looking for more ways to save on your tax bill? These articles can help:

Year-End Tax Tips For Business Owners

Dos & Don’ts of Gifting Donations

Should I Make A Big Purchase To Cut Taxes?

Share Button

When the ACA Tops The Charts, Joe Popp Provides The Play-By-Play

Thursday, December 17th, 2015

What do you know about the new Affordable Care Act’s filing requirements?

Well, if you are a large employer (an employer with 50 or more full-time employees or full time equivalent (FTE) employees), for example, you should be in the process of preparing your 1095-C forms to distribute to employees before the Jan. 31, 2016 deadline. But that’s not all …

I recently spoke with Gary Hunt, senior content editor for the Ohio Society of CPAs, about the “ACA’s latest hits” for an episode of OSCPA Spotlight video series. During this interview, I went into some more detail about the forms large employers are required to file per the ACA, specifically Form 1095-C.

So, if you want to know a little more, including who’s responsible for completing the forms and when they’re due, among other things, click on the video below or check it out on the OSCPA website.

You can also learn more about the services our team at Rea & Associates is offering large employers who are scrambling to meet the deadline – I mentioned this at the end of the segment – when you visit www.reacpa.com/affordable-care-act-consulting.

Don’t say we didn’t warn ya! Here are some more resources that shine light on the upcoming ACA filing requirements:

Secure Form 1095-C Help Now And Avoid Penalties

Make BIG Changes Or Face BIG Fines

The Cost Of Reimbursing Employees For Health Care

Share Button

Then And Now: Data Security In America Since The Target Breach

Wednesday, December 16th, 2015
Data Breach - Ohio CPA Firm

The Target breach symbolizes the moment when the threat of personal data security violations became mainstream in America; and today, we don’t think about fraud in terms of if it will happen – it’s when it will happen.

It’s hard to remember a time when reports of data breaches, ransomware attacks and business email compromises (BEC) weren’t part of our daily lives. In fact, not so long ago we were pretty content to believe that the controls companies had in place were enough to protect us from the invisible threat of hackers and cyber criminals. But that was just a dream – and it wasn’t long before that dream manifested into a nightmarish scenario for one of the nation’s largest retailers.

Read Also: Businesses Beware: Sloppy Data Security Could Cost You

Two years ago, cyber criminals gained access to the point-of-sale systems belonging to Target. Authorities later learned that the hacker(s) gained access to about 11 GB worth of data (including highly-sensitive personal and credit card information). When the dust settled, about 70 million consumers nationwide were left vulnerable to identity theft and credit card fraud. This magnitude of this breach was huge and, as a result, companies everywhere made an effort to buckle down and implement a slew of “best practices.” But what has really changed since December 2013?

What Have We Learned From Target?

The Target breach symbolizes the moment when the threat of personal data security violations became mainstream in America; and today, we don’t think about fraud in terms of if it will happen – it’s when it will happen. But instead of becoming more vigilant about data security practices, it appears as though consumers have chosen a more desensitized reaction. These days we are content with trusting the credit card companies to notify us of any suspicious activity occurring on our account rather than implementing safer payment practices in our daily lives.

Retailers and credit card companies, on the other hand, have worked hard to make it more difficult for hackers to access their customer data. Since the breach, Target has:

  • Installed EMV compliant point-of-sale (POS) terminals in all stores to allow for transactions to be processed using a token instead of actual credit card numbers.
  • Joined two cybersecurity threat-sharing organizations in order to share and retrieve valuable information concerning data breaches and the source of those breaches.
  • Implemented more stringent firewall rules and governance procedures.
  • Constantly monitors and logs system activity.
  • Applied whitelisting technology, an administrative process that allows only preapproved applications to execute in a system, on the store’s POS systems.
  • Disabled or placed limited access on vendor accounts.
  • Deployed 2-factor authentication.
  • Established password vaults and required the use of more complex passwords.
  • Thoroughly reviewed and revised its process on how to determine which employees and contractors would have access to consumer data.

With the exception of the first two points, the measures Target has taken since its 2013 data breach are considered best practices, which means that if your business doesn’t have these security measures in place, you shouldn’t wait any longer. And, with regard to EMV technology, most businesses were expected to install and activate the new technology before Oct. 1, 2015 to avoid liability for losses resulting from fraudulent transactions.

A Moving Target

As long as there are fraudsters willing to pay for stolen names, addresses, credit card numbers and expiration dates, phone numbers, email addresses, dates of birth, Social Security numbers, etc., there will be cyber criminals looking for a way to hack into your company’s system to gain access to your consumer data or intellectual property. But if you are really serious about keeping your data safe, there are additional measures you can take.

1. Reinforce Your Firewall

Firewalls should be securely configured and continuously monitored. There are many providers that perform 24-7 firewall monitoring services to protect your company from attacks and or to alert you to signs of a possible breach. Moreover, providers are also coupling these services with the use of whitelists or blacklists, which triggers an immediate response if a potential threat is identified. Another great reinforcement for companies with experienced IT staff, would be the implementation of SIEM (Security Information and Event Management) or IDS (Intrusion Detection System) software.

2. Take Your VIP List Seriously

Not everybody should have access to your company’s domain – especially outside groups, and you should take care to review your employee and vendor access accounts routinely. The 2013 Target breach was a result of a breach that was intended for one of Target’s vendors. But, once in, the hacker was able to work his way into the Target Vendor Portal and infiltrate the Target POS systems.

3. Don’t Take Your Passwords For Granted

While doing so, be sure to verify that these credentials, in particular, require complex passwords, a limit on the number of attempts allowed before automatically disabling the account, and that they are required to be changed regularly. (Believe it or not, the most common password continues to be “123456” – proving that we are still not learning from past mistakes.)

By: Joe Welker, CISA (New Philadelphia office)

Check out these articles for more data security best practices

Malware Threat Spreads To Smart Phones

Who Is That Email Really From?

Could Your Company Be Ransomware’s Next Victim?

Share Button