New Form of Malware Catching Retailers Off Guard

Joe Welker | August 25th, 2014

Last week, UPS announced that 51 of its stores were infected by point-of-sale (POS) malware that has been affecting other retailers across the U.S. In total, UPS estimates that approximately 105,000 POS transactions were comprised in the data breach, leaving many customers’ financial and contact information exposed, increasing their risk of identity theft and fraud.

POS malware, known as Backoff, was identified last week as having targeted a New Orleans restaurant, a much smaller retailer than UPS. On July 31, several government agencies sent out an alert about Backoff. The alert explained the risks that Backoff posed to U.S. businesses, including smaller merchants, and that this new form of malware was found to infect POS systems via access to a remote-access portal.

And just a few days ago, the U.S. Secret Service announced that an estimated 1,000 businesses have been infected by Backoff. Now the Department of Homeland Security is encouraging all businesses – no matter the size – to scan their POS systems to check for a possible compromise.

While these recent incidents may not affect you or your business directly, the discovery of this new form of malware should cause you to stop and assess your business’s IT security situation. Do you have the right security protocols in place to protect your business – and your customers – from a potential data breach?

How To Protect Your Business From A Data Breach

Your mind may be far from thinking about your business’s IT environment. You’re probably focused more on the day-to-day operations of your business and serving your customers. But think of protecting your business’s IT environment as one way of serving your customers. By protecting your IT systems, you are helping ensure that your customers’ personal and financial data is safe. Here are some ways you can protect your business’s IT environment:

  • Use End Point Protection monitoring to verify that all workstations are current on their virus definition files and OS patches.
  • Make sure all servers are patched with the most current operating system security patches.
  • Employ a vendor to complete penetration testing to find any open avenues to your network.
  • Consider implementing Intrusion Detection Systems (IDS) or Security Information & Event Management (SIEM) applications. Many companies utilize IDS/SIEM to monitor their incoming and outgoing network traffic. If the expense is too great or you don’t have qualified personnel, then consider a vendor to provide the service. Many vendors provide these services at a very reasonable price.
  • Review the Mitigation and Prevention Strategies of the Department of Homeland Security July 31, 2014, announcement of the Backoff malware.

The Cost of Protecting Your Customers

What cost is too much to protect my customers’ data? Only you can answer this question. UPS and the restaurant have chosen to pay for identity theft and credit monitoring services for customers who may have been affected from their data breaches (a data breach-related expense many companies don’t consider). But take that one step further. What cost is too much to protect my business’s reputation? In order for your company to survive in today’s digital world, it’s critical for your business to cultivate a culture of trust with your customers. Many businesses find that they’ll do what it takes to prevent security breaches. What will you do?

Want more IT tips? Check out other articles that provide best practices on how to secure your business’s IT environment.

Author: Joe Welker, CISA (New Philadelphia office)

 

Related Articles:

8 Tips For Crafting A Strong Password

Do You Know Who Has Access To Your IT Network?

How Can I Protect My Business From A Data Security Breach?

Share Button

When Scammers Demand That You Pay Up, IRS Says You Should Hang Up

Maribeth Wright | August 18th, 2014

More than 1,000 American taxpayers have collectively lost about $5 million as a result of a recent phone scam that has been reported to be active in virtually every corner of the nation. The Internal Revenue Service (IRS) reminds everybody to be vigilant, to never give personal financial information to anybody over the phone, and to report instances of phone scams to the IRS and/or to the Treasury Inspector General for Tax Administration (TIGTA).

According to IRS Commissioner John Koskinen, “Taxpayers should remember their first contact with the IRS will not be a call from out of the blue, but through official correspondence sent through the mail. A big red flag for these scams are angry, threatening calls from people who say they are from the IRS and urging immediate payment. This is not how we operate. People should hang up immediately and contact TIGTA or the IRS.”

To date, more than 90,000 complaints regarding the scam have been made to the IRS and TIGTA.

Signs of An IRS Phone Scam

A media release, sent Aug. 13, reports that scammers will use fake names and IRS badge numbers, are able to recite the last four digits of a victim’s social security number, and spoof the IRS’ toll-free number on caller IDs so that the calls appear legitimate. Victims reported that they were threatened with jail time or driver’s license revocation if they refused to comply with demands. After hanging up, scammers call back claiming to be local law enforcement or a DMV representative. The second phone call is supposed to reinforce their original claim and demands.

Don’t Be An IRS Phone Scam Victim

  • If you think you might owe taxes or that there may be an issue with your taxes, call the IRS directly at (800) 829-1040. An authorized IRS representative can help you determine if you have a payment due.
  • If you get a suspicious call from someone claiming to be from the IRS and you know that you have no IRS issues, report the incident to TIGTA at (800) 366-4484. You should also contact the Federal Trade Commission and use its “FTC Complaint Assistant” at FTC.gov. Be sure to add “IRS Telephone Scam” to the comments of your complaint.
  • Don’t let scammers catch you off your guard with questions about your tax history. Call your CPA and be confident about whether you owe money to the IRS or not. When it comes to your financial security, take a proactive approach.

Email Rea & Associates if you’re ever unsure about anything you received from the IRS, whether it is a letter, a phone call or an email. We can help you determine if the inquiry is legitimate.

By Maribeth Wright, CPA (Cambridge office)

 

Looking for other articles on how you can protect yourself and your business? We recommend these:

How Can I Protect My Business From A Data Security Breach?

Are You Secure? Cyber Security Targets Employee Benefit Accounts

How Do You Protect Yourself From Identity Theft?

 

Share Button

Obtaining Tax-Exempt Status Just Got Easier

Lisa Beamer | August 12th, 2014

Many individuals want to know how easy it is to obtain tax-exempt status. About a month ago, you would have been told that the application process alone was rather lengthy. In fact, the standard Form 1023, which is the Application for Recognition of Exemption Under Section 501(c)(3) of the Internal Revenue Code, is 26 pages in length. On July 1, the Internal Revenue Service introduced a significantly shorter application form – Form 1023-EZ – which is just three pages long.

What Is Form 1023-EZ?

Form 1023-EZ is a simplified version of Form 1023 and its use is limited to organizations with gross receipts of $50,000 or less and total assets of $250,000 or less. The IRS says that 70 percent of new applicants should be able to use the new form, but to ensure that the right organizations are using the right form; the IRS has outlined factors that may disqualify larger organizations from using the new form. Be sure to read the instructions carefully.

The IRS says it currently has more than 60,000 backlogged 501(c)(3) applications. The new, streamlined application form is anticipated to speed up the approval process for smaller groups, which means the agency will have more resources available to review applications submitted by larger organizations.

What You Need To Know About The 1023-EZ Form

If you are planning to fill out the new EZ form, here are three things you need to know:

  • The new EZ form must be filed online.
  • A $400 user fee is due at the time the form is submitted and must be paid through pay.gov.
  • Users must complete an eligibility checklist, which is included in the instructions for Form 1023-EZ, before filing the form.

Obtaining Tax-Exempt Status and Creating A Tax-Exempt Organization

The new EZ form makes it very easy to create a tax-exempt organization, but applicants should always seek professional assistance to ensure that their organization is operating, and will continue to operate, in accordance with their tax-exempt purpose.

Email Rea & Associates and ask if your organization qualifies to use Form 1023-EZ. Our team of business accounting and consulting professionals can answer your questions and guide you on your path to formally establishing your tax-exempt organization.

Author: Lisa Beamer, CPA (New Philadelphia office)

 

Want more best practices for nonprofit organizations? Check out these blog posts:

How Effective Is Your Nonprofit Organization?

How Do You Build A Strong Not-for-Profit Board?

How Do You Protect Your Non-Profit’s Donations From Fraud?

 

Share Button

The Do’s and Don’ts of Summertime Tax Prep

Meredith Mullet | August 7th, 2014

It’s the beginning of August and you’re probably not keeping yourself up at night thinking about your taxes. Frankly, who has time to think about itemized deductions and tax-free distributions when you would rather be grilling out, soaking in the sun, or enjoying your family vacation? April 15, 2015, may be more than 260 days away, but now is a great time to look at your taxes and make necessary adjustments to effectively sidestep any potential problems that might cause problems when tax season does arrive.

Consider These Tax Prep Do’s and Don’ts

  • Don’t assume that filing your taxes will be the same as the year before. More than 50 tax provisions expired on Dec. 31.
  • Do make yourself aware of any changes that have occurred since last tax season. Click here to view the most up-to-date list. Some of the most common expired provisions include:
    • Itemized deduction for state and local general sales tax
    • Itemized deduction for mortgage insurance premiums (PMI)
    • Tax-free distributions from individual retirement plans for charitable purposes
    • 50 percent accelerated tax depreciation (“Bonus depreciation”).
    • Increased expensing. (This provision allows businesses to deduct the full purchase price of qualified equipment.) Current 2014 provisions are $25,000 deduction with a $200,000 limitation on purchases.
  • Do take time to manage your files. It’s much more manageable to file six months’ worth of receipts vs. a whole years’ worth in January. Are you looking for inspiration? Now is a good time to start organizing medical and charitable contribution receipts.
  • Do make a note as to whether the size of your household changed.
  • Don’t forget to review your withholdings. Did you receive a large refund in 2013? Did you owe the IRS in April? To adjust your withholdings, speak with your payroll representative and complete a new W-4.
  • Do send your estimated payments for income to the IRS every quarter to avoid charges and penalties for underpayments. If you forgot to make a payment or you underpaid in April or June, don’t worry. There’s still time to catch up on your September and January payments.
  • Don’t underestimate the short-term value of retirement contributions. Aside from the long-term savings benefits, many retirement accounts are a great tax deferral. If you are participating and not maxing out, consider increasing your contribution. Contributions to a Traditional IRA are another consideration.
  • Do set aside some time to review your health insurance situation. Alternatively, if you did not maintain health care coverage (and were not exempted) you will owe a penalty with your 2014 1040.
  • Do confirm that you comply with the new repair/capitalization regulations.

Tax Prep Help

A few minutes of work and organization now could save you some major headaches in April. Don’t miss out on your opportunity to jump start your tax prep. Want more tax prep tips? Contact Rea & Associates. Our team of Ohio tax professionals can help you determine what you need to do now to ensure tax time goes smoothly for you.

Author: Meredith Mullet, CPA (Wooster office)

 

Want more tax prep tips? Check these blog posts out:

What Should You Do After Tax Season?

How Can A Small Business Owner Keep More Money In Their Pocket?

So Is It a Tax Credit Or a Tax Deduction?

 

Share Button

Software Updates Don’t Have To Be Hard

Lesley Mast | August 4th, 2014

Your business probably uses a variety of software systems, whether it’s for an accounting function, a manufacturing process or a scheduling process. It has been said that technology doubles in advancement nearly every 12-18 months. New updates, new releases, and new products are brought to market constantly. Yet, when was the last time you or your team evaluated your current software or compared it to other existing options?

Most people dread the idea of switching software or converting to a newer version, but if you and your team do the homework, the transition doesn’t have to be so painful or costly.

Considerations For Your Current Software

Consider the following points when evaluating your existing software:

  • Does your current software do what you want it to? If so, does your staff know how to use it effectively?
  • Does your current software do what you need it to? Have you had to put many workarounds into your systems to make the software work?
  • Are your users complaining?
  • Is your IT department complaining?
  • Are you paying a lot for the service you are receiving?
  • Are you getting the IT support you need from the software company?

Five Tips For Easing Your Software Evaluation Process

When you decide to evaluate your software, here are some tips to ease the process:

  1. Assign a project manager. This person will be responsible for making sure team members are completing assignments and for keeping the group moving forward.
  2. Put together a team of users. Consider who uses the software and include members who vary in experience, IT savviness and tenure. Include a member of your IT team.
  3. Do your research. Call on companies who are in your industry to see what they use and ask them about their experiences. Are they satisfied with their software? How do they effectively use it? Also call on companies who use your existing software also to see what their experiences have been.
  4. Calculate a cost/benefit analysis. With any conversion, there are hard costs and soft costs involved. Calculate the amount of time and resources a change could involve, as well as its impact on your team’s morale. If there is a large conversion cost to incur, how quickly will you earn that back with the efficiencies to be gained from making the change?
  5. Keep the end goal in mind. What are you trying to accomplish by going through this process? For example, are you trying to find something that will help you gain efficiencies? Be sure the testing and research is focused around those kinds of end goals.

Best Practices For Selecting Business Software

Change for the sake of change is never a good thing. You want to be able to show that you adequately vetted out possible solutions and that the conclusion has been reached by the team. Perhaps you will find out that your current system is adequate, but that your team needs additional training on how to use it to its fullest potential. It would be more cost effective to schedule additional training rather than to go through an unnecessary and costly software conversion. Your team, and your budget, will thank you in the end.

If you would like to learn about more best practices, contact Rea & Associates. Our accounting professionals and business advisors can help you determine what steps you should take during your business software selection process.

 

Author: Lesley Mast, CPA, Macc-Taxation (Wooster office)

 

Looking for more business advice? Check out these blog posts:

Ohio Bureau of Workers’ Compensation To Pay Small Business Claimants $420 Million

Be On Guard For IRS Phone Scams

Is Your Business Running On Microsoft 2003 Servers? It’s Time To Update

 

 

Share Button