Posts Tagged ‘best practices’

Help The FBI Find A Defense Against Ransomware

Monday, September 19th, 2016
Help Fight Ransomware - Ohio CPA Firm

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Keep reading to find out how you can help the FBI combat the threat of Ransomware.

The FBI recently released a public service announcement urging victims of Ransomware attacks to come forward and report these cyber infections to federal law enforcement. Doing so, the FBI said in a statement, will “help us gain a more comprehensive view of the current threat and its impact on U.S. victims.

Read Also: Could Your Company Be Ransomware’s Next Victim?

A Closer Look At Ransomware

A computer infection that has been programmed to encrypt all files of known file types on your computer and your server’s shared drive and making them inaccessible until a specified ransom is paid; Ransomware is a very real threat to all businesses nationwide. Once a computer is infected, which usually happens once a user clicks on a malicious link, opens a fraudulent email attachment or unknowingly picks up a high-risk automatic download while surfing the web, it’s all but impossible to regain access to the data that has been infected. Upon discovering that your computer has been infected, you have two choices. You can either:

1)     Restore the machine by using backup media, or

2)     Accommodate the hacker’s demands and pay their ransom.

And both options are less than ideal.

What To Do If Your Company’s Network Becomes Infected

Ransomware infections were at an all-time high in the first several months of 2016, according to various cybersecurity companies, and because new Ransomware variants are emerging regularly, the FBI needs your help to determine the true number of Ransomware victims.

“It has been challenging for the FBI to ascertain the true number of Ransomware victims as many infections go unreported to law enforcement,” the agency stated in its recent announcement. “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment. Additionally, those who resolve the issue internally either by paying the ransom or by restoring their files from back-ups may not feel a need to contact law enforcement.”

Read Also: How Much Is Your Data Worth To Criminals?

Reporting a Ransomware attack on your company’s network is not only beneficial for you, the information you provide will help the FBI as it works to identify ways to prevent future attacks. Your reports will:

  • Provide law enforcement with a greater understanding of the threat
  • Help justify Ransomware investigations
  • Contribute relevant information to ongoing Ransomware cases

Help Arm The FBI With Information

The recent PSA released by the agency requests that all Ransomware victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center. Be sure to have the following details available and ready to provide to the respondent when prompted (if applicable).

  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

The FBI recommends users consider implementing prevention and continuity measures to lessen the risk of a successful Ransomware attack. Click here to read the FBI’s complete announcement.

To learn more about protecting your business from cybercrime, download the free whitepaper, “Cybercrime: The Invisible Threat That Haunts Your Business.”

Share Button

How To React To A Data Breach

Tuesday, August 2nd, 2016
Data Breach | Columbus Cybersecurity Series | Ohio CPA Firm

Would you be able to effectively manage the fallout of a data breach? If you aren’t sure, keep reading.

It was 2013 when a medium-sized library in Ohio found itself in the midst of a data breach that would later serve as a powerful case study warning against the very real threat of electronic fraud. While originally developed by the Ohio Auditor of State’s office as a tool for government entities throughout the state, Cash Management 240: Financial Fraud – A Case Study, has found usefulness beyond just the government sphere.

Leaders of not-for-profit organizations and for-profit business owners would also find value in this resource, which outlines:

  • the events that resulted in the occurrence of the data breach,
  • the reaction of entity officials during and after the breach was detected, and
  • the short- and long-term outcomes that resulted from the breach.

While I strongly recommend that you read the entire case study, I provide a brief overview of the story below.

How would you respond to a data breach?

Library officials were notified of the occurrence of fraudulent activity impacting the entity’s checking account in March of 2013. According to the bank, the fraudulent activity appeared to be limited to three transactions, totaling $144,743. Fortunately, bank officials were proactive in their efforts to recall the transactions.

In an effort to avoid further fraudulent activity, library officials decided to disconnect the accounting workstations from the entity’s network and proceeded to contact their technology vendor, who advised the library proceed with reformatting both accounting workstations immediately. Soon thereafter, library officials contacted the local police station to report the incident, closed the entity’s existing bank accounts and opened new ones, and notified employees of the data breach as well as the board of directors.

Due to the nature of the breach, it didn’t take long before the Ohio Auditor of State’s office and the FBI were notified of the incident as well. And, in an effort to try and reclaim some of the money that was stolen, a claim was filed with the entity’s insurance carrier. Finally, the library’s bank was able to successfully recover $54,910 of the amount that was stolen. In 2014, when the case study was released, the library was still in the process of negotiating with the bank regarding $89,833 that was still missing.

So, what do you think? Would you say that the library officials were effective in their management of the data breach? What would you do if your company or nonprofit found itself in a similar situation?

Well, according to the FBI, the library could have handled the situation better. For example, the library should have not reformatted the workstations. The FBI and local police force should have been contacted immediately. And finally, the entity should have followed all instructions mandated by the bank to eliminate the possibility of such fraudulent activity.

Since it’s 2013 data breach, the library:

  • Is now required by the bank to follow the ACH Originator Agreement.
  • Has designated one stand-alone PC to be used for online banking.
  • Has requested online access from only one IP address
  • Has purchased a cybercrime policy.
  • Revisited its banking RFP to include a section regarding online banking security minimums.

Do you have a plan to help deter cybercrime?

The above scenario is just one of the countless cybercrimes that occur every day and every type of businesses, entity and organizations are being impacted. If you don’t have a plan in place to help prevent cybercriminals from infiltrating your network and stealing your data for financial gain, or a strategy to recover once a breach has been identified, you are in a very vulnerable position.

I believe that in order to protect against a cybercrime attack, it’s important to be armed with as much knowledge as possible. On Sept. 7, 2016, FBI Agent David Fine will be the featured presenter of part two of the Columbus Cybersecurity Series. During this portion of the presentation, attendees will hear real-life examples of attacks on businesses, including what schemes are prevalent today. Audience members will also discover the very real impact these attacks have on companies and what they can do to deter an attack from occurring in their own business or organization.

The Columbus Cybersecurity Series is free to attend, but registration is required. You can RSVP here.

By Joe Welker, CISA (New Philadelphia office)

Share Button

Do You Know The Best Way To Buy A Business?

Thursday, June 2nd, 2016
Business Acquistions - Ohio CPA Firm

Ryan Dumermuth, principal at Rea & Associates, and Kirk Spillman, president and CEO of Eagle Machinery in Sugarcreek, Ohio, join Mark Van Benschoten on episode 34 of unsuitable on Rea Radio.

Generally speaking, relationships are easier to develop and maintain when you work with the other person. The same is true in business, especially when you’re considering the relationship between a business owner and an advisor. I had a chance to be a guest on an episode of unsuitable on Rea Radio with Kirk Spillman, president and CEO of Eagle Machinery, a manufacturing company located in Sugarcreek, Ohio, to talk about what goes into developing a strong business advisory relationship – particularly when buying a business. Bottom line, a successful relationship with your advisor goes far beyond any monetary transaction; it’s rooted in mutual trust and respect. And, if nurtured, a relationship with your advisor can last a lifetime and can help drive long-term business success.


Listen to episode 34: the best way to buy a business, build a relationship that matters, on unsuitable on Rea Radio, Rea & Associates’ financial services and business advisory podcast.


How Well Do They Know Business & Can You Trust Them?

Before you decide who you should work with from an advisory perspective, you need to consider what kind of assistance you’re looking for. Remember that while it’s not always necessary for your advisor to have expertise specific to your industry (although that is undoubtedly helpful), it is critical for your advisor to be a business expert who can effortlessly apply general business tactics, strategies and best practices to address your specific needs and drive results. Don’t miss out on an opportunity to work with the best advisor in the market simply because they don’t market themselves as an expert in construction or healthcare. Call them up and get to know them before making a decision. Your choice should ultimately hinge on the advisor’s business prowess and out-of-the-box thinking.

When You Don’t Know, Ask An Advisor

We hear a lot about the importance of bringing an advisor on to assist with succession, but there are important considerations an advisor should be privy to when buying a business as well. Over the course of my career, I’ve learned that a person looking to buy a business needs just as much help, if not more, than the tenured business owner seeking to embark on retirement.

Those who are new to business ownership are trying to overcome a variety of obstacles, not to mention the difficulty associated with managing a smaller budget. And while it may not seem to make much sense to “splurge” on advice from a professional business consultant when there are other bills to be paid, the best way to navigate this unknown territory is to turn to a trusted advisor who has seen the situation you are facing.

“I learned very quickly how much I did not know about business,” said Kirk, during the podcast. “I thought I knew enough about operations and customer service and marketing all of those things that I could just step into this business and be very successful. [Before long] I recognized that there were going to be things that I would need that I didn’t have experience or resources for … [like] the entity itself. How do we set this entity up? I knew nothing about that.”

Your business advisor will be able to shine light on the areas you know nothing about, such as how to structure your business entity, how to determine the true value of the business, setting up payroll, managing inventory, etc. There’s a lot of risk involved in buying a business because, particularly for owners who are new to entrepreneurship, there are so many unknowns. Your team of advisors will help take the guess work out of business ownership.

I invite you to learn a little bit more about Kirk’s experience and to learn how a business advisor can help you establish, manage and grow your business until you decide it’s time for you to move on. Click on the media player below or visit www.reacpa.com/podcast to learn more about the best way to buy a business.

By Ryan Dumermuth, CPA, CFP (Mentor office)

Want to learn more tips to help you succeed in business, check out the following articles for additional insight.

Dream Big: Considerations For The Aspiring Business Owner

So You Want To Buy A Business: Now What

Getting By With A Little Help From Your Friends

Share Button

Dos and Don’ts of Gifting & Donations

Thursday, December 10th, 2015

Is it just me, or can you feel the magic in the air this time of year? Even though the days are colder and the nights are longer, the holidays seem to bring out the best of humanity; and, having worked with many not-for-profit organizations over the course of my career, I have the pleasure of seeing some of the best of humanity first hand.

Listen now: The Warm Glowing of Giving

People choose to make donations to organizations and initiatives for many reasons. We learned in episode 11 of our podcast: “The Warm Glow of Giving,” that charitable donations are primarily guided by the heart and that 87 percent of all donations are made by individuals. That being the case, I still believe individuals – as well as businesses – should embrace strategy (the head) when it comes to writing checks to a worthy cause.  Here are some do’s and don’ts to keep in mind when writing your check to charity.

Gifting Donations - Ohio Accounting Firm

Looking to make a donation this holiday season to your favorite charity? Keep these dos and don’ts in mind before making that donation.

Do

  1. Do your research. Make sure you learn all you can about the organization you are donating to. You want to make sure you are donating to a worthy cause and not a fake charity.
  2. Know where your money is going. Find out how the organization will use your donation. It is OK to ask prior to your donation.
  3. Understand how this will affect your taxes. Most people know that making a donation can lead to a tax deduction, but do you know how much you can claim? If not, this is something your Rea advisor can help you understand.
  4. Get documentation. Any donation of $250 or more requires documentation if you are going to use it as a tax deduction. A cancelled check, receipt, etc. all work as documentation to include with your tax return.
  5. Give away appreciated assets, such as stocks. When doing this you get a deduction for the full value in most cases and you escape  the capital gains on the appreciation.

Don’t

  1. Expect a gift in return for your donation. That’s not the true meaning of a donation. Also, to be deductible, a gift cannot be received when making the donation, including a meal. If the donation was made at a dinner event, the cost of the meal must be subtracted from the donation amount.
  2. Pay with cash. For tracking and to prevent fraudulent activity, paying by check or credit card is usually the best option.
  3. Give randomly. Do your homework when donating, you won’t regret it. Make sure your money is going to a good cause and being used properly.
  4. Give more than you can afford. We all want to help, but donating more money than you can afford just creates more problems for you. Don’t put yourself in a situation where you are giving away more money than you can afford.
  5. Give away assets that have declined in value. Doing this will waster the capital loss opportunity for you.

Around 358 billion dollars are donated to not-for-profit organizations every year and these organizations turn around and do amazing things with your gift. From feeding the hungry, providing support to veterans and ensuring that others get the health, monetary or education assistance they need, nonprofits are an critical component of our society and you can be sure that the money you donate to any one of these types of organizations is appreciated. But you should still make sure you are using your head when making a donation to ensure that your money is being used in the best way possible. Want to learn more about how to choose the right not-for-profit organization for your tax-deductible donation? Listen to episode 11 of our podcast, Unsuitable on Rea Radio. You can also email Rea & Associates to get answers to your specific questions..

By Lesley Mast, CPA (Wooster office)

Learn more about the benefits of donating to charity. Check out these blogs posts:

Is It A Charity Or A Scam?

Tis The Season: Charitable Giving Through A Donor-Advised Fund

Charitable Giving Is Good For The Heart, The Soul And The Tax Return

Share Button