4/19/19 | Zinman & Company
Tax season has just ended. You can breathe a sigh of relief that you’ve met the deadline. But what do you think of when you hear the word “audit”?
Like most people, you probably start thinking of being notified by the IRS that your finances are coming under closer scrutiny, and no small business owner wants to hear that. But an IRS audit is just one type of audit. As a general definition, an audit is an investigation and it can be of a system, report, or entity. Businesses will encounter several types of audits.
Operational Audits: This type of audit takes a look at the company’s goals, processes, and procedures in relation to the results a business has had. This can be conducted internally or externally and may result in recommendations for improvement in some areas.
Compliance Audits: If your business is in a regulated industry, a compliance audit reviews whether or not the company adheres to the specified regulatory guidelines. These can and should be performed by the employees of the organization or organizational representatives to ensure the company’s ongoing compliance and correct any deficiencies that are found. Also, external compliance audits may be conducted by auditors assigned by a particular regulatory agency.
Financial Audits: Financial audits conducted by an independent examiner outside of the business, typically a CPA firm. It is used to determine the accuracy and fairness of the company’s financial records for a specific period of time and based on Generally Accepted Accounting Principles (GAAP). There are several benefits to having a financial audit:
- Peace of mind for the CEO or owner that there is no fraud or wrong doing occurring within the company.
- Audited financial records may be required by banks if you are applying for loans or by other third party investors.
- If you are planning to sell your company in the future, audited financial statements make your company more attractive to potential buyers.
State and Local Tax Audits: State and local tax compliance can be complicated. Not only is tax due on business income, there are also state and local sales taxes that must be remitted. You may have to file in multiple jurisdictions. Failure to do so can cause state and local officials to take a closer look at the company’s financial records to be sure that the proper amount is being paid.
Federal Tax Audit: And finally, we will discuss the dreaded IRS tax audit. An IRS audit examines the company’s accounts and financial information to be sure that it is reported accurately according to tax laws and that the proper amount of tax has been paid. Keep in mind, if you are being audited by the IRS, you will receive a notice in the mail, not by phone or email. There are several types of audit notices that you may receive from the IRS.
- Letter with notation of CP-2000: While not technically considered an audit, this is a question requiring more information be provided about an item on the return. For example, if you are an independent contractor perhaps there has been income report to the IRS on Form 1099-MISC that you have not reported on your income tax form. Usually you can pay any applicable taxes if you agree or explain or contest the amount.
- Letter with notation of Form 566(CG): This is typically known as a correspondence audit. The IRS may be looking specifically at a deduction that was made and is looking for the taxpayer to provide proof such as a canceled check, invoice or credit card statement to support the deduction.
- Letter with notation of Form 3572 for audit at IRS office: Also known as a regular or office audit, you and/or your representative need to appear for a specific appointment at a designated location by the IRS to review specific items on the return. It is highly recommended that you have a tax expert with you. They will ensure that the questioning remains limited to the items that were initially raised and that no information is given that could potentially expand their inquiry.
- Letter with notation of Form 3572 for field audit: In the event of a field audit you will definitely need to be represented by a tax expert. Field audits are complicated and intrusive. The IRS agent in addition to reviewing the tax records for a particular year may also interview employees regarding business operations and examine equipment. The IRS will have 28 months to complete the audit from the date the return was filed or the date it was due, whichever is later.
Of course, preparation and accurate record keeping is the best defense if you are audited. Being proactive and keeping detailed and organized tax records is much better than being reactive and having to gather your documents after receiving notice of an audit.
3/8/19 | Zinman & Company
Marriot Starwood Hotels. Saks Fifth Avenue. Facebook.What do these companies have in common? They all had their security breached in the last year.
And they’re not the only ones. You can add MyFitnessPal, Google+, and T-Mobile to the list and these are just a few of the high profile companies that have had their customers’ personally identifiable information (PII) or payment data stolen. However, large companies are not the only targets for cyber criminals, they are just the ones that make the news. Small and mid-size businesses are especially vulnerable. Consider these statistics:
- In 2015, the cost of cyber-crime damage worldwide was approximately $3 trillion dollars. It is estimated that will be as much as $6 trillion by 2021.
- Over 50% of cyber-attacks target small business.
- 60% of small and mid-size businesses will no longer exist 6 months after a cyber-attack.
As the threat of cyber-crime grows, it is not a question of “if” a business will be hit, but “when”.
So what can you do to protect your business?
- Know Where Your Risks Are: In addition to the computers and laptops employees may be using, there are mobile devices that are likely synced to your network. Beyond that, if you have an e-commerce site, there is an additional entry point that needs to be protected. You need to know where the access points are in your network and systems.
- Protect Yourself: Be sure that any malware, spyware, and firewall programs are installed and kept up to date. This will help to catch any threats before they become bigger issues. Email should be encrypted. This forces a hacker to go through another line of security and may cause them to seek an easier target.
- Educate Your Employees: Be sure your employees are informed not only on the risks but how their behavior can help mitigate those risks. One way is to enforce a strict password policy. No one likes to remember long complicated passwords, but ensuring that the same password isn’t used on multiple platforms, changing them at a minimum of every three months, and using a two-factor authentication feature can better secure your accounts.
The frequency of cyber-attacks is increasing exponentially. Taking a proactive approach toward system security protects your business, customers, and clients. Here at Zinman we remain vigilant in protecting our clients’ data. If you have concerns, please call us at 215-357-2250.
2/15/19 | Zinman & Company
Sole proprietor. LLC. Corporations. Each business entity has advantages and drawbacks.
Knowing the differences between them is important when you are deciding upon what business structure makes the most sense. There are legal and tax implications, paperwork and fees that may need to be filed and paid, and you want to keep an eye to the future needs your business might have. There are many types of business entities, and in this blog we will discuss a few.
Sole Proprietorship: This is an unincorporated business with a single owner (or it can be jointly owned by a married couple). You don’t need to file any paperwork, but you will want to know if you need any business permits or licenses. As a sole proprietor, your taxes are fairly easy, most losses can be deducted by using a Schedule C-Profit or Loss From Business attached to your personal income tax return.
While a sole proprietorship is by far the easiest business structure to set up, you have to be careful about your personal liability since your personal and business finances overlap. If you are sued, you run the risk of having your personal assets taken as well. It can also make it more difficult to obtain business loans or find investors. So, at some point you may want to consider converting your business into a corporation or LLC.
Unlike a sole proprietorship, a corporation is considered a separate entity apart from its owners and, as such, it has its own legal rights and can sue, be sued, own and sell property, and sell ownership in the company in the form of stocks. There are several types of corporations but we will discuss just two of them below.
C-Corporation: If a business is run as a C-corp, the owners/shareholders do not have any personal liability for the business’s finances, unlike under a sole proprietorship. C-corps also are eligible for more tax deductions than other type of business and owners will pay lower self-employment taxes. A C-corp can also raise money by selling stock.
However, when structured as a C-corp, there are some things to consider. Each state has differing filing regulations and fees which can range from $100 to $500. Corporations also have certain formal rules they operate under. There must be regular board and shareholder meetings, with minutes kept, and bylaws are created. From a tax perspective, while there are more deductions corporations can take and lower self-employment taxes, if as an owner you are receiving dividends, there is the issue of double taxation. This isn’t a problem if you prefer to invest profits back into the company rather than distribute dividends, but it is something to consider.
S-Corporation: An S-corp has the same limited liability protection that a C-corp has, but for tax purposes it is considered a pass-through entity. Rather than being taxed on a corporate level, the profits and losses pass through to the personal tax returns of the owners. So, in this way, double taxation is avoided.
Like C-corps, setting up an S-corp has fees associated when it is registered. They are also held to the same rules such as corporate meetings and creating bylaws. In addition, if the company would like to offer stock, there are more limitations on offering them as an S-corp than a C-corp.
Limited Liability Company (LLC): The final type of entity we’ll discuss in this blog is the LLC. This has some of the positive features of corporations such as limited liability protections for the owners. And because there are fewer requirements to follow, in some ways it functions like a sole proprietorship. One of the major advantages is that you can choose how you want your LLC to be taxed: either as a corporation or a pass-through entity.
An LLC does require registration with the state and there are fees associated with that. In the event that the LLC is sued, there is a chance that the LLC structure won’t protect your personal assets, for example, if the courts are not able to clearly determine which financial transactions are business or personal, or if it’s proven the owner acted fraudulently, personal assets can be put at risk.
There is not a single best choice for all businesses. As your business evolves and grows, the type of entity you choose may change. Working with a trusted advisor who can give you advice specific to your business is the smart choice.
2/1/19 | Zinman & Company
“You can’t improve what you don’t measure.”
Perhaps you’ve heard that saying before. In a fast paced and competitive environment, having a good understanding of the financial health of your business is imperative to its growth and development. There are a number of financial reports that can be generated and each measures different things. But, in order to get a big picture view of the financial health of your company the following three statements are critical. These reports should be run and reviewed monthly, quarterly, semi-annually, and annually. You’ll also want to run comparative reports, to evaluate the data compared to the same time period from the previous year.
Balance Sheet: This report will give you a snapshot of your finances as of a specific date. It will show your assets, liabilities, and earnings for a specified period of time. Some of the line items should include available cash, accounts receivable, accounts payable, inventory, and if you have any debt, the portion of any long-term debt due this year and the balance of any short-term loans.
Profit and Loss Statement: This is sometimes referred to as the income statement. This looks at revenue received during a specific time period and the costs incurred in order to generate those revenues. This will then show you whether you have a profit or loss. Knowing this information will help you to determine pricing, marketing efforts, and overall management of your expenses.
Cash Flow Statement: When you take the information from your balance sheet and the P&L statement, you are able to develop a picture of how cash is moving in and out of your business. Having a good understanding of your cash flow over time shows you the health of your business. No business owner wants to worry if they can pay their next bill. When you know what your cash flow looks like you are able to focus on growing your business and improving results.
We believe that small business owners are best served when they have a professional team in place to help them with their accounting matters. After all, you should be focusing on the things that got you into business in the first place. But, having said that, all small business owners should have a basic understanding of financial statements, how to read them, and how the information derived from them affects their business.
1/18/19 | Zinman & Company
As an employer, you have several ways to issue payroll to your employees: a paper check, direct deposit, or a paycard. While the first two methods are more commonly known, payroll cards have gained popularity in the last few years. Payroll cards are reloadable, prepaid cards that employers can electronically deposit an employee’s salary onto each payday. A 2017 study by Aite Group found that there had been $42 billion in gross dollar volume loaded onto close to 6 million active paycards that year. They project that by 2022 there will be over 8 million active paycards with a gross dollar volume of $60 billion.
There are advantages for both the employee and employer when they choose to use paycards for wages. For the employer:
- It can reduce payroll costs and increase efficiency if you are still printing paper checks for employees that may not have direct deposit available to them.
- There are no stop payment fees if an employee loses their paper check or has it stolen.
- It lessens your exposure to paycheck fraud.
For the employee:
- Employees who do not have a traditional banking account usually rely on check cashing stores and their associated fees. Paycards give them quick access to their pay, and while there may be fees associated with certain uses of paycards, they are usually less than check cashing stores.
- Employees can quickly access their money from an ATM and avoid waiting on lines to cash a paper check.
- There is also the advantage of using the paycard as a debit card, which enables them to make store purchases and pay bills online.
It is important to know that employers cannot legally require their employees to receive their wages via paycard. According to the FLSA, employees should be able to choose how they receive their pay. The Consumer Financial Protection Bureau has stated their intention to stop any violations. In addition, each state may have their own rules regarding the use of paycards for wages.
Pennsylvania: The use of paycards is permissible if the employer does not mandate their use and the employee must consent to accepting the paycard in writing. The employee must also be allowed one free withdrawal of all wages earned per pay period and be able to check their balance electronically or by phone. There can be no fees associated with the paycard.
New Jersey: The employee must agree to accept the paycard as wage payment and they must be able to choose a new method at any time. They also need to be able to make one free withdrawal at least once per pay period.
New York: There can be no fees associated with withdrawals from their paycard. Employers cannot require nonexempt employees to use paycards. Employees need to have a written disclosure regarding any additional fees associated with the use of the paycard.
Paycards offer another alternative for wage payment that could work for both your business and select employees. However, it is important to weigh the pros and cons as well as state and federal regulations before determining if this is a payroll option you want to start offering.
1/9/19 | Zinman & Company
Click here to listen to Mark Zinman’s appearance on the Biz n Tax Matters podcast.
12/21/18 | Zinman & Company
As we approach the end of the year, there are several business and tax related matters that should be attended to as well as some ways that you can reduce your tax liability for the current year.
- Should you change your business structure? Consult with your accountant to see what entity type would be best for your business. With the changes that came along with the Tax Cuts and Jobs Acts, there may be an opportunity for you to minimize your tax liability by choosing the entity type that works best. While some small business owners can deduct 20% of qualified business income, this will generally apply to pass-through entities, but there will be limits on certain service businesses such as legal and medical practices. It may be beneficial to file as a C-corporation moving forward into 2019 since the new law has reduced the tax rate from 35% to 21%.
- Defer revenue and pay expenses early (or do the opposite): Depending on what your income level is this year, it may make sense to push any income until January 1 if it appears that your profits may be higher than previous years. You may also want to pay some expenses for 2019 early in order to take the deduction now. Alternatively, the opposite may work better for your business if you anticipate that 2019 may be more profitable. Working with your accountant and reviewing your overall financial picture will let you know the best course of action.
- Take advantage of 100% bonus depreciation: The TCJA has provided 100% first-year bonus depreciation for qualified new and used property purchased and put into service in 2018. Consider making additional purchases if you can before year end. The 100% first-year bonus depreciation is in effect until 2023, and the Section 179 cap is raised from $500,000 to $1 million.
- General record-keeping: If you haven’t already, it is time to organize your tax paperwork and receipts prior to handing them off to your accountant. Take some time to review business credit cards and bank accounts to see if you have any missed expenses. And if you find this a difficult task, start outlining ways that you can streamline the process for the new year, so that next year end you are well organized and less stressed.
As we end 2018, we hope you’ve had a year filled with success. Take the time to reflect and look back on what went right for your business this year, and examine the challenges that you may have overcome. We look forward to working with you in 2019 and best wishes for the holiday season from all of us at Zinman & Company.
10/19/18 | Zinman & Company
The Tax Cuts and Jobs Act (TCJA) changed many of the rules regarding small businesses. Today we’d like to look at some of the changes to qualified deductions for meals and entertainment expenses. Under the previous regulations, 50% of any form of client entertainment costs could be deducted; this included concert tickets, golf outings, sports events, and other ways of entertaining clients, including meals. The TCJA has ended the deduction for entertaining clients with tickets or outings, but one area that remained unclear was the deductibility of business meals. However, with the recently issued clarifications from the IRS, we hope to summarize the changes.
50% of business meal expenses with customers/clients are deductible under the following conditions:
- The expense is ordinary and necessary and paid or incurred during the tax year.
- It is not lavish or extravagant.
- The taxpayer, or an employee of the taxpayer, must be present during the meal.
- The meal is provided to a current or potential business customer or contact.
- If the food or beverage is providing during an entertainment activity, the cost of the meal must be separated from the cost of the entertainment.
- Transportation to and from the location where the meal is being held is deductible.
The following entertainment expenses spent on prospective or current customers/clients are longer deductible:
- Concert or theater tickets (including stadium or arena suites or boxes), sporting events, outings to country clubs, movies, and amusement parks, even if business is discussed during the outing.
- A meal with a client/customer can never be deducted unless there is a clear business purpose.
- A meal for a client/customer can never be deducted if the taxpayer or an employee of the taxpayer is not present.
100% of business meal expenses are deductible if the following circumstances apply:
- An employer can deduct the full amount for food and beverage when it is provided to employees who are working overtime or for food provided during a staff meeting.
- Any activity, including meals, that is held as a benefit for employees can be fully deducted. For example, an annual holiday party or other outing.
- It is important to note that only 50% of a meal expense is deductible for a business lunch with co-workers or employees where business is discussed.
If during the course of your business, you have been accustomed to providing entertainment and meals to your clients/customers or business associates, it becomes more important than ever to have excellent record keeping. Be sure to keep all your receipts and note the date, type of expense, those who were with you, and a brief note about the business topic that was discussed. As always, consulting with a qualified tax professional when you have questions keeps you on the right side of the rules.
10/3/18 | Zinman & Company
Whether you are just starting out or you’ve been running a business for years, as a small business owner, you know the importance of having a budget. A good budget helps you set targets, prioritize activities, and track spending. Here are some things to think about as you create your budget.
- Know your short and long term risks: Every business encounters risk. Have you asked yourself recently how changes to employment law could affect your business; one example would be an increase to the minimum wage. If you are in an area prone to certain natural disasters, you will want to assess the impact that will have either in physical damage to your location and/or inventory or a loss of business due to a decrease in customers. Knowing and defining the risks you may encounter helps you to budget what you should be spending on various types of insurance as well as how much you should put into an emergency cash reserve.
- Know your sales cycle: Most organizations go through busy and slow periods during the year. Being able to predict those periods of time and knowing how you will cover your fixed expenses should be reflected in your budget planning. Having a budget plan also provides the opportunity to look at ways to keep other expenses down during those slow times.
- Plan for large purchases: Some large purchases cannot be planned for; for example, a piece of equipment breaks down unexpectedly. But, other large expenses can and should be anticipated. A good budget will allow you to make financial projections as to when certain purchases will be most beneficial to your business. Having a plan for buying new equipment or vehicles as well as physical improvements to your location or office are all items that can and should be planned for in advance.
- Don’t forget savings: When the money is coming in, it’s hard to remember the lean times. It’s also very tempting to splurge on items that may not be necessary at the time. It is important to be sure that saving part of your profit each month is part of the budget plan.
- Revisit your budget frequently: Planning the budget shouldn’t be a yearly or even quarterly event. Your budget is a dynamic part of your business and should be evolving and changing as needed. Looking at it each month can give you the confidence that you are on the right financial track or give you the information you need to correct your course.
Your company budget should be a part of the overall strategic plan to help your organization reach its financial goals and operate efficiently. Having a good budget in place helps you know when and where money is coming into your business, where your expenses are, and allows you to plan for the future.
9/30/18 | Zinman & Company
This year there are two interesting things are going to affect a substantial portion of our client base. One is the new tax law that went into effect on January 1, 2018, for which there will be substantial changes in the preparation of your individual income tax return for 2018. Most clients are both aware and engaged in discussions regarding its affect. What is probably more important, but getting less client conversation is the effect of the Supreme Court decision in the Wayfair case, which was decided in June 2018.
South Dakota passed a law several years ago requiring out of state sellers of tangible goods to collect and remit sales tax if they hit an annual threshold of either 100 transactions or $100,000 of total sales. Prior to the Supreme Court decision, prior law required you to have one of three economic nexus positions in order for the state to be able to enforce collection of their taxes. They were actual sales in the state, payroll, or a physical presence, such as rent or sales people. The South Dakota law was attempting to expand the definition of sales to include tangible personal property as sales delivered by common carrier such as the post office, UPS, Federal Express, etc.
In June the Supreme Court sided with South Dakota and as such the flood gates have opened and the requirement for collection and reporting in other states has become an important and necessary review for a lot of our clients. The reason for the importance of this is that the regulations can sneak up on you, each state is scrambling to adopt rules similar to South Dakota, as they would therefore be covered by the Wayfair decision, and to put into place both the mechanism for registration of companies as well as enforcement. This is scary to us as your CPAs and should at least trigger some type of an internal review of your books, as well as awareness should you determine that this is not applicable to you now but could be, should circumstances change.
Let us take PA as an example. Anyone who is located in PA, and sells tangible personal property is registered and either charges each of their customer’s sales tax or obtains an exemption certificate. If you fail to collect the sales tax and/or the exemption certificate that you obtain is not complete or filled out properly, your company is liable for the tax. Now apply those same conditions to all of the other states, if you meet their threshold. Further because this was a court ruling, the statute of limitations applies based on each state’s laws. In most states the potential look back for sales tax is six to ten years. So your exposure if you met that state’s threshold in one of the last, up to ten years, then you could be liable for the tax that you did not collect or remit for the last ten years.
This is a scary proposition, and is designed just for that, to scare you into compliance. A lot of states that have adopted provisions similar to South Dakota, have included in their legislation a provision that if you comply with the state laws (and a lot of the current dates are either October 1, 2018 or January 1, 2019) then they promise not to apply liability incurred prior to that date on examination. So what we are left with is a study of the tangible personal property and the sales value associated with that sale, by the address to which it was mailed, or shipped. The requirement to register in applicable states is immediate as some of the dates start as early as next week and also comes with the requirement to file corporate taxes in those states as well. States cannot tax the profit of those sales that are attributable under the Wayfair decision (there is federal law that prohibits that) but any other tax not measured by gross income could be due, such as a capital stock tax.
What we are asking you to do, is to review your own activity and see if there is any other states that you have or could have 100 transactions or $ 100,000 of sales value. As you do this, keep in mind certain additional other items:
- There is an immediate need to make this determination. While it remains somewhat unclear, we are assuming that the threshold includes either taxable sales or exempt sales.
- If you have exempt sales, there will still be a requirement of registration and then the compliance kicks in making sure that we either withhold or have the proper exemption certificates on file.
- There are several third party software companies that can supply both analysis as well as assistance in registration, collection and remittance, so there are solutions out there that are both accessible and can quickly get you up and running.
What is important is that if it is determined this may apply to you, that you reach out to our office to discuss your particular set of circumstances. We at this point have reached a degree of comfort of knowing who this may apply to and who would be excluded.
9/21/18 | Zinman & Company
Just because it’s not tax time, it does not mean that scammers are not attempting to lure information out of taxpayers by posing as IRS agents. The Treasury Inspector General for Tax Administration (TIGTA) reports that over 12,000 victims have collectively paid out over $63 million dollars since 2013, mainly as a result of phone scams. It is important to be alert to the different methods these criminals these may use and know how you can avoid being fooled.
Phishing Scams: If any email or website asks for personal information you should be concerned about providing it. Phishing emails create a sense of urgency and manipulate the victim into thinking they need to act immediately in order to avoid prosecution or fines. Sometimes these emails will demand payment or they will take your personal information and use them in other criminal ways.
Phone Scams: In addition to phishing emails, some scammers will use a phone call. Like emails, these calls use manipulation and a sense of urgency to con you in to giving up information. Often they are threatening legal action that can be avoided with immediate payment. They may also say that you are in danger of being arrested, deported, or having your license revoked. They usually ask for payment using wire transfers or prepaid debit cards. Another scam is a phone call that says you have an unexpected refund and you are asked to provide banking information so it can be deposited to your account. Here, they use a seemingly positive situation, but the goal is to have you provide your personal information.
Identity Theft: In both the email and phone scams, the primary motive may not be to get money from the victim but to gather personal information. Do not give out any bank account information, taxpayer identification number, or social security number. This gives con artists the opportunity to access your tax refund or file fraudulent tax returns under your name.
One way to be sure you don’t fall prey to these scams is to know how the IRS does contact people and what they will ask of you if they do. The IRS will not:
- Call to demand immediate payment; the IRS will first mail a bill to anyone who owes taxes.
- They will not demand immediate payment without offering you an opportunity to question or appeal the amount owed.
- They will not demand a specific payment method be used.
- They do not ask for credit or debit card numbers over the phone.
- They will not call you about an unexpected refund.
- They do not use automated calling methods with prerecorded messages.
If you believe you are being contacted by a scammer, first, do not give out any information. If it is by email, do not click any links. If by phone, it is best to hang up immediately. You should contact TIGTA to report the call or email, or you can use their IRS Impersonation Scam Reporting web page.
9/7/18 | Zinman & Company
The Tax Cuts and Jobs Acts (TCJA) brought sweeping changes to both personal and corporate taxes. It is important to do a regular “paycheck checkup” to ensure that you are not withholding too little (or too much) in taxes. This is also a good time to take a look at the impact that the changes may have on your small business if you haven’t already done so.
For personal income tax, the TCJA made it necessary for the Treasury Department to release new federal tax withholding tables. However, it took a few months for the IRS to release a revised W-4 form, and these revised forms are a little more complicated than the previous version. Many taxpayers may not have complete a new one this year. While the TCJA is supposed to provide most people with a reduction in the amount of tax they will pay, some people may have circumstances that could result in a higher tax bill for 2018 and they may be in for a surprise come tax time.
These are just some of the circumstances that could warrant taking a closer look at your withholding based on the new tax withholding tables:
- Two income families
- An individual with multiple jobs
- Change in marital status
- Pension income
- High wealth and high income individuals
- If you itemized deductions in 2017
The TCJA restricted many itemized deductions and limits the deduction taken for state and local property taxes to $10,000 combines. Those individuals who relied on itemized deductions to reduce their tax liability in past years will definitely want to look at this current year to see if they are on track.
In addition to the changes to personal income taxes, there have also been changes to the way that sole proprietors and pass-through entities are taxed. This is a perfect opportunity to determine whether or not you are structured the right way. With a change to a flat corporate tax rate of 21%, it is worthwhile to look at the numbers and see whether it is best to be taxed as a proprietorship, partnership, S Corp or C Corp.
The TCJA is major tax legislation and has brought big changes to both personal and corporate taxes. Call us if you need expert advice and guidance.
8/23/18 | Zinman & Company
As a business owner or self-employed individual, you may be using your own personal vehicle to conduct business. The costs for operating a vehicle for business use are deductible, but are you getting the most out of your deductions? There are two methods that you can use to determine your deduction. The first is the Standard Mileage Rate and the other is Actual Expenses. Both of these have pros and cons and it is worth taking the time to figure out which is most beneficial to you.
Standard Mileage Rate: The IRS has set the 2018 mileage rate at 54.5 cents per mile. This rate is adjusted yearly for inflation. In order to claim this deduction, you must keep accurate, detailed, and timely records showing your business travel. Whether you record your mileage in a written log or use one of the many apps available, the following information should be included: miles driven, date of travel, the place traveled to, and the business purpose of your trip.
One of the advantages of the standard mileage rate is that it is simple. When setting the rate, the IRS also takes into consideration insurance costs and the other expenses of maintaining a vehicle. So, as long as you keep accurate log information, there is no need to save receipts or figure out what percentage of the car use is business. You record your business miles, multiply that by the rate, and take the result as your deduction. In addition, you can also deduct tolls and parking fees. If you have a lot of business mileage, this may be the option for you.
Actual Expense Method: With this method, you are able to deduct actual car expenses. These expenses may include the following:
- Lease payments
- License and registration fees
- Gas and oil
- Garage rent
- Parking fees
If you are using this method, you must keep all your receipts and determine the percentage of time that the car is being used for business purposes to calculate your deduction.
There are some vehicle related expenses that aren’t deductible using either method. These include:
- Any personal use.
- Miles spent commuting from your home to the office.
- Using your vehicle for advertising. Having a company sign on your vehicle doesn’t make it eligible to deduct all the miles driven.
- Fines or penalties for moving violations or parking tickets.
Consulting with your accountant can help you determine the best method for you and your business.
8/3/18 | Zinman & Company
Personal information and data are valuable. Because we conduct so much of our personal and professional business over the web or have information stored in the cloud, our most sensitive and valuable information can be accessible to hackers and cyber-criminals. It is our expectation that the companies who store our information have the proper security protocols in place to prevent data theft. But in some cases, individually, we are our own best line of defense.
Phishing is a type of cyber-attack that relies on using an email that looks like it comes from a reputable and reliable source that tricks the recipient into giving up information that should be kept guarded. There are two types of phishing attacks. In a typical phishing attack, cyber-criminals obtain a list of email addresses for the customers of a targeted business. Most often, they send an email that contains a link to a website that looks like it belongs to the company requesting information verification. If the recipients don’t recognize the email as a scam, they provide the information and the hackers have gained access to that customer’s personal information.
The second type of email attack is called “spear phishing”. While phishing attacks generally cast a wide net, spear phishing zeros in and targets a specific individual or organization. They often make the email look legitimate by crafting a message that appears to come from an individual that the target knows. One of the most well-known spear phishing attacks was directed towards John Podesta, chairman of Hillary Clinton’s presidential campaign. In what appeared to be an email from Google asking for password verification, he provided that information and hackers were able to look through 50,000 of his emails gaining sensitive information in the process.
In both types of attacks, cyber-criminals look to exploit personal data, passwords, confidential company information, and company emails by taking advantage of the weakest link in cyber security, human error. They can use this information to commit identity theft, obtain money through fraudulent means, or introduce viruses or malware into the system.
So how can you protect yourself from phishing and spear phishing?
- Verify: If something seems off or you have any questions about the authenticity of a message that asks you to provide passwords or bank information, take a moment to be sure the sender of the message is legitimate. Often times they will use an email address that looks very similar to a trusted sender’s address, but will include a number or use a zero in place of a capital O. Hover over a link before clicking to see the URL and if it matches the source. If in doubt, call the company directly with a number you know is legitimate to ask for verification that the email is coming from them.
- Don’t be pressured: Often phishing emails come with a sense of urgency. Either a friend needs assistance and money wired to them, or you are told your account is in danger of being closed if you don’t confirm your account information. These messages are crafted to make the recipient act quickly, without thinking, and ignore the potential for fraud.
- Don’t be so quick to “friend”: Avoid accepting invitations on social media from people you don’t know. Often cyber criminals will use this as a way to get more information to make spear phishing attacks believable.
- Don’t click the links: If you’ve received an email that looks suspicious, don’t click on any of the links. This can trigger malware or introduce viruses to your system. It is better to type the URL directly into the address bar. Also, never submit your information into forms that are embedded or attached to the email. This is another common tactic.
Being educated about the various ways that cyber-criminals access and use our personal information is critical to protecting yourself from being caught in a phishing attack.
7/20/2018 | Zinman & Company
With all the news about foreign interference in the U.S. elections, is it any surprise U.S. businesses also face a threat from overseas hackers and cyber criminals? In a previous blog we’ve talked about why accounting firms are prime targets for cyber-attack because of the vast amount of personally identifiable information (PII) they store. In the last several years, Hold Security, a cyber security firm specializing in a service called Deep Web Monitoring, has traced several large scale hacks of financial services firms and other businesses back to foreign criminals. Specifically, when it comes to CPA firms, the hackers are looking to commit tax fraud for their financial gain. Some of these hacks make the news, like the breach of Deloitte that was discovered in 2017, but large firms are not the only the target. It is not the size of the firm that matters, but ease of opportunity.
So how are these criminals obtaining this sensitive data? Many times they are quietly gaining access to the system through viruses, data logging, and keyboard logging. Since many firms use similar software to manage their clients’ data, when a hacker finds a weakness they can then go on to exploit that against multiple firms. The average time is takes to discover a data breach is 206 days, more than enough time for cyber criminals to mine for the data they seek undetected.
Over the last several years the U.S. federal government has found evidence of hacks that can be traced back to China, Iran, and other countries. And while they try to prosecute the suspects in these cases and have issued indictments, they find it increasingly hard to bring them to justice. Often, the indictments are more of a political statement and a warning to other governments. U.S. officials will try to impose sanctions on countries that sponsor, or at the very least, protect hackers, in an attempt to get them to help with the prosecution of these cases. William Sweeney Jr., assistant director in charge of the New York Office of the FBI has stated, “we will look to publicly identify operators like this with indictments”, pursuing both criminal and civil proceedings to punish foreign and/or state-sponsored hackers.
It is more important than ever to have a robust cybersecurity plan in place. This includes employee education and consistently updated anti-virus and anti-malware software. In addition, there needs to be a response plan in the event of a data breach so that decisions are not made in the heat of the moment. As they say, the best offense is a good defense.
7/6/2018 | Zinman & Company
It’s exciting to be able to take your skill and passion and channel it into a business. However, you probably did not plan to start your own business in order to become an accountant. According to Bloomberg, almost 80% of new businesses will fail within the first 18 months. Part of this reason may be that even with the best product or service, if you don’t have the right financial footing, it will be next to impossible to build a strong, profitable business. Here are some of the financial challenges that many small companies have as they get started and begin to grow.
Challenge #1: Managing cash flow
There are several factors that make managing cash flow a challenge. Perhaps you have a seasonal business and your revenue is not steady throughout the year. Do you have a good accounts receivable system to make sure that you are paid for goods and/or services in a timely manner? Can you accurately predict your expenses?
Challenge #2: Keeping accurate records
To keep track of progress (or a lack of progress) it is essential to maintain good records. Financial statements such as your balance sheet, income statements and cash flow reports need to be both accurate and timely. How do you keep track of revenue, expenses, and business equipment or property? Failure to maintain these records can lead to a flawed view of your business health.
Challenge #3: Analyzing your finances
Even if you are keeping accurate records, it can be a challenge to then analyze those records and know the appropriate action to take. Can you look at your finances and determine if it is a good time to expand? Or is it time to cut costs? Is it an appropriate time to seek outside financing to grow your business?
Challenge #4: Taxes
Corporate tax law can be confusing. You need to stay in compliance with current tax laws (which change frequently), project and estimate your quarterly tax bills, as well as plan for the future. As your business grows, keeping on top of your tax obligations becomes more and more of a challenge.
More than likely, spending time on these important tasks is time away from doing what you love. As a business owner you can leverage the services of a CPA not only for tax services, but expert advice on other financial matters. Having the right team who can look at the complete financial picture and provide the right advice at the right time can be a crucial part of your success.
6/22/2018 | Zinman & Company
IRAs and 401(k)s most commonly come to mind when thinking about retirement. By diligently saving money during your working years, that savings and Social Security provides you with an income for your retirement. Medicare and supplemental insurance is available to take care of your health needs. However, according to the U.S. Department of Health and Human Services, someone turning 65 today (commonly thought of as retirement age) has a 70% chance of needing some type of long-term care during their remaining years and, in most instances, Medicare does not provide for long term care.
The federal government projects that 25% of Americans who turn 65 between 2015 and 2019 will need up to approximately 2 years of long term care. 12% will need between 2 and 5 years and 14% will need more than 5 years. Considering the average cost of a private room in a nursing home can be $100,000 a year, neglecting to plan for any long term care needs can be financially catastrophic and quickly burn through any retirement savings you’ve worked so hard to accumulate. Yet almost 2/3 of Americans age 40 and up have done little or no planning for this.
Long term care insurance policies can be essential to helping preserve your retirement assets while providing the care that you may need. While there are several products offered, most will fall under these two types.
- Traditional policies: Premiums are paid on a regular basis (similar to auto insurance). However, there is no return of premiums if the coverage remains unused, unless the policy has “return of premium” rider.
- Combination or hybrid policies: This is a life insurance or annuity that also has long term care insurance.
There are many different products in the marketplace that can help to assist you with long term care planning. Consulting with an advisor who is familiar with your financial picture and ongoing needs and goals can help guide you as you look into what type of policy might be best for you and protect your assets and financial health during your retirement years.
6/15/2018 | Zinman & Company
All reports and statistics show the threat of cybercrime to small and mid-size businesses is growing. Accounting firms may be at the top of the hacker hit list because of the vast amount of Personally Identifiable Information (PII) they compile. If network and data security protocols are not up to date, firms leave themselves vulnerable to an attack that could be catastrophic to both them and their clients.
Think about all the PII data these firms have:
- Names and Social Security numbers
- Names of spouses and dependents
- Employment information
- Bank account information
In addition, if the firm deals with corporate clients, any hacker able to breach the system gains access to corporate financial data including information about any mergers, acquisitions, or restructuring.
So if an attack occurs, what happens after the information is stolen? There are several ways it can be used that are both damaging to the firm and the client.
- Ransomware: In this type of attack, the criminal holds the information hostage contingent on a “ransom” to be paid for its release. The amount demanded can break a business; statistics show that many small and midsized business will fold approximately six months after a cyber-attack.
- Fraudulent tax returns: In the event of a data breach, criminals potentially have access to all tax information. Without strong cybersecurity protocols, it can be months before the attack is detected. The cyber criminals can see who has filed for any tax extensions, and then use the acquired information to file fraudulent tax returns and divert any refund money into their own pockets. By the time this is detected, it is too late.
- ACH (Automated Clearing House) fraud: The ACH network is the central clearing facility for all Electronic Fund Transfer (EFT) transactions. Only two pieces of information are needed to complete this criminal transaction; the checking account number and bank routing number.
In order to avoid any of the above scenarios, it is important to have a data security system in place that both provides early detection and protects the data if a system breach occurs.
- Be sure all systems and security programs are up to date: This is the first line of defense. Since the threats are always changing, these need to be kept up to date.
- Encrypt all data held in systems and in emails: When sensitive data is encrypted, it makes it more difficult for anyone who gains unauthorized access to use the information.
- Educate staff: All employees should know how to recognize suspicious emails and activity as well as how to report them. They should be made aware of current cyber security attack methods as these constantly change. Provide IT policy training so you reduce the risk of human error.
- Have an incident response plan: Define what constitutes a data breach or suspicious activity and be sure employees know who should receive the report of such activity. Usually this is a member of the IT department, but other people in the company may need to be brought in to the response plan as well and what their roles are when communicating with employees and clients.
At Zinman & Company, the security of our clients’ information is of paramount importance to us. We have strict cyber security measures in place and stay up to date on current and emerging cyber security threats.
5/18/2018 | Zinman & Company
Audit. A word that no business owner wants to hear. According to a 2016 MarketWatch report, small C corporation businesses with revenues less than 10 million dollars had an audit rate of about 1%. Midsize business with revenues between 10 and 50 million dollars saw approximately 6.2% of returns audited. So, although the actual chance of an audit is rather small, there are still steps that can be taken to ensure that your company returns don’t come under scrutiny.
- Payroll Errors: If you’ve forgotten to include the required IRS information regarding the payroll deductions for Federal tax, FICA, Social Security and Medicare, this could trigger an audit. Also, if you’ve neglected to pay these employee deductions on a quarterly bases, this is also a red flag. The IRS also looks at any abnormal activity in payroll, such as excessive loans to company officers.
- Excessive Deductions: There are many deductions you can take as a business owner. However, if the deductions are unreasonable or appear suspicious, the IRS will take a closer look. In particular any deductions made for fringe benefits, entertainment expenses, and travel all must be in-line with the revenue generated by the company.
- Suspected Personal Expenses: This is where things can get tricky for those who are self-employed and/or working out of their home. Some examples of deductions that might get closer scrutiny are cell phone bills, meals, and vehicle lease or loan payments.
- Mathematical Errors: Accuracy is important. Your return should be checked for any errors. Avoid rounding up figures and use the actual numbers. If you round up one year and not the next or there are substantial errors that make one year’s return markedly different from another year, the IRS is going to take a look.
- Missing or Late Forms: There are many deadlines to meet and forms to file when you’re running a business. Taxes must be paid quarterly, and there are various forms that need to be submitted at different times of the year like Form 941 that should be filed quarterly. Miss these deadlines or fail to submit them and you’re inviting a closer look at your returns.
- Repeated Losses: Businesses are meant to make a profit. This isn’t to say that a business can’t have a bad year. However, if your business is showing year after year of losses, the IRS is going to wonder why you are still in business.
- Cash Transactions: Any cash transaction over $10,000 needs to be reported by banks and merchants. If you’ve received a cash payment of $10,000 or more from a client or customer for one transaction OR two or more related transactions, this must be reported to the IRS with Form 8300. Dealing in a lot of cash payments can raise red flags.
These are just a few of the things that might have the IRS taking a closer look at your returns. But, remember, there is no need to fear the audit. Keeping accurate records, saving the proper receipts, and being accurate and on-time with your filing will keep you on the right side of the IRS.
12/13/2017 | Zinman & Company
It’s that festive time of year again, and many business owners are giving members of their workforce a holiday bonus! Whether you are the business owner giving a bonus or award, or you are the recipient of it, it’s important to know and understand the tax liabilities. Toward that end, please note the following guidelines.
• Monetary prizes, awards, bonuses, and gift certificates are generally considered taxable compensation.
• Prizes, bonuses, and awards that involve goods or services, such as a trip/vacation for a meeting a sales goal, also generally result in taxable income.
• “Tangible personal property” awarded to employees may not be taxable an achievement award program (see below).
• Awards and gifts of minimal value, such as a holiday turkey, generally fall under the IRS’s de minimis rule and are not taxable. The IRS may allow up to a $25 annual deduction.
• The value of holiday gifts, such as merchandise or tickets to sporting events, in excess of the de minimis amount is taxable income.
In some cases, the value of employee achievement awards can be excluded from taxable income. However, the award must involve something other than cash, a gift certificate, or other cash-equivalent item, and must be given for a length-of-service or safety achievement. The amount that an employee can receive tax free is limited to the employer’s cost and cannot exceed $1,600 ($400 for awards that are not qualified plan awards) for all awards the employee receives during the year (IRS Publication 535).
In addition, the employer must make the award as part of a meaningful presentation. The tax-free employee achievement award exception does NOT apply if:
• The length-of-service award is for less than five (5) years of service or if the employee received another length-of-service award during the year or the previous four (4) years.
• The safety achievement award is given to a manager, administrator, clerical employee, or other professional employee.
• More than 10% of eligible employees previously received safety achievement awards during the year.
Please reach out to your accounting professional at Zinman & Company for more information, clarification, or with any questions.
5/03/2017 | Zinman & Company | Click here to listen on iTunes
4/21/2017 | Zinman & Company
Your CPA was there for you during tax season, providing expertise, guidance, and support. But did you know now that April 15th (or April 18th, as was the case this year) has passed, you need your accountant more than ever?
Accountants are a vital piece of your daily business puzzle, with their services diverging well beyond taxes, bookkeeping, and payroll. Yet consider the following: many business owners hire a CPA only to help them pay less – less on taxes, less on operating expenses, less on everything. That’s all well and good, but beyond that, your CPA can and should provide expert financial management services. Why is this important? It is estimated that upwards of 80% of all corporate insolvencies result from poor financial management. To avoid being a statistic, your focus should not just be on analyzing and reporting historical data, but proactively creating and managing your current and future financial picture in real time. That means working with your CPA throughout the entire year, not just during tax season – because by then it’s too late to make any real and impactful change.
Here are just five examples of the many roles your CPA should be playing in your business:
1. He/she should be providing regular and timely guidance when it comes to monitoring income and expenditures plus managing cash flow. Your business can’t be profitable if it’s spending as much as it’s taking in.
2. Your financial picture should be expertly managed by your CPA, enabling him/her to plan, forecast, analyze, and reset your business plans as necessary to achieve calculated and sustained growth. On the other hand, a financial portfolio mismanaged, perhaps due to a lack of expertise, can result in a downward spiral.
3. He/she should know how much money to keep in the company, and when to spend the funds for growth and expansion. When the picture isn’t so positive, he/she should offer viable solutions to stress points and resolve financial pressures.
4. He/she should be mitigating your risks by managing the financial integrity, health, and stability of your business in an independent, unbiased fashion. By outsourcing this to an expert, you can spend time on the tasks you actually like. And isn’t that why you went into business in the first place?
5. Being dedicated to the accounting industry, your CPA should be up-to-date on new regulatory issues (and can show you their CPE to prove it!), thereby providing compliance guidance on matters you may not even know about, let alone know how to tackle.
Hiring a CPA is an invaluable investment in the long term viability, success, and profitability of your business. And hiring the right CPA is every bit as important as hiring any other member of your team. Make sure you’re working with one who provides expert financial management services throughout the entire year, and one that is a perfect fit for your company – because no one wants to be a statistic.
4/07/2017 | Zinman & Company
The last ten years have brought significant changes to the accounting industry, with new technologies being the driving force. Technological advancements have automated many of the more perfunctory tasks that accountants once performed manually, freeing up their time to serve as trusted business advisors, effectively and efficiently analyzing data to provide business and consulting services – in real time. Arguably the most impactful of all the technological advancements is the advent of SaaS and cloud computing. And its impact is far reaching, permeating nearly every industry.
So what is SaaS, and is it the same thing as cloud computing?
SaaS (software as a service) is a software application that is not installed on premise; it does not run on your local hard drive nor on your office servers. Instead, it runs and is maintained in a vendor’s off site data center. Instead of buying a license to use/access the application, you “rent” use of the software monthly or annually. You access it by logging into a website, perhaps through a shortcut on your desktop. SaaS applications run in the cloud, but they are not the cloud itself.
So what is the cloud? It’s a means of accessing and storing data, programs, and applications over the internet instead of your hard drive or local server. Why give up local servers in favor of cloud computing; what are some of the benefits? First, data can be accessed from anywhere there is an internet connection, enabling more streamlined collaboration and flexible staffing. Second, while your local server may crash, most cloud service providers guarantee 99.99% uptime. Third, it is scalable, so you’re not paying for storage capacity you don’t use or need.
SaaS and cloud computing changes the whole dynamic of business services, both from a people perspective and an equipment perspective:
• Externally, gone are the days when small to mid-sized business owners can only collaborate with other businesses (such as accounting firms) who are local to them, because data now can be shared swiftly and securely from anywhere in the world, breaking down geographic barriers.
• Internally, gone is the need for the employees of many businesses (including accounting firms), to work in any specific office, city, or state.
• The need to install and upgrade software locally; plus to purchase, maintain, and eventually replace expensive hardware, has ended. And not just expensive servers that must be replaced every five years but also the workstations themselves.
• Case in point: a business owner can purchase a Chromebook (basically turning Google Chrome from a web browser into an operating system) instead of a desktop or laptop for each employee, costing only a couple hundred dollars each, instead of thousands.
If you are interested in saving money while increasing efficiencies, please contact Mark Zinman, CITP, to learn what options are available – and if SaaS and cloud computing would benefit your company!
3/24/2017 | Zinman & Company
If you find tax season stressful, you are not alone. Many consider the top causes of stress to include: lack of time, lack of money, health issues, and being overburdened. Small to mid-sized business owners face those same stresses plus we can add lack of control to the list.
Tax season stresses fall into literally every category including physical and psychological health issues. According to the American Psychological Association, “an extreme amount of stress can have health consequences and adversely affect the immune, cardiovascular, neuroendocrine, and central nervous systems.” Chronic stress can result in anxiety, insomnia, muscle pain, high blood pressure, a weakened immune system, heart disease, depression, and obesity.
The question is: why does tax season bring on so much stress? For many, the answer falls into the following five categories:
1. Understanding how to manage the financials of your business, including containing costs, increasing revenue, maximizing profits, managing cash flow and allocation of resources – is a very stressful burden placed squarely on the shoulders of the small to mid-sized business owner. The payoff for shouldering the burden can be substantial, but so can the stress. Arguably the biggest source of stress is not fully understanding your current financial picture. Therefore, we recommend that regardless of whether it’s good news or bad, you maintain open and frequent communication with your accountant, so that you always know what your picture looks like in real time – not just historically.
2. And, especially if the news is bad, there are two times in particular that a business owner faces his/her comeuppance: end of fiscal year and tax season. During these times, the reality of your business management practices, and their positive or negative consequences, are at the forefront. Such times of evaluation brings heightened self-awareness – plus the stress and anxiety that goes along with it.
3. Taxes are complicated and there’s a lot of paperwork involved. It’s important to stay organized so that if the IRS requests additional documentation/information, your accountant can swiftly and accurately provide it. Turn to tech and Project Management Software for help organizing paperwork, electronically storing receipts, etc. Why? Because disorganization causes stress. According to Psychology Today, it signals our brains that our work is not done and makes us anxious with feelings of guilt and even embarrassment.
4. The fear of an audit is real. Audits can intimidate even the most confident business owners. Yet the audit process is often misunderstood and does not have to be scary. If your taxes were processed by a competent professional, you have little reason to worry. Your accountant will have not only decreased your chances of an audit by minimizing potential mistakes and audit flags, but also he/she will help de-mystify the audit process by setting expectations and making sure that adequate preparation has been done.
5. If you are savvy enough to recognize that you don’t fully understand tax laws – what applies to your business and what does not, what credits or deductions you may qualify for – and so you turn to a tax professional for help, you may perceive it as giving up some control of your business to an independent third party. And as previously noted, lack of control stresses the body. The Indiana University Kelley School of Business conducted a study, analyzing 2,363 people over the course of seven years. They found that study participants in high stress jobs who felt a lack of control were 15.4% less healthy than their counterparts. We encourage you to think of the process as gaining control of your accounting and tax portfolio, not losing control.
So while tax season stresses can be stifling, your accounting professional is trained and experienced to take some of the burden off your shoulders and provide the expert service that you deserve, lowering your stress and maximizing your business’ potential.
Please contact Mark Zinman, CPA, with any questions or comments at 215-357-2250 or email@example.com.
3/17/2017 | Zinman & Company
Information Technology (IT) is an important factor contributing to business success, as it increases flexibility, efficiency, and productivity. Yet small businesses are common targets for hackers and are vulnerable to cybersecurity threats because criminals (often rightly so) assume that there may be few security controls in place. Therefore we encourage our clients to follow some basic protocols to help keep their data secure:
Training: Establish security policies for your workforce to follow, including Internet use guidelines. Train employees to understand the dangers of visiting unsafe websites, how to recognize phishing emails, and why they should not open an attachment or click on a link that is questionable or unexpected.
Protection: A firewall prevents outsiders from accessing data on your private network. Make sure your operating system’s firewall is enabled and properly configured. Anti-virus software should be installed with patches/updates kept up to date (scan after each update). Using the latest web browsers and operating systems helps defend against viruses, malware, and other threats. Beyond that, only select employees should be able to install software.
Passwords: Each user should have unique credentials (user name, password), which they are required to change/refresh every quarter. Require passwords that contain a combination of numbers, letters, and characters. Discourage employees from using the same password for multiple sites and systems.
Wifi: Have both a public and a private wi-fi network. The private network should be secure and encrypted. Hide your private network so that the network name (SSID) is not broadcast.
Need to Know: Be stingy when it comes to assigning administrative privileges. While it’s easiest to just “let everyone have access to everything,” enable restrictions that limits data access only to those employees who have a legitimate need for the data type/system.
Restrict Access: Prevent computers from being used by unauthorized individuals. Laptops and mobile devices are particularly vulnerable to theft, and should be secured (locked up) when not in use.
Suppliers & Vendors: Establish (and enforce) security policies for suppliers and vendors who have access to your company data. Meanwhile, when employees access company accounts (bank accounts, credit card accounts) on line, the most redundant and stringent security protocols should be enabled (multi-factor authentication).
Test & Back up: Test your systems and regularly back up your data. Audit your backups to make sure the data is not compromised. Securely store backups off site or in the cloud.
Don’t forget: these basic protocols apply to all devices: desktops, laptops, tablets, smart phones. Mobile devices, in particular, are often overlooked, and therefore are often a hacker’s go-to access point.
Please contact Mark Zinman, CITP, with any questions or comments at 215-357-2250 or firstname.lastname@example.org.