Professional service providers such as attorneys, accountants, and doctors no longer fall within the definition of a creditor under the Red Flag Rule.

The Federal Trade Commission’s (FTC) so-called “Red Flag Rule,” which requires all businesses that are potential identity-theft targets to develop plans to spot red flags and prevent theft, received much criticism for being too broad. But now there’s some relief:  S. 3987, the Red Flag Clarification Act, which President Obama signed into law in December 2010.

To recap, under the Red Flag Rule, the FTC had been interpreting “creditor” broadly by including organizations that defer payment for goods or services and bill clients later. This led to widespread concern that the Red Flag Rule would be applicable to entities not typically thought of as creditors, including law firms and health care providers.

The Red Flag Clarification Act exempts such entities by revising the definition of creditor to exclude creditors “that advance funds on behalf of a person for expenses incidental to a service provided by the creditor to that person.”

Essentially, the Red Flag Clarification Act limits the scope of the Red Flag Rule to creditors that regularly and in the ordinary course of business obtain or use consumer reports in connection with a credit transaction; furnish information to consumer reporting agencies in connection with a credit transaction; or advance funds to a person based on the person’s obligation to repay the funds.

The legislation does include a provision that would allow other types of creditors to be subject to the Red Flag Rule if the agency with authority over the creditor (such as federal banking agencies) determines that the creditor has accounts that are subject to a reasonably foreseeable risk of identity theft.

When you acquire equipment for your businesses, you can deduct the entire cost in a single year, thanks to a tax break that’s been extended through the end of 2011.

In the past, business equipment such as computers and machinery had to be deducted over a number of years. Then a new tax code provision was enacted to help spur economic growth.

That provision, called Section 179, allowed taxpayers to deduct the cost of equipment as an expense rather than requiring the cost of the property to be capitalized and depreciated. In other words, single-year deductions were permitted—much to the benefit of small and medium businesses.

The Section 179 deduction started out at $25,000, increased to $125,000 then $250,000, and finally ended up at $500,000. And many assets qualify for the tax break, including computers, software, office machines and furniture, manufacturing equipment, and vehicles that weigh more than 6,000 pounds.

How does it work? Lets’ say you have a $600,000 profit and don’t want to pay taxes on that entire amount. At the same time, you need new computer equipment. You can buy that new equipment for $500,000 and only owe taxes on $100,000 of your profits.

Section 179 was set to expire at the end of 2010, but it’s now been extended. The Tax Relief Act of 2010, signed on 12/17/10, allows business owners to take Section 179 deductions through the 2011 tax year.

That means 2011 is a great year to consider purchasing equipment, because the immediate writeoff helps businesses such as yours keep more cash free for other purposes. “There is a big advantage to having that cash flow right away,” says Abe Schneier, a senior manager at the American Institute of Certified Public Accountants. “Even in the best of times, it is hard for many small businesses to borrow money for any sizeable investment.”

Related articles: Equipment eligible for the Section 179 deduction

The federal government’s Red Flag Rule requires all businesses that are potential identity theft targets develop plans to spot red flags and prevent theft. How can you comply?

Regulations designed to minimize identity theft went into effect in June of 2010. Are you complying with them?

The federal government’s so-called “Red Flag Rule” requires all businesses that are potential identity-theft targets develop plans to spot red flags and prevent theft. Red flags include suspicious photo IDs, unverifiable addresses and Social Security numbers, and questionable account activity, to name just a few.

While many companies think the Red Flag Rule only applies to financial institutions, it actually applies to all creditors—with creditors being defined as “businesses or organizations that regularly provide goods and services first and allow customers to pay later,” according to a Frequently Asked Questions guide prepared by the Federal Trade Commission, which will enforce the Red Flag Rule.

In other words, if you invoice customers for your goods or services, you’re a creditor—and the Red Flag Rule applies to you.

How can you comply?  You’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft. Other recommendations include data encryption, annual updates of your written policy, and staff training.

While this may seem onerous, you don’t want to ignore the legislation. Fines are $3,500 per violation—and the threat of a lawsuit from customers whose identity has been stolen.

Related articles
Do You Comply with the FTC’s Red Flag Fule?

To comply with the federal government’s Red Flag Rule, you’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft—and more.

Regulations designed to minimize identity theft went into effect in June of 2010. Are you complying with them?

The federal government’s so-called “Red Flag Rule” requires all businesses that are potential identity-theft targets develop plans to spot red flags and prevent theft. Red flags include suspicious photo IDs, unverifiable addresses and Social Security numbers, and questionable account activity, to name just a few.

While many companies think the Red Flag Rule only applies to financial institutions, it actually applies to all creditors—with creditors being defined as “businesses or organizations that regularly provide goods and services first and allow customers to pay later,” according to a Frequently Asked Questions guide prepared by the Federal Trade Commission, which will enforce the Red Flag Rule.

In other words, if you invoice customers for your goods or services, you’re a creditor—and the Red Flag Rule applies to you.

How can you comply?  You’ll need to have a written policy that specifically addresses how you will prevent and handle identity theft. Other recommendations include data encryption, annual updates of your written policy, and staff training.

While this may seem onerous, you don’t want to ignore the legislation. Fines are $3,500 per violation—and the threat of a lawsuit from customers whose identity has been stolen.

Related articles
Do You Comply with the FTC’s Red Flag Fule?

The United States Homeland Security Department’s National Cyber Security Awareness Campaign Challenge was a huge success, with more than 80 security proposals submitted with the goal of increasing awareness regarding threats to cyber security.

Out of the over 80 submitted entries, seven were chosen to receive awards at a ceremony at the White House recently. One noteworthy proposal was a 5k run dubbed “Trot Against Bots”, which aims to intentionally cause traffic jams to demonstrate the effect of security problems causing disruptions in internet traffic, bagging the Best Creative Approach award. Cisco Systems, Inc., also got a nod for their “Cybersecurity is Everyone’s Responsibility” Publicity and Marketing plan, which highlights the importance of using cyberspace responsibly as an individual compared to the shared effort of making the internet a safe place for all.

Another notable proposal was the “Think Before You Click” campaign from Deloitte & Touche, LLP, which won the Best Iconic and Overall Structure. As the name suggests, the campaign aims to curb the pervasive habit of clicking links before analyzing the possible content of the website to be accessed or the file to be downloaded.

Other winners include: Best Local/Community Plan - Securing Our eCity San Diego and MyMaine Privacy; Best Individual Plan - “Cybersecurity Starts Here: Home, School and Main Street” by Melissa Short; and Best Educational Plan - Pennsylvania State University’s “CyberLink Games”.

Homeland Security plans to utilize the winning concepts and integrate them into their National Cybersecurity Awareness Campaign.

Source:
http://www.dhs.gov/files/cyber-awareness-campaign.shtm

Two new viruses have been discovered to infiltrate systems through removable drives.

USB flash drives have become indispensable to almost everyone who uses a computer. It’s a quick and easy way to immediately transfer and share information and other data, especially files that are too large to send through email. Unfortunately, some malware take advantage of this convenience by attaching themselves to files on the drive to infect any other system it comes into contact with.

Two such malware have recently been discovered. Chymine is a Trojan application with keylogging capabilities, designed to copy passwords and other sensitive data, and Dulkis-A is a Visual Basic worm designed to copy and allow malware to infiltrate the system. Both exploit a vulnerability in Windows Shell.

Microsoft has yet to directly address the issue and provide a patch that fixes the problem. In the meantime, they have issued directions for a workaround that prevents both malware from manipulating the Windows Shell susceptibility. The workaround is effective for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server R2, but it comes with a cost – you lose all your icon graphics.

Success in removing the virus has been marginal at best, with current fixes including a warning that removing these malware might result in unwanted changes to your system because of the way the virus embeds itself.

The best way to avoid being infected, be careful not to run any suspicious programs and files, especially when taken from USB drives and any other removable storage, even from a Blackberry or an iPhone. It’s also best to avoid automatically enabling USB devices to autorun once they’re plugged into your computer.

If you have any concerns or want to make sure your systems are protected, give us a call and we’ll work with you to ensure the security of your systems and data.

Before you entrust your sensitive data to a “cloud” service provider, make sure you weigh the risks with the benefits.

“Cloud computing,” largely synonymous with Internet-based computing, has become a hot topic of discussion among many in the business community, with its promise of radically simplifying the access to, and use of, computing resources on demand. It’s no wonder then that it’s been small businesses, often without full-time IT resources of their own, that have been the first to adopt the concept. As a business owner, however, before you start moving critical data to the “cloud,” you’ll do well to bear in mind the risks that come with the computing model.

First is security and privacy—ask how the service provider ensures the confidentiality and integrity of your data while in their care. Do they provide backups? Can you back up your data yourself? Are their security processes and procedures reviewed and vetted by a third party?

Next is availability. Do they guarantee the uptime of their services—7 days a week, 24 hours a day? Do they provide a service level guarantee? Do they have processes in place to handle exceptional circumstances that can disrupt services, such as a natural disaster? Is support readily available to help in case you encounter any issues?

Finally, there’s cost. While pay-as-you go can be attractive, the total cost over time can add up. It’s worth thinking two to three years out and considering the total cost versus alternatives.

Asking these basic questions can go a long way in giving you peace of mind before you entrust your valuable data and core business systems to the care of others. If you’d like some help sorting all this out and making the best decision for your unique needs, give us a call.

Despite the clear trend towards greater adoption of mobile devices by businesses and consumers, a new study finds that many businesses are not taking full advantage of the opportunities created by this trend—especially in sales and marketing.

Global smartphone shipments continue to rise, driven by operator subsidies, lower barriers to adoption with the introduction of lower-cost models, and greater choices afforded by vigorous competition from companies such as Apple, RIM, Microsoft, and Google. Not far behind is the rising interest and adoption of other mobile devices, such as tablets with the success of Apple’s iPad.

Despite this trend, a new study by eROI, an online marketing agency, finds that many businesses are not taking full advantage of the opportunities it creates—especially in sales and marketing. The company surveyed 500 businesses, and the majority cited lack of resources and little understanding of what needs to be done as the major barriers to capitalizing on the trend. This, despite findings which show 91 percent of the population use mobile devices, with 23 percent using smartphones that make extensive use of online services.

Companies would benefit from looking at how these trends can be leveraged for building a strategy toward reaching new customers, engaging current customers, and creating rich experiences for both. Some examples from early pioneers in this area: building versions of their website that can be viewed comfortably on mobile devices, using services that make extensive use of social networks and location-based services such as Facebook and FourSquare that work well with mobile devices, and even building custom applications to provide a new channel for reaching and serving customers.

Companies can start small with pilot projects then work from there to see which work best for their businesses.

The continued exploit of many vulnerable applications that have been fixed by vendors for over a year highlight the need to keep software updated with the latest versions and patches.

A new report released by security firm M86 Security reveals a trend toward more sophisticated forms of malware in taking advantage of vulnerabilities in common software applications and developing techniques to avoid detection.

In M86’s report, among the applications commonly exploited are Microsoft’s Internet Explorer and Adobe Reader. Another vector for malware that hackers have been using recently is Java and Adobe’s Flash—which are installed on many PCs, often as plug-ins to most browsers.

Although the vulnerabilities in these applications have been identified and patched for over a year, failure to keep up with the latest updates have made many systems still vulnerable to attack. Our customers taking advantage of our Managed Security need not worry, since we make sure our customers’ systems are patched as soon as updates become available. Find out more about our Security Offerings today.

Mozilla implements new initiatives to ensure the security of its browser to fix the main security holes, and this brings Firefox’s latest version to 3.6.7

The Mozilla foundation, the organization behind the Firefox browser, announced recently that it has released a patch to fix many major security holes found in its software, as well as the pull out of malicious add-ons in its extensions gallery.

A new update brings Firefox’s latest version to 3.6.7, and includes fixes for nine critical issues that could potentially be exploited by hackers to launch attacks on vulnerable systems. This comes after recently pulling out a password stealing add-on called the “Mozilla Sniffer” in the Firefox extensions gallery. As a preventive measure, the Mozilla foundation has announced a US $3,000 security bounty program that for anyone who finds an eligible security bug. It has also announced that it will implement a source code review of add-ons to catch potential malware that could be injected into otherwise patched Firefox browsers.

As always, users are advised to be constantly on guard and to make sure they are using the latest updated versions of their software. Customers under our Managed Security program benefit by letting us do the worrying and updating for them, so they can focus on their business instead of their security. Not on our Managed Security program? Contact us today.