Strengthen the Weak Links in Your Cybersecurity Plan

Cybercriminals never seem to give up, and for good reason: Their chances of success make it worthwhile. A recent poll entitled “IT Threats and Data Breaches” found that 94% of companies reported experiencing some form of “external threat.”

After spam, the most commonly reported cyberthreats were viruses, worms, spyware, phishing attacks and network intrusion. Although less common, corporate espionage was also reported by nearly one-fifth of survey respondents.

As a result, a new industry — employee cybersecurity training — has sprouted up. While it’s true that there will always be employees who will click on anything, it’s still critical for employers to try to educate them. Here’s a rundown of how to proceed.

Employee Cybersecurity Checklist

It’s important to test your staff regarding their knowledge of cybercrime, the possibility of breaches, and the role employees play in keeping the company and themselves safe. Your employees need to know that:

  • They should never run or install software on a work computer when a website they are visiting invites them to do so.
  • Malicious emails may appear to be from a coworker or supervisor, urging or instructing them to take an action that is actually dangerous.
  • It’s not okay to use the same passwords on multiple websites.
  • Malware often originates from legitimate websites they regularly visit.

Cybersecurity experts maintain that educating staff members about online security procedures isn’t a “one and done” matter. Employees may be vigilant and avoid the trap in a “spear phishing” (that is, highly customized) attack for a while after being warned, but eventually they let down their guard. Some cybersecurity training services can regularly send your employees phony attacks to test their resistance, enabling you to give remedial instruction to employees who flunk.

The underlying strategy used by many cybercriminals is “social engineering.” In this case, that’s defined as the art of manipulating employees so they give up confidential information. Its effectiveness rests on the fact that it’s easier to find people who are too trusting than it is to hack into a system by purely technical means.

Common Tactics

Frequently used social engineering tactics include:

  • Impersonating a friend, coworker or supervisor,
  • Asking for help,
  • Informing you there’s a problem with your account that requires verification of personal information, and
  • Telling you that you’ve won something, but to receive the prize you must provide your bank information.

While some of these tactics might be transparent to you, it isn’t safe to assume that they will be that clear to all of your employees, including senior managers. In fact, higher level employees may be subject to more attacks because it’s assumed they have greater access to the information hackers are seeking.

Training employees in cybersecurity involves more than just feeding them defensive tactics; it also requires getting them to understand why it all matters. They need to know what is at stake and how a serious cyberattack could affect not only the organization, but also each individual employee. After all, the personal information of everyone on your payroll is in your database, including their Social Security numbers, birthdates, addresses and more.

Detecting a Breach

It’s not always obvious to employees when they have enabled a cyberattack, and thus they need to be trained to spot a breach if one occurs.

It’s also advisable to inform staff members what they need to do if they suspect there’s been a breach. For example, you might instruct them to unplug the computer from the network immediately and then contact the IT department. Even if the breach turns out to be a false alarm, commend the employee for acting quickly to address a perceived problem.

A Real Attack

Policies and procedures for dealing with a true cyberattack need to be laid out in advance. That should include a documented remediation plan that is regularly reviewed and updated.

It’s also a good idea to have procedures in place for informing employees when a breach has occurred, on a need-to-know basis. The same holds true for informing customers, if the breach could compromise the security of their data.

Keep in mind, it may be necessary to make a public announcement concerning the breach, as a way to control the story rather than have it leak out and be perceived as a scandal. A public relations professional can provide insight on the best ways to handle a breach.

Finally, look to employees not just as people to be trained, but also as a possible source of insights on how you can work together to implement the strongest defense possible. Make it a dialogue, not simply a series of lectures.

Copyright 2016


10 Midyear Tax Planning Moves Inspired by the PATH Act

Have you met with your tax adviser to plan for 2016? The tax year is almost half over, and several new and expanded tax-saving opportunities are available under recent legislation. Moreover, some tax breaks have been made permanent, adding certainty to a few of your tax planning strategies. Here are some ideas for individuals and small businesses to lower their tax obligations this year.


Numerous tax breaks have been retroactively expanded for 2015 and beyond — or, in some cases, been made permanent — under the Protecting Americans from Tax Hikes (PATH) Act of 2015. Now that the dust from the new law has settled, individuals and small business owners can plan ahead with these 10 midyear tax strategies inspired by the recent legislation.

5 Tax Breaks for Individuals

1. Consider tax breaks for college students. If you have a child in college this year, you may be eligible for tax benefits. The PATH Act makes the American Opportunity credit permanent and extends the tuition and fees deduction through 2016. Both of these breaks are subject to phaseouts based on income level. For each student, you may claim either the American Opportunity credit or the tuition and fees deduction, but not both. Thus, while it is possible to claim the credit and the deduction in the same year, you may not claim both for the same student. If your income is too high to take one of these breaks, your child might be eligible.

The PATH Act also permanently treats computers, computer equipment, software and Internet service as qualified expenses for Section 529 savings plans, so distributions for this purpose are tax-free. Summer planning can help maximize your tax benefits for costs incurred for the fall semester.

2. Shop for a new car. If you itemize deductions on your federal income tax return, you can generally deduct state and local income taxes paid for the year. As an alternative, however, you may claim a deduction for state and local sales taxes. This option — which has been permanently extended by the PATH Act — is generally beneficial to taxpayers in locales with low or no state or local income taxes. But it can also benefit taxpayers who make large purchases during the year, regardless of where they live.

The sales tax deduction is determined based on actual receipts or an IRS table that lists amounts for each state. If you opt to use the IRS table, you can add on the actual sales tax paid for certain “big-ticket items,” such as cars or boats. If you’re in the market for a new vehicle, remember this alternate tax deduction.

3. Transfer IRA funds directly to charity. After you turn age 70½, you must take required minimum distributions (RMDs) from your traditional IRAs, whether you want to or not. These RMDs are taxable in the tax year they’re received.

Under a provision made permanent by the PATH Act, if you’re age 70½ or older, you may transfer up to $100,000 directly from your IRA to a charity without any tax consequences. In other words, you can’t claim a charitable deduction for these transfers, but the payouts aren’t taxable either — even if they’re used to satisfy your RMD. Act sooner rather than later to avoid year-end scrambling. Keep in mind that this is a per person benefit. Although both spouses may individually transfer up to $100,000 from an IRA to a charity, one spouse cannot “borrow” the other spouse’s $100,000 to make a $200,000 transfer.

4. Gift property to a charity. Real estate owners can deduct the value of “conservation easements” made to a charity that preserve the property in its original condition. Charitable deductions for long-term capital gains property (appreciated property that’s been held more than one year) are generally limited to 30% of the taxpayer’s adjusted gross income (AGI). Any excess may be carried forward for up to 15 years.

Under enhancements made permanent by the PATH Act, the deduction threshold is raised to 50% of AGI (100% for farmers and ranchers) for conservation easements. Any excess may still be carried forward for up to 15 years. One catch, however, is that all such conservation donations must be made in perpetuity.

5. Install energy-saving equipment. Are you dreading the summer heat? It may be time to install a central air conditioning system. There are various requirements to qualify for the credit. First, the home must be your main home. Also, while the credit is generally equal to 10% of the cost of qualified energy-saving improvements, there is a lifetime credit limit of $500. Thus, if you’ve claimed the credit in a prior year, your current-year credit will be reduced accordingly. Other special dollar limits may apply. It’s available for a wide range of items from central air to insulation.

The PATH Act extended the residential energy credit only through 2016. So, it’s important to act before this tax-saving opportunity expires. (It may be extended again, but there are no guarantees.)

5 Tax Breaks for Small Businesses

1. Buy equipment. The PATH Act preserves both the generous limits for the Section 179 expensing election and the availability of bonus depreciation. These breaks generally apply to qualified fixed assets, including equipment or machinery, placed in service during the year. For 2016, the maximum Sec. 179 deduction is $500,000, subject to a $2,010,000 phaseout threshold. Without the PATH Act, the 2016 limits would have been $25,000 and $200,000, respectively. The higher amounts are now permanent and subject to inflation indexing.

Additionally, for 2016 and 2017, your business may be able to claim 50% bonus depreciation for qualified costs in excess of what you expense under Sec. 179. Bonus depreciation is scheduled to be reduced to 40% in 2018 and 30% in 2019 before it expires on December 31, 2019.

2. Improve your premises. Traditionally, businesses must recover the cost of building improvements straight-line over 39 years. But the recovery period has been reduced to 15 years for qualified leasehold improvements, qualified restaurant buildings and improvements, and qualified retail improvements. This tax break was reinstated and made permanent by the PATH Act.

If you qualify and your premises need remodeling, you can recoup the costs much faster than you could without this special provision. Keep in mind that some of these expenses might be eligible for bonus depreciation.

3. Ramp up research activities. After years of uncertainty, the research credit has been made permanent under the PATH Act. For qualified research expenses, the credit is generally equal to 20% of expenses over a base amount that’s essentially determined using a historical average of research expenses as a percentage of revenues. There’s also an alternative computation for companies that haven’t increased their research expenses substantially over their historical base amounts.

Research activities must meet these criteria to be considered “qualified”:

·    The purpose must be to create new (or improve existing) functionality, performance, reliability or quality of a product, process, technique, invention, formula or computer software that will be sold or used in your trade or business.

·    There must be an intention to eliminate uncertainty.

·    There must be a process of experimentation. In other words, there must be a trial and error process.

·    The process of experimentation must fundamentally rely on principles of physical or biological science, engineering or computer science.

Effective starting in 2016, a small business with $50 million or less in gross receipts may claim the credit against its alternative minimum tax (AMT) liability. In addition, a start-up company with less than $5 million in gross receipts may claim the credit against up to $250,000 in employer Federal Insurance Contributions Act (FICA) taxes.

4. Issue more stock. Does your business need an influx of capital? If so, consider issuing qualified small business stock (QSBS). As long as certain requirements are met (for example, at least 80% of your corporate assets must be actively used for business purposes) and the investor holds the stock for at least five years, 100% of the gain from a subsequent sale of QSBS will be tax-free to the investor — making such stock an attractive investment opportunity. The PATH Act lifted the QSBS acquisition deadline (December 31, 2014) for this tax break, essentially making the break permanent.

5. Hire workers from certain “target groups.” Your business may claim the Work Opportunity credit for hiring a worker from one of several “target groups,” such as food stamp recipients and certain veterans. The PATH Act revives the credit and extends it through 2019. It also adds a new category: long-term unemployment recipients.

Generally, the maximum Work Opportunity credit is $2,400 per worker, but it’s higher for workers from certain target groups. In addition, an employer may qualify for a special credit, with a maximum of up to $1,200 per worker for 2016, for employing disadvantaged youths from Empowerment Zones or Enterprise Communities in the summer.

New transitional rules give an employer until June 30, 2016, to claim the Work Opportunity credit for applicable wages paid in 2015.

Midyear Tax Planning Meeting

We’re almost half way through the tax year. Summer is a great time for individuals and small businesses to get a jump start on tax planning. Contact your tax adviser to estimate your expected tax liability based on year-to-date taxable income and devise ways to reduce your tax bill in 2016 and beyond.

Copyright 2016


Follow Detailed Recordkeeping Rules for Vehicle Expense Deductions

Many business owners fail to follow the strict tax rules for substantiating vehicle expenses. But if your business is audited, the IRS will most likely ask for mileage logs if you deducted vehicle expenses — and it tends to be especially critical of the amount deducted if you’re self employed or you employ relatives. While the basics seem simple, there are numerous exceptions.

Mileage Logs

Taxpayers can deduct actual vehicle expenses, including depreciation, gas, maintenance, insurance and other vehicle operating costs. Or they can use the standard mileage method, which allows a deduction based on the standard rate for each mile the vehicle is driven for business purposes. For example, the standard mileage rate is 57.5 cents per mile in 2015 and 54 cents in 2016. If you drove 1,000 miles for business purposes in 2016, you could deduct $540 under the standard mileage method.

Regardless of the method used, the recordkeeping requirements for mileage are the same. They’re also the same whether you’re the only employee who uses a vehicle, you employ others who use company vehicles, or an employee uses his or her own vehicle and is reimbursed by the company.

Vehicle logs must provide the following information for each business trip:

  • Date,
  • Destination,
  • Business purpose,
  • Start odometer reading,
  • Stop odometer reading, and
  • Mileage.

Employees who use their own vehicles must provide these details to their employer. If an employer reimburses an employee without the required documentation, the reimbursement is taxable income. If an employee uses a company vehicle, the IRS considers any usage that’s unaccounted for as personal use and the value of unaccounted usage should be included in the employee’s income for the employer to secure a deduction.

The IRS requires “contemporaneous” recordkeeping for mileage. That means a recording at or near the time of the trip. You can record the mileage at the time of the trip and enter the business purpose at the end of the week. But waiting much longer could raise suspicion about the validity of the vehicle log and potentially jeopardize your entire vehicle deduction.

The tax agency requires varying levels of detail, depending on the circumstances. For example, you might be able to list only the customer’s name if you visit someone regularly to demonstrate new products, provide service and take orders. But cold calls to prospective customers may require a more detailed write-up in your vehicle log. A single entry may be enough for visits to several customers in the same day, but you may need to log any detours taken for personal reasons, such as personal errands or lunch with your spouse.

In some cases you may be able to avoid recordkeeping if your company maintains a formal policy forbidding employees from using company vehicles for personal reasons. However, the exception has numerous rules and restrictions. For instance, the policy must be written and meet six conditions, and the exception applies to only employees who aren’t “control” employees, such as:

  • Employees who are appointed by the board or shareholders or an elected officer whose pay is $100,000 or more,
  • Directors,
  • Employees who earn at least $205,000 annually, and
  • Employees who own a 1% or more share of equity, capital or profits in the business.

Exceptions to the Rules

We’ve used the term “vehicle,” because the recordkeeping rules apply to more than just cars. Technically, every vehicle is subject to the rules. But the IRS permits specific exceptions for the following vehicles that are unlikely to have more than a minimum amount of personal use:

  • Delivery trucks with seating only for the driver or only for the driver plus a folding jump seat,
  • Buses with a 20-person minimum seating capacity,
  • Special purpose farm vehicles, and
  • Any vehicle designed to carry cargo with a loaded gross vehicle weight over 14,000 pounds.

Not listed above are more obvious exceptions, such as cement mixers, combines and bucket trucks. In addition, the IRS permits exceptions for trucks or vans that have been specially modified so that they aren’t likely to be used more than a de minimis amount for personal purposes. An example is a van that has only a front bench for seating, has permanent shelving that fills most of the cargo area, constantly carries equipment and has been custom painted with the company’s name and logo.

Simplified Recordkeeping

Complying with the IRS mileage recordkeeping rules can be tedious, especially for workers who drive significant distances for business purposes. Here are some ways you can simplify the process:

Use technology. Mileage logs don’t have to be kept in a written diary or day planner — you can download an app to your tablet or cell phone to track mileage. These apps typically allow you to take a picture of the odometer for the beginning and ending mileage. If you allow this method, require workers to back up their electronic mileage logs regularly to prevent loss of mileage records. Alternatively, you might use GPS tracking of company vehicles to help document mileage.

Apply sampling methods. The IRS allows taxpayers to use the mileage for regular routes — for example, if you visit the same customers on a fixed weekly schedule — and extrapolate the sample mileage over the entire tax year. This can save time, but you’ll have to show that the sample is valid. And if the route changes midyear, you’ll have to show how you updated the sample.

The easiest way to simplify recordkeeping for vehicle expenses is to use the standard mileage rate, rather than tracking actual expenses. Doing so eliminates the need to save gas receipts and maintenance records. But the downside is that this method tends to understate expenses, particularly if you drive an expensive gas guzzler or pay above-average insurance premiums. If a vehicle’s business use is high but its total use is low, actual fixed costs — such as insurance and depreciation — are likely to be higher on a per-mile basis than with the standard mileage rate.

Ongoing Attention

Vehicle expenses can quickly add up for businesses — as well as for individuals who are tracking mileage for itemized medical or charitable deductions, or supplemental business activities such as managing investments in local businesses or rental properties. But as easily as they add up, so too can vehicle deductions vanish in an IRS inquiry.

The key to preserving your deductions is maintaining up-to-date mileage records. Too often, taxpayers assume they can put together a mileage log the night before the IRS visits. That rarely works. For example, the IRS questioned a situation in which the taxpayer used the same pen over a two-year period. In another case, the IRS noticed that the taxpayer claimed to be at the post office and an hour later was at a client 110 miles away. In cases where there are more than a few discrepancies, the IRS often denies all vehicle expense deductions, claiming the mileage log wasn’t credible. On top of losing your deduction, you also might face penalties and interest for underpaying your tax liability.

When it comes to the recordkeeping requirements for vehicles, the IRS rarely allows exceptions for its strict rules. Don’t assume you qualify for an exception, check with you tax adviser first. He or she can help you navigate the complicated vehicle recordkeeping rules with confidence.

Copyright 2016