Tag Archives

6 Articles

How Secure Is My Tax Data?

Posted by presspass on
How Secure Is My Tax Data?

When we enter a tax preparer’s office for the first time, we are unknown and have to provide not only our W-2’s and/or business records, we often need to provide copies of prior years tax returns, social security cards for all family members, birth certificates, and other highly personal and private information.  The office either makes paper copies or scans the information into some type of electronic filing cabinet.  In this era of rampant identify theft, often times we hesitate to provide such information, wondering how secure will our private information be in this accountant’s office.  This concern is very valid as hackers are trying to penetrate accountant’s systems now more than ever, because of the amount of private information that is contained in accountant’s computers.  How can you as the tax client know how secure your information is?  What steps should a tax office take to protect client data?

First, ask about the accounting firm’s privacy policy.  Is a copy provided on the firm’s website?  Is a copy provided with each tax return?  I have the company privacy policy posted on the website and have copies available in our waiting area.  This policy should disclose any 3rd parties that have access to your data and describe any outsourcing of services by the firm.  As a practice, I keep all work inside my office completed by employees under my supervision.

Second, what physical measures are in place to protect client data?  Does the office have a security system with 24-hour monitoring?  Not only does this office have 24-hour monitoring,  we also place any physical client data in locked desks and file cabinets at the close of business each night.  During business hours client data is kept out of sight of any outside parties entering the office for assistance.  All original information is returned to the client.  Any physical copies no longer needed are shredded into confetti.

Third and probably the most important step is how data is protected electronically.  All paid preparers are required by IRS publication 4557 to maintain a written electronic security policy.  In harmony with the IRS direction, my office uses a quality internet security software suite that provides a firewall, anti-virus protection, and malware protection.  To maintain security at a high level, our router and switch were recently upgraded.  High risk and threatening websites are blocked, so employees cannot access places they should not be going.   Employees are well trained on the “No-Click Policy”.  This policy reduces risk by not allowing the clicking on links and attachments in emails.  All clients are required to submit tax information by physical delivery, fax, or by upload to their client portal.  Next, what kind of backup systems are used?  In the event of disaster, theft, or data loss, will the office be able to restore my data?  We keep multiple on and off site secure backups.  One last necessary action is complete hard drive encryption.  All computers used to access client information must use hard drive encryption.  Without hard drive encryption a desktop or laptop computer is vulnerable if physically stolen.  Computers that have hard drive encryption require a password even before the operating system, such as Windows 10, starts.

Warning: No system is 100% safe from a data breach.  We do take all the precautions possible to protect and maintain client data in the best and most secure environment that we possibly can.

For the security and safety of your data, it is vital that you check with your accountant on the steps they take to protect and secure client data.  Click here for my podcast.

Privacy and Business Continuity

Posted by presspass on
Privacy and Business Continuity

Join me Aug 27/20, as I talk to Privacy expert Constantine Karbaliotis and how it relates to Business Continuity. With so many people working from home due to the Covid-19 pandemic, privacy concerns have become a major issue for organizations.

Don’t miss it!


How to Keep Your Information Private Online: The Importance of Internet Privacy

Posted by presspass on
How to Keep Your Information Private Online: The Importance of Internet Privacy

It’s becoming harder and harder to keep your private information safe and secure online with technology today. Common concerns including identity theft, hacking, and surveillance are what’s causing more and more people to take their online presence and security seriously. A study by Javelin Strategy revealed that approximately 17 million Americans have been impacted by identity theft. Many people don’t know that there are simple and easy ways to ensure their privacy and security online.

What is Internet or Online Privacy? 

Internet privacy, or online privacy, is a basic human right that protects you and your personal information from being stored or used by a third party. Without internet security, your information can be used, tracked, and shared with others websites and people.

What are Tracking Cookies? 

Tracking cookies are text files dropped on a browser that record movements including purchases, preferences, search history, and more . This is a common way that websites and advertisements track your online movements. Have you ever searched for something online and then 30 minutes saw an ad for it while you were scrolling social media? That’s due to tracking cookies.

These cookies are designed to help tailor your experience online and help you find information and products you’re looking for. However, some people see this as an invasion of privacy, but cookies cannot be used without your consent.

Does Social Media Track Your Browsing History? 

Social media apps including Facebook often track your browsing history and can sell the data to advertisers and other third party users. A lot of these features can be limited or turned off through the application or social media website.

Why is Internet Privacy Important? 

Internet and online privacy are a basic human right that everyone should be entitled to. If we didn’t have laws or restrictions around internet privacy then everything including your credit card information, medical history, and bank accounts would be available for everyone to see.

Internet privacy and security are crucial to preventing your information from being public and there are a lot of ways to ensure you stay safe online.

How to Protect Yourself Online:

Delete Your Browser Cookies

When you visit websites you’ll notice a text box at the bottom of the page for you to consent and allow tracking cookies on the page. A great way to stay safe online is to delete these cookies regularly or program your browser to delete them when you close out of the window. This will help keep you and your information safe and secure online.

Use Different Passwords for Login Credentials 

Many people today use the same or similar passwords for their login credentials for many different sites. You should always use different passwords with a strong mix of uppercase and lowercase letters, numbers, and special characters for each of your passwords.

Install an Anti-Virus Program and Enable a Firewall 

A great way to prevent your information by being stolen through harmful websites and scams is by installing an anti-virus program on your computer or device. This will help to ensure that your personal information is protected and can’t be targeted. Many devices also come with a built in firewall into the operating system. Ensure that it is enabled to help keep your computer secure.

Pay Attention to Terms & Conditions 

Many people skim over the “Terms & Conditions” of specific products and software, but there are often details in the fine print that we miss. For example, WhatsApp is a secure messaging platform that ensures that they don’t share information or data, but in the fine print it mentions that they share data with their parent company Facebook.

Adjust Your Social Media Settings

Many social media sites can track and use your browsing history, but many offer features in their security or privacy settings to limit ad targeting and provide a more secure experience. Explore your privacy and security features on your social media apps to ensure you’re secure.

Log Out of Websites 

A simple, yet effective way to remain secure online is by logging out of websites after you’re done using them. By staying logged in, you expose yourself and your personal information becomes vulnerable to hackers.

Update Your Software 

We often ignore software updates or press “Update Later” when we see an update on our computer, but we highly recommend keeping all applications and software up to date. Out of date applications can be highly vulnerable to hackers seeking your personal information.

Avoid Phishing Emails 

Phishing is a scam created by hackers that imitate emails from professional companies to steal your personal information. These emails are made to look very similar, if not exactly like a specific company’s email. Some common ways to identify a phishing scam is if the email is claiming there’s something wrong with a product payment, asking you to confirm personal information from a site, or by offering free coupons.

Use Secure Messaging Services 

The Shazzle platform offers a peer to peer network with end to end encryption to help you communicate quickly and securely. The Shazzle suite of products includes ShazzleChat, ShazzleMail, and ShazzlePay. ShazzleChat is a great way to send and keep your text communications secure while ShazzleMail is a great option to share large files securely. Finally, ShazzlePay is a secure digital wallet for all of your credit and debit cards.

Share Files Securely

Another easy way to ensure privacy and security online is by password protecting files before you send them. ShazzleChat offers a secure peer to peer (P2P) network to safely and securely send large and important files.

While it may seem like internet privacy and security is going away, many new companies and technologies are appearing to help users ensure their online presence is safe and secure. There are many ways to keep yourself safe online and minimize your risk and exposure.

All of us here at Shazzle believe that privacy is one of the most basic human rights and your online presence should always be secure. Our suite of products for text, email, and pay can help you ensure your security when you’re online. To learn more about ShazzleChat visit: https://play.google.com/store/apps/details?id=com.shazzle.nativechat

National Security and Personal Privacy – Both Are Possible

Posted by Editor on
National Security and Personal Privacy – Both Are Possible

pexels-photo-867345.jpegWith the data the U.S. government has, it could write detailed biographies on nearly every resident. 

While it’s true the U.S. government requires access to information to keep our nation safe, it need not be at the expense of personal privacy. Unfortunately, in the case of the National Security Administration’s (NSA’s) leaked Ragtime files, personal privacy appears to have taken a back seat. Was this data truly collected “incidentally” as claimed by the NSA?

The Ragtime program collects the contents of communications, such as emails, online exchanges and text messages, of foreign nationals under the authority of several U.S. surveillance laws. Until recently, there were four known variants of the program. These variants were originally revealed by the leaks of whistleblower Edward Snowden:

  • Ragtime-A, involving the U.S.-based collection of foreign-to-foreign counterterrorism data
  • Ragtime-B, collecting foreign government data that travels through the U.S.
  • Ragtime-C, focusing on the nuclear counterproliferation effort
  • Ragtime-P, standing for Patriot Act and authorizing the collection of bulk metadata on calls and emails sent over the networks of telecom providers

However, recently released information indicates the amount of data collected may be larger than previously thought. There now appears to be 11 total variants. One is called “Ragtime-USP,” which may stand for “U.S. person” and target Americans.

These findings resurface an age-old question:

Where should we draw the line between personal privacy and national security?

Of course, the government needs to use all applicable and appropriate data possible to help military efforts and keep our nation safe. At the same time, the government must strongly secure data and protect individual privacy. Unfortunately, to date, its practices have leaned toward sacrificing data security and personal privacy in the name of national security. It does not have to be this way; the government CAN get insights from data without sacrificing national security when the guidelines below are followed.

These same principles also apply to the private sector.

Limit data-gathering programs to their stated purposes. When the NSA gathers communications from foreign nationals, the data inherently includes information on individuals the foreign nationals communicate with – including U.S. citizens. The stated purpose of the Ragtime program is to capture the communications of foreign nationals. However, the reality is that individuals who are brought into a conversation by others are subject to having their communications collected, monitored and analyzed. If the NSA can continue to claim, without opposition, that this breach (by design) of the program’s stated purpose is a byproduct of keeping the U.S. safe, it will take no actions to re-engineer systems and processes.

Private sector businesses should keep the data of those within arm’s reach of their clients in mind as they craft their own data security and privacy policies. Gather only the data of those with whom you have a relationship, and discard the rest. If you don’t you could run afoul of the growing numbers of data protection laws and regulations that require you to obtain explicit consent prior to collecting personal information from individuals.

Hold agencies accountable. Government agencies should be held to the same security and privacy standards as the private sector and, importantly, be accountable for following those standards. Only entities that have a proven record of implementing and maintaining strong security and privacy controls should be allowed to hold such gigantic repositories of sensitive and privacy-impacting data. So far, the NSA has not demonstrated accountability for the data it has collected. And lawmakers show little desire to implement security and privacy controls that may get in their way of reaching as much data as possible in the name of national security.

Regulators hold your agencies accountable; those of us in the private sector must insist on the same from them.

Private sector businesses also need to be responsible and accountable for implementing and maintaining strong and effective information security and privacy controls. They should also know and be in compliance with applicable data protection laws, regulations and other legal requirements.

Examine data retention policies. Another issue that has not been addressed through these surveillance programs is data retention. The programs suck up all the data possible and then keep it forever. The amount of data the NSA has on U.S. residents could be used to create detailed biographies of nearly every person in the U.S. This is a dangerous position for an organization without the proper security measures in place. Unfortunately, hundreds of millions of personal data records have been compromised in recent years due to vulnerabilities at the NSA and its associated vendors.

Private sector businesses with similar stores of data must perform regular information security and privacy assessments (SIMBUS360 can help!) to ensure they are doing everything they can to protect clients and customers.

Implement strong security controls and privacy protections. The NSA has not demonstrated these capabilities to date. Furthermore, the majority of government lawmakers have long enabled the NSA’s lack of security and privacy controls. An objective, validated and non-partisan entity with ongoing audit oversight would be best to provide the security protections required.

Similarly, businesses and other organizations should consider working with neutral third parties to affirm they are following all required compliance statutes, as well as thinking through how their evolving technologies, systems and business models may be opening their firms up to new threats. Certainly, such organizations can do their own ongoing assessments internally, but bringing in objective third parties to do assessments every now and then (at least once every year or two, and when significant operational changes occur) allows for a different perspective. Objective eyes often find things missed by those in the environment each day.

Indeed, when it comes to personal privacy and national security, we need to change it from an “either/or” conversation to an “and” conversation. While the NSA and your average law firm, accounting practice or health care provider may not have the same objectives, they do have much in common. Today’s growth-minded businesses understand data is a powerful currency, and will only increase in value as time goes on. As they are collecting, analyzing, storing and sharing data, there must be just as much strategy applied to protecting data.

Peter Weitz Welcomes Steptoe & Johnson LLP Privacy & Cybersecurity Team

Posted by Editor on
Peter Weitz Welcomes Steptoe & Johnson LLP Privacy & Cybersecurity Team


Steptoe & Johnson LLP’s Privacy and Cybersecurity team will join Peter Weitz, host of In Black and Weitz “Data Breaches – How to Protect Against Them“ on the Voice America Business Channel.  Steptoe partners Stewart Baker, Michael Vatis, and Jason Weinstein, all of whom previously held significant positions in the US government relating to privacy and cybersecurity, will discuss the impact of data breaches on a company, how to prevent them, and how to respond should one occur, including a company’s obligations to notify its customers and clients. The lawyers will also discuss cybercrime, electronic data, and other related topics.

Mr. Baker served as the first assistant secretary for the policy at the Department of Homeland Security where he set cybersecurity policy, including inward investment reviews focused on network security. He is the author of “Skating on Stilts –Why We Aren’t Stopping Tomorrow’s Terrorism,” a book on the security challenges posed by technology, and a blog of the same name. Mr. Baker also served as general counsel of the National Security Agency.

Mr. Vatis was the founding director of the National Infrastructure Protection Center at the FBI, the government’s first organization dedicated to detecting and investigating cyberattacks. He also served as associate deputy attorney general in the Department of Justice and special counsel at the Department of Defense, and was the first director of the Institute for Security Technology Studies at Dartmouth and the founding chairman of the Institute for Information Infrastructure Protection (I3P).

Mr. Weinstein is a former deputy assistant attorney general of the US Department of Justice (DOJ) who supervised the Computer Crime and Intellectual Property Section. In this position, he oversaw the most significant cybercrime, data breach, intellectual property theft, and transnational organized crime investigations in the country. He also regularly briefed government officials and members of Congress on cybercrime and intellectual property issues and testified on a number of occasions before Senate and House committees on cybercrime, cybersecurity, privacy and data protection, and intellectual property enforcement. Mr. Weinstein helped lead the DOJ’s efforts to draft cybersecurity and data privacy legislation.

The three lawyers are authors of the Steptoe Cyberblog, which touches on topics including cybersecurity, cyberwar, data breach, privacy regulation, and security programs and policies. Featuring the authors sometimes contrasting insights, the Steptoe Cyberblog serves up opinionated and provocative thoughts on the issues – especially cybersecurity and privacy – that arise at the intersection of law, information technology, and security. The lawyers also host a weekly Cyberlaw Podcast that features top experts in the field.

During the show, the Steptoe lawyers will discuss the recently launched Data Breach Toolkit, a soup-to-nuts resource that provides companies with critical information and guidance to protect themselves before and after a data breach. The toolkit – which is a free resource but does not provide legal advice regarding breaches – was created by Steptoe to help companies minimize the chances of a breach, evaluate their level of preparation for a breach, and respond quickly and effectively to any breach that does occur despite the best preparation. The toolkit includes a useful outline of US federal and state breach notification laws.


About Steptoe

Steptoe & Johnson LLP is an international law firm widely recognized for vigorous advocacy in complex litigation and arbitration, successful representation of clients before governmental agencies, and creative and practical advice in guiding business transactions. The firm has more than 500 lawyers and other professionals in Beijing, Brussels, Century City, Chicago, London, Los Angeles, New York, Palo Alto, Phoenix and Washington.


About Peter Weitz

Peter is a Senior Vice President and equity partner of Fusion Analytics Investment Partners. He joined the industry over ten years ago after spending 13 years in real estate development in Washington, DC. After several years working for a large retail wire house, he became uncomfortable with the inherit conflicts of major brokerage institutions and joined Fusion Analytics in 2009 opening its South Florida office. A dual graduate of George Washington University, Peter holds both an undergraduate degree in business and a Master’s Degree in Finance. His primary areas of practice include: corporate 401(K) and defined benefit plans, retirement planning and wealth retention. He has published several articles and spoken on numerous panels regarding ERISA regulations as they pertain to defined contribution and benefit plans and has been a recognized as a top performer in the 401(K) market place.

Enjoy this blog? Please spread the word :)

Follow by Email