The Journal Summer 2014
Debunking Nine Myths about Email Encryption
[author-style]By Sumit Pal. CGEIT, CISA, CRISC, Principal[/author-style]
Despite the increased use of text messaging, unified voice-and-text communications and social media apps, email remains the number one channel used to share sensitive business information. Therefore, enabling email encryption should be a no-brainer, especially since reports of data breaches (ranging from stolen credit card information to personal health records) are on the rise.
While every organization faces the threat of a security breach, there are still misconceptions and myths that prevent many from deploying encryption. This article will debunk some common myths, set the record straight about email encryption and explain simple ways to keep sensitive data protected.
ONE: Any Email Encryption Will Keep It Secure
Not all email encryption solutions are created equal. For example, Yahoo offers https for Yahoo users, which encrypts mail as it travels between the user’s web browser and Yahoo servers. While this helps keep Yahoo users secure, any email sent outside the Yahoo ecosystem to email platforms such as Outlook, Office 365, Hotmail and Google is not encrypted. For any business that needs to maintain or comply with federal regulations that protect personal privacy, there’s still a need for heavy-duty email encryption options, such as Google Apps Email Encryption.
TWO: Laws Prevent Unauthorized People from Intercepting Email
Federal and state legislation outlaws the theft of electronic communication. Other laws exist to protect personal property, but that doesn’t stop criminals from stealing. Much like laws don’t prevent theft, why would they prevent hackers from intercepting your email and stealing valuable data? Security solutions, like anti-spam and antivirus, have become foundational for email hygiene for your enterprise.
THREE: Email Encryption Is Too Complex to Be Practical
Historically, email encryption packages have required users to jump through hoops to encrypt and decrypt emails, and they have often been associated with slow, inefficient processes. To stay productive, employees avoided using email encryption and found other ways to communicate that can be more vulnerable. However, email encryption has evolved substantially in recent years. The more advanced email encryption systems allow employees to exchange encrypted emails the same way they would with conventional email so that workflow isn’t interrupted, and no extra steps or passwords are required for senders or recipients.
FOUR: Email Encryption Is Hard to Use on Mobile Devices
Mobile users spend more time using email on their devices than any other mobile activity. Distorted layouts and cumbersome extra steps would diminish the benefits of email encryption and force users to find workarounds. To address the increasing demands of mobile users, email encryption solutions have integrated seamless navigation from desktop to mobile device that takes advantage of the user’s environment and removes extra steps.
FIVE: Secure Read-Only Storage Is The Safest Way to Share Sensitive Info
Many companies have secure eRoom or SharePoint sites where documents can be shared in read-only mode with other employees, boards of directors, auditors and investors. While this approach can work, it doesn’t support a dialogue if there is a discussion occurring about any of the materials. Often discussions about sensitive information start in personal email, which may violate compliance and security policies.
SIX: Email Cannot Be Intercepted in Transit
Email messages can be stored on a number of public servers along the way to the recipient, so sensitive information can be intercepted and captured by anyone, anywhere, along the way. Organizations that must comply with regulatory requirements for data privacy have additional risks and penalties if messages are not secured. The best way to ensure that emails are private and their sensitive data is protected is to use encryption that meets regulatory standards.
SEVEN: Email Encryption Is Expensive and Complex to Deploy
Email encryption has evolved, and enterprises can access new-generation email encryption that is easy for senders, recipients and administrators. Email encryption through software-as-a-service (SaaS) architecture has simplified the process for specifying and deploying secure messaging solutions. New-generation email encryption can be easily integrated and deployed in hours, not days. For security managers, compliance managers and IT managers, many solutions also offer management consoles and dashboards to alleviate management headaches and improve processes.
EIGHT: Email Encryption Is Only for Firms with Compliance Requirements
If you have sensitive data, then you should always encrypt it, whether there’s a legal obligation or not. Even though your company may not incur legal penalties, there could still be serious business and public relations ramifications. Whatever encryption option you choose, make sure it meets necessary corporate and regulatory requirements and that it works well for your organization.
NINE: Confidentiality Notices Keep Email Private
Boilerplate notices do nothing to protect confidentiality of the email message content and attachments. Email is often misaddressed, and wrong receivers have no obligation to respect the notice. And there is no chance that hackers who intercept emails—whether they work for the National Security Agency or for a criminal organization—are going to respect a confidentiality notice. The surest way to protect the privacy of a message is to encrypt it.
A Tech Startup Checklist
[author-style]By Melissa Crowe, CPA[/author-style]
Over the last five years, the technology sector has enjoyed substantial growth. As tech companies open shop and begin to grow, there are several important items to keep in mind to ensure these startup technology companies have everything they need to succeed. Some important items to consider are listed below.
Proper entity selection is a critical first step in a tech company’s life cycle. It sets the stage for future financing and tax implications for founders and employees. Choosing between an LLC, C-Corp or S-Corp structure should be carefully considered with both short-/long-term goals in mind. Bringing your attorney and accountant into the fold early is extremely important to arriving at the correct selection.
Compensation in the form of stock options is common in the tech industry. A common mistake that companies make is failing to obtain a third-party valuation (or “409A valuations,” named after internal revenue code 409A) to substantiate the strike price used when issuing options to employees that will protect both the Company and the employees should the IRS review the option plan. Companies should update this valuation annually if they are actively issuing options.
Tech companies often turn to PEOs (Professional Employer Organizations) to streamline the payroll process. A PEO is a third-party payroll provider that, unlike typical payroll providers, pays your employees directly (under their Company name), then issues an invoice for the cost of the employees. PEOs provide bundled payroll and health insurance services at a rate that is typically more affordable than traditional payroll and insurance providers.
The services provided by tech companies have to be examined closely for sales tax and income tax exposures. Management needs to determine what states the company should be filing in and whether or not the company’s goods/services are subject to sales tax. Many of the revenue activities of tech companies give rise to complexities in sourcing revenue and should be addressed early in the business’ life cycle to prevent unfavorable tax repercussions in the future.
There are a number of federal, state and local tax credits that are specifically geared towards tech companies. Company founders should talk to their accountants about what credits are available within the states in which they are established. It is not uncommon for some of these credits to result in refunds even if there is no tax liability, which can certainly help with cash flow.
Budgets and forecasts are essential to the business plans of tech companies. Proper forecasts provide indicators for the right time to plan for additional venture or debt financing. Failure to properly plan for cash shortfalls can put companies in a stressed position and result in lower valuations from outside investors. A forecast format should be addressed early on and constantly reassessed to ensure that is it properly reflecting the state of the company.
Online accounting applications have proven to be invaluable resources to new companies as they are affordable solutions which provide 24/7 access to both management and service providers. Founders should consider using cloud-based solutions for their accounting software as centralized and easily accessible records are critical to staying organized in a quickly evolving company.
Basics of Establishing a Trust
[author-style]By Edward Mendlowitz, CPA, ABV, PSA, Partner [/author-style]
Definition of a trust
A trust is an entity established by a person called a grantor for the benefit of others called beneficiaries, that is controlled by a third person called a trustee. The beneficiaries can consist of one group that receives the current income, a fixed-dollar amount or percentage of assets, and another group who will receive the remaining trust principal at a later time. The income and principal beneficiaries can also be the same people. The beneficiaries can be people not living yet, such as children born after the trust is established. There is wide flexibility in determining who the beneficiaries are and the distribution terms, but once established, they cannot easily be changed, if at all.
Trustees and their powers
Trustees can be individuals, a bank or trust company. There can be one or multiple trustees. Trustees have very broad powers to not only control the distributions in amount and timing and sometimes to whom, but also how to invest the assets. All powers given to trustees are explained and detailed in the trust document.
How trusts are established
Trusts can either be established by someone that is living in a separate document (called inter vivos trusts) or through a will (called testamentary trusts). Trusts are formed under the laws of the jurisdiction where they are set up. Some states and countries are particularly useful in creating trusts for specific purposes. When establishing a trust it is necessary to use an attorney familiar with the different jurisdictions and purposes for that particular trust. Trusts set up in a will have no meaning or effect until the testator dies and the will is probated.
Revocable or living trusts
Trusts where the grantor can make changes for any reason are revocable and are sometimes referred to as living trusts. Transfers to a living trust are not subject to gift taxes and are disregarded for income and estate tax purposes. Living trusts become irrevocable upon death of the grantor and are occasionally used as substitute wills. To serve the purpose for which they are created, assets must be legally transferred to the trust.
Irrevocable trusts
Trusts that cannot be altered with an independent trustee where absolute title to the assets is transferred are irrevocable. Inter vivos transfers are subject to gift tax.
Grantor trusts
This is a type of trust that is irrevocable, but where the grantor has certain rights as defined in Internal Revenue Code (“IRC”) Sections 671 – 679. Because of these rights, the trust’s income is reported on the grantor’s individual income tax return, and the grantor pays the income tax instead of the trust or beneficiaries regardless of whether he receives any income or distributions. Sometimes grantor trusts are referred to as defective trusts because they violate the IRC §671-679 tax laws.
Trust taxation
Irrevocable trusts that are not grantor trusts are taxed on undistributed income at a trust tax rate schedule using Form 1041. Trusts get a deduction for distributions to beneficiaries who will report the income on their individual income tax returns. Filing requirements are based on the trust’s gross and taxable income. Living trusts and grantor trusts are not required to file tax returns so do not need to obtain taxpayer identification numbers – the grantor’s Social Security number is used, and the transactions are reported on the grantor’s individual income tax return.
Costs
Be aware that costs will be incurred in establishing, operating and maintaining a trust, and for government compliance and tax return filing.
New York State’s $9 Biennial Statement Filing
[author-style]By Anthony L’Altrelli, CPA,, Partner [/author-style]
WHAT IS A BIENNIAL STATEMENT?
When can $9 prevent entities from completing certain business transactions? By law, domestic and foreign business corporations and limited liability companies are required by Section 408 of the Business Corporation Law and Section 301(e) of the Limited Liability Company (“LLC”) Law, respectively, to file a Biennial Statement every two years with the New York Department of State. Any corporation or LLC that fails to file its Biennial Statement will be reflected as past due in the New York Department of State’s records, which may prevent the entity from completing certain business transactions. Not-for-profit organizations are not required to file Biennial Statements.
The Biennial Statement is mailed automatically at the beginning of the calendar month in which it is due, which is determined by the calendar month in which the original Certificate of Incorporation, Articles of Organization or Application for Authority was filed. A business corporation’s statement is mailed to the address of the principal executive office, and an LLC’s is mailed to the address for service of process. A copy can be obtained by contacting the Statement Unit of the New York Department of State’s Division of Corporations, by e-mail at [email protected] or by calling (518) 473-2492. The Biennial Statement will contain the entity’s Department of State Identification Number (DOS #). This number can also be found by doing a business entity search at:
https://www.dos.ny.gov/corps/bus_entity_search.html
FILING FEE AND INFORMATION
There is a $9 fee for filing the Biennial Statement for an entity which can be paid by check or debit/credit card. The Biennial Statement must set forth: (i) the name and business address of its chief executive officer and (ii) the street address of its principal executive office for business corporations and (iii) the address to which the New York Secretary of State shall forward copies of process accepted on behalf of the entity for both corporations and LLCs.
AMENDING BIENNIAL STATEMENT INFORMATION
If the name and address of a business corporation’s chief executive officer and/or the address of the corporation’s principal executive office need to be updated, a Biennial Statement Amendment can be filed. The form that is provided by the New York Department of State must be used. However, the corporation’s address for service of process may not be amended using this form – it can only be amended by filing a Certificate of Change or a Certificate of Amendment, which are available on the Division’s website.
NO LONGER IN BUSINESS, WHAT SHOULD I DO?
The New York Department of State will continue to send Biennial Statements until the business is dissolved or surrenders its authority to do business. In order to voluntarily dissolve, a domestic business must file a Certificate of Dissolution pursuant to Section 1003 of the Business Corporation Law. If the foreign entity is no longer doing business in New York State but remains active in its home state, it should file a Certificate of Surrender of Authority pursuant to Section 1310 of the Business Corporation Law or Section 806 of the Limited Liability Company Law. If the entity no longer exists in its home state, it should file a Certificate of Termination of Existence pursuant to Section 1311 of the Business Corporation Law or Section 807 of the Limited Liability Company Law. All of these forms are available on the New York Department of State’s website.
For more information on the Biennial Statement filing fee, please visit the State of New York’s website using at:
How Can We Help?