Your employee opens an email attachment or clicks on a link. It sounds inconsequential, but the next thing you know, you and your employees are locked out of your company’s computers and network. You may receive an intimidating message demanding a ransom and threatening that if you do not pay up in a day or two, all your data will be deleted or your company’s sensitive data will be published online. This type of cyberattack is known as ‘ransomware’ and is one of the most significant cyber risks that can jeopardize you and your business.

Earlier this month, a malicious ransomware attack forced the largest pipeline operator on the East Coast to temporarily shut down all operations. The attack led to price spikes and gasoline shortages across a large expanse of the United States. The pipeline operator ended up paying the hackers $4.4 million to regain control of their system. Such a high-profile case has publicized the problem of cybersecurity and ransomware to the public. Worse still is that large companies are not the only targets of cyberattacks.

Across the country, we have seen a dramatic increase in cyberattacks as organizations have shifted to remote work during the pandemic. According to Homeland Security Secretary Alejandro Mayorkas, the rate of ransomware attacks increased by 300% in 2020, and about three-quarters of victims were small businesses, who paid a total of over $350 million in ransoms during the year. Sadly, the attacks are becoming more brazen and costly as the pandemic drags into 2021.

So, what exactly is ransomware?

Ransomware is a computer program that is a form of malware. There are many variants, but ransomware is typically activated when someone clicks a link in a phishing email, or hackers find a weakness in your company’s computer system. Once the hacker is in, they encrypt and lock your business’s files, then demand a ransom for the key to decrypt and unlock them. More recently, hackers have begun downloading a business’s sensitive data, threatening to publish it online if a ransom is not paid.

Small businesses are frequent targets because they often lack the security or training to prevent a cyberattack. With the threat of ransomware and other cyberattacks becoming more common, what actions can you take to protect yourself and your business?  Here are some steps that all organizations should consider as the frequency and sophistication of cyberattacks become more alarming:

Cyberattack Response Plan: Make sure your company has a cyberattack response plan so that in the event of an attack, you know what you need to do and who you need to contact. Cyberattacks always happen when you least expect them. When they happen, you will need to make decisions very quickly. The complexity of the plan will depend on the size of your company, but remember, hackers do not care how big or small you are. They give the same timeframes to a sole proprietor as they do a Fortune 500 company, and your response will have to be immediate.

Train Employees: Human error is the main cause of a business’s data being compromised. Train your employees to identify phishing emails and regularly educate them on the dangers of clicking unknown links. More than merely training, consider conducting drills to help employees identify and prevent a phishing attack. This can include sending fake phishing emails to your own employees to familiarize them with identifying dubious links or suspicious attachments.

Good Cyber Hygiene: Along with employee training, be sure to practice other good cyber hygiene habits. Regularly backing-up your data will leave your company less vulnerable. Making sure your systems and software are up-to-date is another simple yet effective tool to help prevent a cyberattack. The Federal Trade Commission has a useful website where you can learn more strategies for protecting your business from cyberattacks: https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity

Cyber Insurance: Determine if your company has a cyber insurance policy and be sure to review it. If your business does not have one, you may consider getting one, but be sure that ransom is covered and that the level of coverage reflects the current reality.

Remember that the cost of ransomware goes beyond just the ransom. Downtime during the attack means a loss of revenue and sales. Moreover, even if a ransom is paid, there is no guarantee you will get your computer or data back. Protecting your business from ransomware and other cyberattacks requires a multi-faceted approach. With good preparation and cybersecurity hygiene, your company can reduce risk in an increasingly dangerous digital world.

After trekking steadily upwards, the equity markets in the U.S. and around the world have hit some turbulence. While the larger indices like the S&P 500 and the Dow are only a couple of percentage points off their highs, some notable high-flyers have been taken out to the woodshed. Other “stay-at-home” darlings like Zoom, Peloton, Teladoc and others have been cut in half. The uber-famous Ark Invest Innovation ETF (ticker: ARKK), managed by its new star fund-manager, Kathy Wood, was up 358% off the lows back in March of 2020, and  has now dropped about 35% off its highs. This pales in comparison to the complete mania experienced by crypto currencies. Doge Coin, which is up thousands of percentage points for the year, has experienced 30-40% swings on a daily basis.

So why have many investors, or shall we call them speculators, embraced these wild investing themes? The answer is simple. People want to get rich quick. There are plenty of newly minted crypto millionaires out there making Tik Tok videos, and they make Warren Buffet’s recent investments look lame.

But will they hold onto their millions? That remains to be seen. Historically, most who chase quick riches tend to crash and burn. Getting rich slowly, while perhaps less exciting, is definitely a smarter goal. There are a couple of ways to get there. One standard method lies in real estate, an asset class that consistently produced millionaires. But investing in real estate requires time, the ability to research and more importantly, the skill to manage your assets.

There is yet another way – perhaps an even more subdued method – to make those millions: By establishing yourself as a 401k millionaire. According to Fidelity Investments, their account roster currently includes 233,000 people holding 401k’s with an account balance of $1 million or more. Fidelity also has an additional 208,000 IRA accounts assessed at the same value. Although this is only 1.6% of the $27.2 million retirement accounts they manage, it’s way up from the 21,000 retirement plans, valued in the millions, that were managed in 2009.

So, what will it take for you to become a 401k millionaire?

For 2021, the contribution limit for employees is $19,500. Imagine being able to max out on this amount each year (the contribution limit tends to go up over time, but let’s stick to this sum for illustrative purposes). Assuming you want to retire at age 65, here is the investment return you will need to earn in order to reach your goal:

You don’t need to be a rocket scientist to see that the earlier you start, the better your chances are of reaching the million dollar mark. As the famous investing adage goes, “It’s not timing the market, rather time in the market.”

To drive this compounding point home, let’s work the other way: If you max out your 401k’s $19,500 and earn an average 8% return, here is the amount you would have at age 65, at various starting ages.

Though it may be hard to save and invest such a large sum each year, hitching your wagon to the newest crypto fad or meme stock and praying for it to go up as you keep on refreshing your browser window may not help you make it to the finish line. A balanced and fixed investment plan will do more to help you achieve the wealth and security you want.

Reach out to [email protected] to ensure that your investment accounts are aligned with your financial goals and risk tolerance.

In recent years, the accounting rules for certain balance sheet items have transitioned from historical cost to “fair value.” Examples of assets that may currently be reported at fair value are asset retirement obligations, derivatives and intangible assets acquired in a business combination. Though fair value may better align your company’s financial statements with today’s market values, estimating fair value may require subjective judgment.

GAAP definition

Under U.S. Generally Accepted Accounting Principles (GAAP), fair value is “the price that would be received to sell an asset in an orderly transaction between market participants at the measurement date.” Accounting Standards Codification Topic 820, Fair Value Measurements and Disclosures, explains how companies should estimate the fair value of assets and liabilities by using available, quantifiable market-based data.

Topic 820 provides the following three-tier valuation hierarchy for valuation inputs:

1. Quoted prices in active markets for identical assets or liabilities,
2. Information based on publicly quoted prices, including older prices from inactive markets and prices of comparable stocks, and
3. Nonpublic information and management’s estimates.

Fair value measurements, especially those based on the third level of inputs, may involve a high degree of subjectivity, making them susceptible to misstatement. Therefore, these estimates usually require more auditor focus.

Auditing estimates

Auditing standards generally require auditors to select one or a combination of the following approaches to substantively test fair value measurements:

Test management’s process. Auditors evaluate the reasonableness and consistency of management’s assumptions, as well as test whether the underlying data is complete, accurate and relevant.

Develop an independent estimate. Using management’s assumptions (or alternate assumptions), auditors come up with an estimate to compare to what’s reported on the internally prepared financial statements.

Review subsequent events or transactions. The reasonableness of fair value estimates can be gauged by looking at events or transactions that happen after the balance sheet date but before the date of the auditor’s report.

Outside input

Measuring fair value is outside the comfort zone of most in-house accounting personnel. Fortunately, an outside valuation expert can provide objective, market-based evidence to support the fair value of assets and liabilities. Contact us for more information.

One benefit of the current federal gift and estate tax exemption amount ($11.7 million in 2021) is that it allows most people to focus their estate planning efforts on asset protection and other wealth preservation strategies, rather than tax minimization. (Although, be aware that President Biden has indicated that he’d like to roll back the exemption to $3.5 million for estate taxes. He proposes to exempt $1 million for the gift tax and impose a top estate tax rate of 45%. Of course, any proposals would have to be passed in Congress.)

If you’re currently more concerned about personal liability, you might consider an asset protection trust to shield your hard-earned wealth against frivolous creditors’ claims and lawsuits. Foreign asset protection trusts offer the greatest protection, although they can be complex and expensive. Another option is to establish a domestic asset protection trust (DAPT).

DAPT vs. hybrid DAPT

The benefit of a standard DAPT is that it offers creditor protection even if you’re a beneficiary of the trust. But there’s also some risk involved: Although many experts believe they’ll hold up in court, DAPTs haven’t been the subject of a great deal of litigation, so there’s some uncertainty over their ability to repel creditors’ claims.

A “hybrid” DAPT offers the best of both worlds. Initially, you’re not named as a beneficiary of the trust, which virtually eliminates the risk described above. But if you need access to the funds in the future, the trustee or trust protector can add you as a beneficiary, converting the trust into a DAPT.

Before you consider a hybrid DAPT, determine whether you need such a trust at all. The most effective asset protection strategy is to place assets beyond the grasp of creditors by transferring them to your spouse, children or other family members, either outright or in a trust, without retaining any control. If the transfer isn’t designed to defraud known creditors, your creditors won’t be able to reach the assets. And even though you’ve given up control, you’ll have indirect access to the assets through your spouse or children (provided your relationship with them remains strong).

If, however, you want to retain access to the assets later in life, without relying on your spouse or children, a DAPT may be the answer.

Setting up a hybrid DAPT

A hybrid DAPT is initially created as a third-party trust — that is, it benefits your spouse and children or other family members, but not you. Because you’re not named as a beneficiary, the trust isn’t a self-settled trust, so it avoids the uncertainty associated with regular DAPTs.

There’s little doubt that a properly structured third-party trust avoids creditors’ claims. If, however, you need access to the trust assets in the future, the trustee or trust protector has the authority to add additional beneficiaries, including you. If that happens, the hybrid account is converted into a regular DAPT subject to the previously discussed risks.

If you have additional questions regarding a DAPT, a hybrid DAPT or other asset protection strategies, please don’t hesitate to contact us.

Even after your 2020 tax return has been successfully filed with the IRS, you may still have some questions about the return. Here are brief answers to three questions that we’re frequently asked at this time of year.

Are you wondering when you will receive your refund?

The IRS has an online tool that can tell you the status of your refund. Go to irs.gov and click on “Get Your Refund Status.” You’ll need your Social Security number, filing status and the exact refund amount.

Which tax records can you throw away now?

At a minimum, keep tax records related to your return for as long as the IRS can audit your return or assess additional taxes. In general, the statute of limitations is three years after you file your return. So you can generally get rid of most records related to tax returns for 2017 and earlier years. (If you filed an extension for your 2017 return, hold on to your records until at least three years from when you filed the extended return.)

However, the statute of limitations extends to six years for taxpayers who understate their gross income by more than 25%.

You should hang on to certain tax-related records longer. For example, keep the actual tax returns indefinitely, so you can prove to the IRS that you filed legitimate returns. (There’s no statute of limitations for an audit if you didn’t file a return or you filed a fraudulent one.)

When it comes to retirement accounts, keep records associated with them until you’ve depleted the account and reported the last withdrawal on your tax return, plus three (or six) years. And retain records related to real estate or investments for as long as you own the asset, plus at least three years after you sell it and report the sale on your tax return. (You can keep these records for six years if you want to be extra safe.)

If you overlooked claiming a tax break, can you still collect a refund for it?

In general, you can file an amended tax return and claim a refund within three years after the date you filed your original return or within two years of the date you paid the tax, whichever is later.

However, there are a few opportunities when you have longer to file an amended return. For example, the statute of limitations for bad debts is longer than the usual three-year time limit for most items on your tax return. In general, you can amend your tax return to claim a bad debt for seven years from the due date of the tax return for the year that the debt became worthless.

Year-round tax help

Contact us if you have questions about retaining tax records, receiving your refund or filing an amended return. We’re not just here at tax filing time. We’re available all year long.