Ask Captain Codehead – Tax advice appropriate for an irrational world

Dear Captain Codehead,

I filed my 2020 tax return last June, and I still haven’t gotten my refund. I was counting on that money to expand my closet and buy some new shoes.  My friend Miranda suggested I try Where’s My Refund? at, but its response was, “Somewhere. Probably.” Then I tried calling the IRS: is eight days a long time to spend on hold? I even called one of my Senators’ offices, but the staff person there laughed, then cried, then sobbed uncontrollably, then laughed again, and then I heard sirens in the background, so I hung up.  What’s going on inside the IRS? Do you have any advice?

— Not Carrie Bradshaw

Dear NCB,

I feel your pain.  Not your foot pain: Captain Codehead typically wears an old pair of running shoes, or – when he’s feeling fancy – a pair of loafers he got during the Reagan administration.  Back to your point, an unusually high number of taxpayers have reported long delays in receiving their refunds over the past two years.  The delays have been especially noticeable for taxpayers like you with larger refunds.  The semi-good news is that IRS must pay taxpayers interest on refunds that are outstanding for more than 45 days. The bad news is that the interest rate they pay is similar to the rate of interest in Dave Matthews Band cover groups.

In terms of what’s going on inside the IRS, we discussed this question on a recent edition of my podcast, and my expert panel was evenly divided between several explanations: Covid-related staff shortages and turnover; insufficient budgetary funding from Congress; the replacement of IRS with an evil AI created by Russian hackers.  Take your pick.

In terms of whether I have any advice, yes: this is, after all, an advice column.  Ish.  In your particular case, I’d advise buying less expensive shoes.  But assuming that’s a non-starter, here are some other options.

IRS calling services.  There are organizations out there that pay their employees to stay on hold with the IRS so you don’t have to.  These services claim hold time reductions of up to 90%.  Pro: this is a real thing (also real: interest on late refunds and my old loafers; most of the other facts herein are, well, alternative). Con: it might make you feel better to speak to a real person/Russian AI, but it won’t actually get you your refund any faster.

PPP.  (Not that PPP.) Patience, persistence, and prayer.  Have you considered that your delayed refund is the universe’s way of encouraging you to reevaluate your priorities?  Taxpayers have reported getting relief from a wide variety of metaphysical practices.  For example, many CPA firms maintain a shrine to St. Matthew, the patron saint of tax collectors and accountants.  Some firms even burn draft copies of tax returns to Matthew, though IMHO, this practice is mostly about not having to pay for a paper shredding service.  Captain Codehead recommends a more spiritual approach, which he attributes to the late Thich Nhat Hanh.  Sit in a darkened cubicle, close your eyes. Inhale slowly while thinking, “Breathing in, I exclude my income.”  Exhale, thinking, “Breathing out, I deduct.” Repeat until you get your refund – or enlightenment.  Pro: lower blood pressure.  Con: there’s no peer-reviewed research that associates faster refunds with prayer, meditation, or burnt offerings.  Also, some midwestern CPAs have reported setting their toupees on fire (there’s always a silver lining, no?).

Direct public action.  Sometimes, you just have to take to the streets for your voice to be heard.  To that end, Captain Codehead is calling for a Day of Taxpayer Solidarity.  Activities will include a mass sage burning (demon possession of IRS management being another popular explanation for slow refunds) and a march on the IRS national headquarters.  Join us on May 1 (which gives Captain C time to finish filing his clients’ 1040s, do his billing, and enjoy a short vacation).  If you’re unable to be there in person, I encourage you to support us on my Kickstarter page.  Pro: at the $50 level, you get a very nice t-shirt.  Con: Day of Taxpayer Solidarity speeches.  Zzzzz.

Finally, NCB, I want to remind you that while you can’t always control what happens at the IRS, you can control how you look at it, so let’s practice some reframing.  On a human timeframe, that refund is taking a long time.  But on a geological timeframe, it’s so very much shorter than the Jurassic era.  Put another way, the arc of the taxpayer universe is long, but it bends toward refund.  Enjoy your shoes!

By Greg Yoder


Cryptocurrencies Issues for Exempt Organizations

More and more charities are accepting cryptocurrency as donations. Before an organization decides whether or not to accept cryptocurrency, it should understand some of the related issues.

Gift acceptance

Gift acceptance policies for charities are a best practice for determining what type of donations will be accepted.  An organization needs a policy that specifies who will approve a cryptocurrency donation, what cryptocurrencies will be accepted, and whether currency will be sold immediately or held in the hope of appreciating.  As with stock donations, there is no tax effect to the exempt organization for an increase in value, but there is the added volatility to consider.

Before a charity can accept a crypocurrency donation, it must determine whether to control the cryptocurrency internally or utilize a payment processor, which may make sense for the added expertise and security. Some well-known processors include Engiven, the Giving Block and  These processors can also assist with tax issues.

Tax issues

Cryptocurrency is considered a capital asset for income tax purposes.  A donor can avoid capital gains tax on appreciated cryptocurrency by donating it to a charity.  The donation would also be deductible as an itemized deduction.  If the gift is over $5000, the nonprofit must also sign the Noncash Charitable Contributions form (Form 8283) acknowledging the receipt of property, as well as have the cryptocurrency donation appraised by a “qualified appraiser.”  There are firms that offer crypto appraisal services. This differs from donations of publicly traded stock, which do not require an appraisal.

If the charity sells the donated cryptocurrency within three years of donation, the charity must provide the Donee Information Return form- also known as Form 8282 to the IRS (and a copy to the donor) within 125 days of sale. Also, as with any other donation, if the value of the cryptocurrency donation was over $250, the organization must provide a donor acknowledgement letter.

Financial statement/audit issues

Under generally accepting accounting principles (GAAP), cryptocurrency is treated as an intangible asset, rather than cash, investments, or inventory.  The gift of the cryptocurrency donation would be recorded at fair value at the time of donation, but if the cryptocurrency is held for a longer period, you would not adjust the value of the crypocurrency for market fluctuations.  You would, however, need to test for impairment each year.

We are staying abreast of the current developments with respect to both the IRS and with GAAP. If you have any questions, feel free to reach out to a member of our team.

By Keith Jennings

Gifting Strategies for 2022

Gifting is always a nice gesture. However, as with most transfers of assets, there may be tax implications. Most gifts that exceed the annual gift tax exclusion of $16,000 per donee (2022) will create a federal gift tax return filing requirement. Two exceptions are payments of the recipient’s medical expenses or education tuition, both of which must be paid directly to the provider or institution to qualify for the exclusion.

On top of the annual gift tax exclusion, each individual is allowed a lifetime exclusion provided by the Unified Tax Credit. For the 2022 tax year, this exclusion is $12,060,000. A gift in excess of $16,000 can be applied to this exclusion which means no taxes are due on the gifts as long as the total lifetime gift amounts don’t exceed the exclusion limit, on a cumulative basis.

There are a variety of gifting options, including giving investments, funding an irrevocable trust, contributing to a minor’s Roth IRAs, and funding 529 college plans, that provide more “bang for your buck” when it comes to taking advantage of the exclusions and exemptions. However, when the recipient sells the investments, he or she will generally use the donor’s cost basis to calculate capital gains or losses, effectively transferring capital gains tax obligations from the donor to the recipient.

Irrevocable trusts are useful for beneficiaries who are not yet capable of handling large sums of money, where there are concerns about shielding assets from creditors or where the amount and timing of each beneficiaries’ share is to be decided in the future. Such trusts allow the donor to spell out how the funds will ultimately be distributed. The drawback of such a trust is that once the assets are gifted, the donor cannot take back (revoke) the transfer nor retain control over many aspects of the trust operation.  Gifts contributed to irrevocable trusts are considered a “future interest,” which do not qualify for the annual gift tax exclusion. For the annual exclusion to apply to such gifts, the trust language must include a provision that allows the beneficiaries the right to withdraw the gift for a short period.

Consider contributions to a minor’s Roth IRA. Any adult can create a custodial account to contribute to on behalf of a beneficiary who is under the age of 18. The beneficiary must have employment compensation, babysitting and lawn mowing count, and contributions may be no more than the minor’s earnings, capped at $6,000 per year for 2022.

There are also gifts to help with future education expenses. 529 plans are savings plans intended for higher education expenses and are available in most states.  Gifts to these plans have special rules that allow the donor to “front load” the annual exclusion for five years, allowing more time for tax-free growth. Maryland, for example, offers two options: the College Investment Plans and the Prepaid College Trusts. A College Investment Plan uses contributions to fund a selection of investment options managed by T. Rowe Price. A Prepaid College Trust uses contributions to lock in future tuition prices at today’s prices with flexible tuition plans and payment options while being backed by a Maryland Legislative Guarantee. Distributions are tax-free when used for qualified education expenses. After The Tax Cuts and Jobs Act of 2017, funds from the College Investment Plans can also be used to pay for private primary and secondary school on top of higher education.

Although the 529 plan contributions are not deductible on the federal level, many states offer their own state income tax return benefits. Maryland offers a $2,500 deduction per beneficiary per year or $5,000 for married taxpayers filing jointly with a 10-year carryforward of excess contributions. To illustrate, if a single parent contributes $10,000 towards his or her child’s Maryland 529 plan by December 31, 2022, they may take a $2,500 deduction on their Maryland income tax return for 2022 and each subsequent year until 2026, assuming no subsequent contributions.

These are just some of the available gifting strategies. Please keep in mind that laws and limits may change and are often more complicated than explained in this short summary. If you have any questions or concerns, or if you would like more details before making decisions, Snyder Cohn is always available to help.


By Doris Truong


Is Your Short-Term Rental Activity Really a Rental Activity?

In today’s era, more and more families are using owner rented vacation homes, such as Airbnb, rather than staying in hotels or property managed condominiums.  As a result, we are seeing more and more people renting out their second home or vacation home on a short-term basis.  As remote work becomes more common, and people have more opportunities to travel and work from anywhere, the popularity of these types of short-term rentals may continue to rise. The good news is that short term rentals operating at a loss can potentially offer beneficial tax savings to their owners (due to depreciation and other expenses that can be allocated against rental income).

Is it a rental property or a personal residence?

When the personal use of a rental property does not exceed the greater of 14 days or 10% of total rental days, the property is considered a rental, and you may deduct your rental losses in excess of rental income.  If the property is a personal residence, any loss is limited.

Is the income or loss rental income (passive) or ordinary income (non-passive)?

If the property is a rental, by default rental income or loss is considered passive.  Generally, passive losses can only be used to offset other passive income in any given year.  Therefore, unless you have other passive income, any losses generated by the rental property have no tax benefit until you sell the property or generate passive income.

However, there is a case where you may be able to deduct those losses and treat them as non-passive.  Under the Internal Revenue Code, the income generated by leasing your property is not considered a rental activity for a taxable year if the average period of customer use for such a property is 7 days or less. The average use is typically estimated by totaling the number of days rented divided by the number of customers who leased the property for a continuous period of consecutive days.

As a result, if you are leasing your property on average for 7 days or less, it is not a rental activity after all.  This is significant because if the activity is not a rental then it might not be subject to the passive loss rules, which could mean the loss is deductible if you meet other criteria.

Are you a material participant (active) in the activity?

In order to deduct the loss, you must have at-risk basis to take the loss and materially participate in the activity.  In general, you typically have basis in real property to deduct a loss, but the material participation requirement may be a bigger hurdle.  A taxpayer is considered to have materially participated in the activity if they satisfy one of 7 tests.  The material participant tests are a complicated set of rules, but one test that is often used to satisfy the requirement says that you must be involved in the activity for more than 100 hours during the year and have no less activity than the participation of any other individual.  For example, if you spend an average of 2 hours a week managing the property all on your own to get it leased (providing property maintenance and cleaning the property), then you could be considered an active participant.  This is just one of 7 tests.

As an active participant the loss is now fully deductible, rather than only being deductible to the extent you have passive income.  Of course, this means that if you have non-passive income, you could also end up having to subject the income to self-employment taxes.

What if it is a personal residence?

Alternatively, if you are renting your personal residence, or space in your personal residence, for a period of 14 days or less, Internal Revenue Code Section 280A says you can do so without having to report the rental income.  Therefore, if the property is a personal residence and not a rental property as discussed above, there is still hope for beneficial tax treatment if the rental is very short term.

As you can imagine, the rules in this area are complicated, and most have exceptions (which are not detailed in full within the article). As a result, as is often the case with tax planning, there is not a “one size fits all” answer to every potential scenario.  If you believe you have a rental property that is not a personal residence, please contact us to discuss the various tax implications.

By Melinda Kloster


Small Business Retirement Plan Credits

The SECURE Act brought many new tax breaks to help small businesses. The Small Employer Pension Plan Tax Credit provides businesses a credit for the start-up costs of implementing a new retirement plan for their employees. The Small Employer Retirement Savings Auto Enrollment Credit is a new credit for businesses who include and maintain an automatic enrollment feature in their plans. As always, there are certain requirements you will need to meet to receive these credits.

Am I eligible to receive the credits?

For both credits, you must be considered an “eligible employer”. An eligible employer is one that had 100 or fewer employees who received at least $5,000 in compensation for the preceding year, had at least one employee participating in their plan, and in the three prior tax years the same employees were not participating in another plan sponsored by the employer. The plan must also be an eligible plan, which include a SEP, SIMPLE IRA or qualified plan (like a 401(k) plan.

How much can I receive from the credits?

For the 2020 tax year and onwards, you can take the Small Employer Pension Plan Tax Credit for the first three years of the plan’s existence. The amount of the credit depends on several factors. To start, the amount of the credit cannot exceed 50% of all qualifying costs to set up the plan. These qualifying costs include any expenses for setting up and administering the plan and any costs incurred to educate your employees on the plan.

Beginning in 2020 the minimum credit is $500 and for every eligible employee you will receive a $250 credit, up to $5,000. Eligible employees must also be “non-highly compensated employees.” These are employees who received less than $125,000 in salary and owned less than 5% of the company. For example, if you have 15 employees you will be eligible for a $3,750 credit (15*$250=$3,750). If you have more than 20 employees you will max out the credit at $5,000, if 50% of your qualifying start-up costs are greater than the credit.

For the Small Employer Retirement Savings Auto-Enrollment Credit you must be an “eligible employer” and have an “eligible plan” as explained above. The business will receive a $500 credit for three years if they maintain an automatic enrollment feature in the employer-sponsored plan.

If you were thinking of adding a retirement plan benefit to your business, these credits will help you with the costs of setting up and implementing this employee benefit.  If you implemented a plan during 2021, be sure to discuss how these credits apply to your business with your CPA.  Please reach out to Snyder Cohn if you have any questions.

By Dan Ashburn

Tax Issues When Selling Your Home

With mortgage rates near record lows and home prices soaring, you may be considering buying a new home and selling your existing home. Before you put your home up for sale, you should consider any tax implications to avoid any surprises. If you have owned the home for one year or less, the gain is taxed at your ordinary income tax rate. Otherwise, it is taxed at the more favorable capital gains tax rates. However, you may be able to exclude gain of up to $250,000 ($ 500,000 if filing as married filing jointly) if you meet the ownership and use tests discussed below.

  • Ownership Test
    To meet the ownership test, you must have owned your home for at least 2 years out of the last 5 years until the date of sale. For couples married filing jointly, only one spouse is required to own the home to meet the ownership test.
  • Use Test
    To meet the use test, you must meet the ownership test and have used the home as your primary residence for 2 years out of the previous 5 years. The 2 years do not have to be consecutive. As long as you’ve used it for 2 years (730 days) in the five year period as your primary residence you meet the use test. For couples married filing jointly, each spouse must have used the home as his/her primary residence for 2 years out of the previous 5 years.
  • Exclusion of gain
    As per IRC §121, you can exclude the gain (partially or all) from the sale of your home, if you meet both the ownership and use tests and avoid paying taxes on the gain to a certain amount. The maximum amount that can be excluded from your income is the first $250,000 of gain (or $500,000 if married couple filing jointly). Any gain in excess of the exclusion amount from the sale of your home is treated as a long term capital gain, given that you’ve owned the home for more than a year.

Other tax implications to worry about include tracking the cost basis of your home and realizing that a loss incurred from the sale of your home is not deductible as a loss on your income tax return. The cost basis of your home is the purchase price you paid, any closing costs on the purchase and sale, plus the cost of any improvements you made to the property. Maintaining thorough records of the improvements (invoices) and original purchase documents can help determine the accurate cost basis of the property. Additionally, if you used your primary residence for business purposes (home office or rental) there may be recapture of depreciation taken in prior years upon the sale.

If you are thinking of selling your home, you should speak with your CPA to determine if you are eligible for any gain exclusion and avoid any tax surprises.


By Darpan Patel

Pass-Through Entities – Maryland Tax Filing & Payment Deadlines Extended by Comptroller

New Maryland Form 511 – Pass-Through Entity Election Income Tax Return was released on Tuesday, June 29th. Tax preparers have been awaiting the release of this form, necessary due to Maryland legislation that was recently enacted allowing pass-through entities (partnerships and S-corporations) to elect to pay Maryland tax at the entity level and then claim the state tax deduction at the entity level. A few states have enacted similar entity level taxes in response to the federal $10,000 cap on itemized deductions for state and local taxes (“SALT”) for individual income tax purposes.

After releasing the form, the Comptroller of Maryland further extended the filing and payment deadlines for pass-through entity income tax returns from July 15, 2021 to September 15, 2021. Pass-through entities that file their 2020 income tax returns and pay any outstanding liabilities by September 15th will not be charged any late payment/filing interest or penalty.

The extension and waiver do not apply to interest or penalty charged on 2021 underpayment of estimated tax. However, pass-through entities that want to request a waiver of interest or penalty charged on underpayment of estimated tax, or late payment penalty and interest charged for returns filed after September 15th may submit their requests to PTEREQUEST @

Requests for an extension of time to file pass-through entity income tax returns beyond September 15th may be made using Form 510E. The extended filing due date would be November 15th for S corporations and October 15th for all other pass-through entities. However, the tax payment due date would remain September 15th.

Individual members of a pass-through entity whose returns cannot be filed until the pass-through entity files its return and issues the Schedules K-1 to members, may also request a waiver of interest or penalty by e-mailing their requests to PTEREQUEST @

While the implementation of the MD pass-through entity tax has been challenging to navigate, it brings significant benefits to MD businesses and their owners. Snyder Cohn can help you determine if there is a benefit from making this election to pay tax at the pass-through entity level. Contact us with any questions you have regarding your pass-through entity tax filings, including the new Form 511, the extended filing and payment deadline, and eligibility for the waiver of penalty and interest.

By Lorraine Sexton

What Plan Sponsors Need to Know about Fiduciary Responsibility

It is a common misconception among Plan Sponsors that contracting with their third party administrator to act as a trustee of the Plan abdicates their fiduciary responsibility to the Plan and allows them to take a backseat with respect to overseeing the day-to-day operations and transactions of the Plan. This is NOT TRUE! The Plan Sponsor is ultimately the party responsible for every aspect of the Plan’s operations and activity and it is the Plan Sponsor that would be liable for any penalties resulting from operational and compliance issues discovered and enforced by the DOL.

Who is a Plan Fiduciary and What are Their Responsibilities?

Anyone who exercises discretion or control over a plan or its assets is considered a Plan fiduciary. Plan fiduciaries can be one individual or a committee of individuals who have responsibility over the Plan and, in recent years, many more professionals who make investment-related recommendations to the Plan (i.e. investment advisors) are now considered to be fiduciaries of the Plan as well.

The following list outlines the many responsibilities of a Plan fiduciary:

  • Act prudently solely on behalf of the Plan and the Plan’s participants and their beneficiaries
  • Ensure the Plan Document is being followed
  • Ensure the Plan offers properly diversified Plan investments
  • Monitor the services and processes being provided by third party providers (i.e. custodian, recordkeeper, etc.)
  • Ensure the Plan pays only reasonable expenses
  • Keep participants updated appropriately with any significant Plan news or changes
  • Ensure the appropriate amount of bonding is in place for the Plan (required to have the lesser of 10% of the Plan’s assets at the beginning of the Plan year, or $500,000)
  • Offer education and training to employees about the Plan
  • Continue to keep current on changing laws and regulations impacting the Plan and its operations
  • Document your due diligence in these fiduciary responsibility areas (i.e. minutes)
  • File your Form 5500 timely with audited financial statements (if applicable)

Red Flags during DOL Audits and Enforcement of Audit Findings

Being selected for a DOL audit can have serious consequences for the Plan Sponsor. Plan Sponsors often think service providers will take the blame and suffer the consequences when compliance issues arise, but Plan Sponsors are ultimately responsible for Plan administration and operation and are thus open to suffering serious consequences if significant issues are found during an audit.

DOL audits primarily focus on the fiduciary issues discussed above, as well as reporting and disclosure requirements. These issues can mostly be found in the Form 5500 that Plans are required to file annually. Also, Plan participants or others tied to the Plan can file complaints against Plans, employers or service providers.

As mentioned above, the Form 5500 is a valuable resource for DOL investigators. Filing late or incomplete forms is likely to get investigators’ attention, but the DOL doesn’t stop there. Other major red flags the DOL looks for include:

  • Failure to file Form 5500
  • Failure to follow the Plan Document
  • Imprudent investments
  • Improper payment of expenses or compensation to fiduciaries
  • Prohibited transactions
  • Late remittances of contributions
  • Failure to maintain an ERISA bond

If compliance issues are found by the DOL, fines are levied accordingly. The failure to file a Form 5500 will cost a Plan Sponsor $1,100 for each day it is late with no maximum. Penalties for other compliance issues vary, but are significant.

How Can Plan Sponsors Avoid DOL Enforcement?

Given that Plan Sponsors are the ultimate fiduciary of the Plan, it is imperative that they act in the best interests of Plan participants and effectively carry out all of their fiduciary responsibilities. They must ensure the team of other fiduciaries and service providers are aware of the design laid out in the Plan Document and carry out the Plan in accordance with the Plan Document. There is no doubt that Plan Sponsors have many responsibilities to manage, but ensuring your Plan is in compliance should be a top priority. In certain cases, fines and other penalties can destroy not just the Plan, but the Company itself.

Snyder Cohn, PC provides audit services for employee benefit plans. Please contact us if you have any questions or need assistance in this area.

By Chris Crouthamel

Paycheck Protection Loan Forgiveness Application Timing

Many business owners and their advisors spent an exorbitant amount of time during 2020 applying for a Paycheck Protection Program (PPP) loan. The first wave of this program kept many of these businesses afloat during the pandemic. For those businesses, now is the time to jump over the next hurdle – forgiveness.

Simply put, if forgiveness is not sought or obtained, PPP loans must be repaid over a five-year term at one percent interest. The period of time to apply for forgiveness extends beyond the point at which the loan must start to be repaid, but in most cases, it is advantageous to seek forgiveness before the loan payments must begin. There may be important reasons to wait, for example, coordination of the wages used on the application versus wages to be applied to the Employee Retention Credit.

For those borrowers that have not yet applied for forgiveness for their first PPP loan, the timing is important to avoid the need to start making loan repayments. According to the latest guidance from the Small Business Administration (SBA), the borrower may apply any time on or before the maturity date of the loan. If the borrower does not want to start making payments, it must apply for the loan forgiveness within 10 months after the last day of the maximum covered period. The covered period window of time, for this purpose, begins on the day the loan is disbursed and ends on the date exactly 24 weeks later. As an example, if a borrower receives a loan disbursement on May 28th of 2020, the date 24 weeks later is November 12th, 2020 and the date 10 months after that is September 12th, 2021.

There has been some confusion, since the law changed the rules for covered periods, that the 10 month period starts to run at the end of the covered period chosen by the borrower for the determination of covered expenses (those that create eligibility for forgiveness). That is not the case. For application purposes, the 10 months begins at the end of the maximum covered period that may be chosen, not the covered period actually chosen by the borrower. That allows for more time to apply without creating risk that payments must begin.

The turnaround time for loan forgiveness is less certain. By law, the lender has 60 days from receipt of the forgiveness application to submit it to the SBA, but SBA can take much longer to respond. Recent evidence of the period from application to notification of forgiveness puts larger loans at 90 or more days. For a borrower that is sensitive to the debt on its balance sheet or, for example, is looking to sell a business that took a PPP loan, there may be compelling reasons to start the application process sooner rather than later.

While we provided some basic information on the PPP Loan Forgiveness application and timing, it is important to understand that everyone’s situation is unique. Contact a Snyder Cohn associate to see how we can help you.

By Tim Moore

Ten Cybersecurity Steps We All Need to Follow

During the pandemic, given the increase in remote work, the importance of cybersecurity has only increased. Dealing with cybersecurity issues can seem daunting for both individuals and businesses, but we wanted to make you aware of some easy steps you can take to help keep your computers and devices secure.

  1. Load antivirus on your computers and devices (including tablets and phones) and keep the virus definitions up to date.
  2. Use a firewall to help keep malicious actors off your computer. Some firewalls can also block geographically, so you can block entire countries from access.
  3. Do not reuse passwords, and change them with regularity. Hackers know some people use the same password in multiple places. If you’ve ordered something off a website and that site is hacked with the hackers collecting passwords, email addresses, and usernames, the hackers will typically try to use those credentials on other sites such as banking websites, social media websites, email sites such as Gmail or Yahoo, and corporate networks, because they know some people use the same password in multiple places.
  4. Use two factor authentication (2FA) when possible. Factors are something you know, something you have, or something you are, and 2FA requires two of those things. Something you know could be your password. Something you have could be your cell phone. Something you are would be your physical characteristics (biometrics) such as your fingerprint or voice. For example, you could configure 2FA on your bank account where you would first enter your password, which would then trigger a phone call to your cell phone with a code you would enter to complete the login process. That way, if someone gains access to your password, they will also need your cell phone to access your account.
  5. Keep your operating system patched. As security vulnerabilities are discovered, patches are created and released to the public in the form of operating system updates. Most operating systems allow automatic installation of updates, so it is an easy way to keep your operating system patched.
  6. Have a process so that employees who leave the company have their network login rights disabled and are removed from your computer systems promptly. Do not forget to remove them from any portals, or cloud-based software packages that operate outside your network.
  7. Watch those email links! Bad actors are known for making malicious links look legitimate by giving them a familiar title, such as a banking website, but the underlying hyperlink goes someplace you would rather not be. Hovering your mouse over a link will show you the underlying hyperlink, but DO NOT CLICK unless you are confident the link is where you want to go.
  8. Just because an email says it is from a certain person does not make it so. When looking at an email, do not only look at the name of the sender but also look at their email address. The odds of your attorney Michael using an email address that starts with “Helen” and ends with a .edu extension are probably slim.
  9. If you receive an unexpected email attachment from a person, there is nothing wrong with picking up the phone and calling the person to ask if they sent it, BEFORE downloading and opening it. Attachments can have malicious payloads. Also, do not call the person using the phone number in the email. If a malicious person sent you the email, that phone number could go to them.
  10. Secure your devices. Crimes of opportunity happen in a flash. Leaving your laptop unattended on the seat of your car, or your phone on the table at Starbucks while you pick up your order invites crimes of opportunity.

Hacking is big business, so it will not be disappearing anytime soon. However, by being vigilant, and taking the steps we can, we can help reduce the odds of being one of their victims.