Rising costs image

What Organizations Need to Know About the Looming Internet Taxes

The new Marketplace Fairness Act, or “Internet Tax” will require online retailers to collect sales taxes for the states where they ship goods, not just the ones where the seller has a presence. If you are a non-tax exempt organization that purchases or ships any of your products online, these new taxes will affect you.

This article will cover the basics of the Marketplace Fairness Act, so you can understand how it may impact your bottom line.

Currently, both consumer-level and B2B online shoppers have enjoyed purchasing products online mostly sales tax-free. Older laws required stores to collect sales tax only on goods shipped to states where they have a physical presence, such as a distribution center or a physical store. For example, if you purchased office supplies and software from Office Depot online, you would likely pay sales tax on your purchase. If, on the other hand, you made this purchase on Amazon, you might get off scot-free, when it comes to sales tax.

Complication has been the main reason for not requiring these sales taxes; deciphering all of the various sales tax laws for all 45 states that have sales tax was just too much of a burden for businesses.

Back in 1992, the Supreme Court addressed the issue, but Internet commerce was non-existent in those days. According to online sales tax advocates, current technology makes it simpler to collect sales taxes from various states. The so-called Marketplace Fairness Act urges state governments to provide companies with free software for calculating taxes and to establish one state entity to receive the payments.

Interestingly enough, consumer and business purchases from out-of-state are already likely subject to something your state calls “Use Tax.” Surprisingly, many consumers and businesses know little about this tax. Buyers are supposed to track their out-of–state purchases and pay sales tax when they file their tax return. However, many buyers are not even aware of — or ignore — these requirements, and they are difficult to enforce.

Supporters of the Internet Tax include big box retailers like Target, a mix of Democrats and Republicans, President Obama, the National Retail Federation, and even Amazon. While Amazon — as you might guess — was against the new tax for a while, the e-commerce powerhouse has changed its mind as its interest shifts into expanding its physical operations into more states. Apparently, Amazon realized the benefits of providing faster and same-day delivery from increased distribution centers outweighs the risk of requiring customers to pay sales tax.

Opponents include conservatives and anti-tax activists who claim the law will hurt small online businesses. However, one very big online business is leading the charge against the tax. eBay wants the law to exempt any business with fewer than 50 employees, or that make less than $10 million a year on out-of-state sales, to protect its numerous sellers.

No matter which side you’re on, it’s hard to deny the numbers. According to the U.S. Department of Commerce, there were $225.5 billion in online sales in 2012. And, thanks to the current sales tax-free status, states lost a combined $23 billion in uncollected sales tax revenue.

If you live in one of the five states with no statewide sales tax (Alaska, Delaware, Montana, New Hampshire, and Oregon), you’ll get off easy on this one, too. People in these states won’t be charged on goods they have shipped to their home state. However, businesses won’t fare so well  They will have to collect sales taxes for items shipped to other places where there are sales taxes — in other words, most of the country.

In states with sales tax, businesses and individual consumers will have to pay the same amount of sales tax as they would buying a product in person at a brick-and-mortar store. You can use this [tool][https://taxcloud.net/find-a-rate/] to see how much something will cost under the new law by choosing a location and tax category.

The Marketplace Fairness Act is currently pending in the House, and the earliest it could go into effect is October 1, 2013.

iPhone 5

How to Extend the Life of Your iPhone

Your iPhone is your connection to the world, your organization tool, and your technological toy. It’s also expensive. The only thing worse than the cost of constantly upgrading your iPhone to the latest version, is the cost of having to replace your current one due to damage.

To keep this wondrous gadget in top form, and to give it the longest life possible, follow these simple tips.

Wrap your iPhone in armor to protect it physically.

In the consumer tech world, iPhone armor equals a high-quality case and a protective film. A durable plastic shell, like those made by OttorBox, will save your phone from an unfortunate drop, or even the constant abuse it receives at the bottom of your briefcase, handbag, or even the bottom of your pocket. Tons of options exist in a number of styles, but no matter what you choose, make sure it’s designed to withstand accidents and not just look pretty.

A screen protector, like Zagg’s Invisible Shield, will save your screen from keys, loose pens, and any other objects that threaten to harm your iPhone screen.

Give your battery a break every now and then.

Preserve your battery by reducing the strain some of your iPhone’s conveniences cause. Features like push email, maximum screen brightness, and Bluetooth connectivity shorten the life of your phone’s battery, and you can probably live without them. Turn these features off, at least some of the time.

If your screen is broken, why not fix it?

Whether you crack your screen, or smash it into little bits, the appearance of a damaged iPhone screen can be jarring. You might have the urge to run to the Apple store and replace the entire thing.

However bad it looks, a broken screen can be replaced for as low as $70 – much, much cheaper than replacing your entire phone. If your iPhone gets cracks or scratches, simply give it a facelift with a new screen. Just don’t expect Apple to do this for you; the company will only swap out entire phones. You’ll have to do some searches in your area to find a reliable vendor who can do this for you.

Help your iPhone beat the heat.

If your iPhone feels hot to the touch, treat it like it has a fever, and put it to bed. In other words, turn it off to give it some time to “rest” and to cool down. Overheating spells trouble for the phone and your battery.

Protect your iPhone in case it is lost or stolen.

A lost iPhone is just as detrimental as a broken one. Apple’s app, Find My iPhone, can help you recover your investment. The app is free and pinpoints the location of your device with GPS if it’s lost – or stolen.

And, if someone steals your iPhone, using the pass code lock will ensure only you have access to your information.

Keep it synced.

If your phone does meet with an untimely demise, be sure your data doesn’t die with it. Sync your phone with iTunes often to save you tons of time when you replace your phone and don’t want to miss a beat.

Secure computing image

Insider Threat Risks to Your Organization

Business owners and IT managers are well aware of the threats posted by hackers and cybercriminals to their networks, and most are taking steps to secure their organizations and to ward off these outside threats. However, sometimes the biggest threat to your company comes from within the walls of your office.

A recent study funded by the U.S. Department of Homeland Security, the U.S. Secret Service, and the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute found that malicious insiders within the financial industry often get away with fraud for nearly 32 months before they are detected.

At a February presentation at RSA Conference 2013, Dawn Cappelli of the CERT Insider Threat Center presented several instances in which current and former employees damaged companies by planting malware, stealing corporate data, or colluding with outsiders to commit fraud. In fact, the center has tracked 800 insider threat cases since 2001.

Types of Insider Threats to Watch Out For

According to Cappelli, certain employees often are involved in a range of scenarios:

Cases involving intellectual property theft, such as business plans or source code, often involve a former employee who worked on the project. Often, these culprits save company information on a USB drive and are never caught.

In cases of sabotage, highly technical employees, such as system administrators who become disgruntled after being fired, often set up an attack before leaving the company.

Fraud cases typically involve lower-level support employees, such as help desk personnel, who conspire with outsiders.

Threats from untrained users or users that are not following procedures are also very real.

Potential Sources of Insider Threats

Companies that use file services like Dropbox and virtual machines should be careful, as employees can use these to exfiltrate information. One case Cappelli presented involved a product development manager who had access to clients’ trade secrets. He had access to information on two clients in the semiconductor industry and downloaded 80 documents before leaving the company and taking a job with one of these semiconductor clients. His new employer turned him over to authorities after learning about the breach, including the fact that 18 of the documents belonged to a close competitor. To protect your company from this type of threat, ensure that business partners protect information, audit their controls, and build it into contracts.

Another source of potential insider fraud is shared computers. Cappelli spoke of an instance at a university, where two students loaded malware onto publicly accessible computers so they could steal credentials and spy on student records.

In another situation at a hospital, a disgruntled security guard, who had a background in system administration, installed malware on systems. He was caught when he posted a video of his work, and another hacker reported him to the FBI.

Yet another instance involved a network engineer at a retail company who knew he was going to be fired. He created a VPN token for a fake employee before leaving the company, and then called the company’s help desk pretending to be a new employee requesting a credential activation. After lying low for a few months, the former employee deleted corporate email accounts and virtual machines, creating a major headache for the company. To protect virtual machines, companies can scan memory files and tie virtual environments into existing security systems.

Insider Threat Warning Signs

While these examples of rogue employees wreaking havoc on companies might be scary, they serve as a reminder that threats need not come from outside a business.

In a recent Tech Republic article, writer Tom Olzak shares a list of possible signs that an employee is about to go rogue, possibly creating a security risk for your company. His list includes the following:

  • Attempts to circumvent security controls
  • Unexplained, repeated absences on Monday or Friday
  • Pattern of disregard for rule
  • Long-term anger about being passed over for a promotion
  • Pattern of lying and deception of peers or managers
  • Frustration with management for not listening to what the employee considers grave concerns about security or business processes

Watch out for these signs that someone may become a threat, and communicate with that employee immediately to attempt to remedy the situation before it spirals out of control. Since employees often hide malicious behaviors from managers, training all employees to watch out for signs of discontent can help with prevention. Providing a way for employees to anonymously report peers can help them look out for your company without fear of being labeled a tattletale.

The “Accidental” Threat

While the threat of an insider intentionally compromising security to get what he or she needs is very real. industry statistics indicate that more than 52 percent of insider incidents are accidental or inadvertent. How do you guard against these? A multi-dimensional security approach is required that encompasses:

  • Education  — educate your users about the risks of phishing attacks, social engineering attacks, and high risk behaviors such as downloading and installing unauthorized or illegal software, or sharing passwords.
  • Security Tools — many organizations invest in tools that can monitor in a “trust but verify” manner; reminder emails and popups give users a chance to think twice about an action that may put the organization at risk
  • Policies/Procedures — ensure that your policies and procedures are not just in place for reference, but are actually followed. Audit them periodically to verify compliance. If users are circumventing them, establish user task forces to optimize and improve them. This will also result in more user buy-in.

Parting Thoughts

Protecting against insider threats, malicious or inadvertent, can be the difference in success vs. failure for organizations with key legal considerations or intellectual property to protect. Developing the right approach to managing risk is more than just good business, it is a necessity.  Owners and IT managers of organizations should identify their largest insider risks and develop “right-sized” approaches to mitigating them.

While the threat of an insider intentionally compromising security to get what he or she needs is very real. industry statistics indicate that more than 52 percent of insider incidents are accidental or inadvertent. How do you guard against these? A multi-dimensional security approach is required that encompasses: