Practice Management

Steps to Take When Your Sensitive Data is Breached

Roughly 267 million records were exposed during data breaches just in 2012 alone, the global information services organization Experian estimates. With numbers like these, most businesses find that it’s not a matter of “if” their data will be breached, but “when” it’s going to happen.

With data breaches becoming such a common problem for people and businesses alike, occurring roughly eight million times each month according to IBM, it’s important to know the steps to take once you become aware a data breach has occurred in order to properly protect your business, your reputation and your financial interests.

Create a Data Breach Action Plan

It’s necessary now, before breaches occur, to create an action plan to follow when they do occur. These are a few of the steps small business owners should include in any response plans involving data breaches.

  • Discover and investigate the breach internally.
  • Contact law enforcement officers if this is a case where that might apply (hacking is a crime).
  • Notify financial institutions you do business with. Change account numbers or close accounts as appropriate.
  • Engage the services of professionals to assist with the investigation as well as the potential fallout for your business. This may include computer forensic investigation firms, data recovery specialists, law firms, crisis management teams and/or PR firms.
  • Notify customers and employees who have been directly affected by the breach and purchase identify theft protection services for those who were affected. Many states have laws regarding notifications involving data breaches. Make sure you know the law in your state so that you’re in compliance.
  • Get ahead of the breach in the media. It’s best to be proactive with statements regarding the breach, so that you control the narrative. This protect you from the need to do damage control after someone else goes public with their version of events first.
  • Keep those who were affected by the breach up to date about what’s going on through notifications in the mail or via email. Give customers and employees details, facts and information about what’s going on and steps they can take to protect themselves.
  • Respond to questions and inquiries. Transparency dispels thoughts that you are trying to hide things from a concerned public. For small businesses this may involve hiring someone to field calls and calm concerns.

The key is to stay on top of things from start to finish. How you deal with the fallout says a lot about you as a business and will determine whether or not your customers choose to ride out the storm with you.

Be on the lookout for our next data breach article in the series involving data breach notification.

Why Small Businesses Need Agreements in Writing

Small businesses often capitalize on their less formal, more personal, approach to their customers and clients. While there is nothing wrong with this approach in general, it should not extend to business agreements and legal matters. On the contrary, a small business, including dental practices, should insist on reducing all agreements to writing just like their larger counterparts do.

Regardless of what type of small business you own, chances are your customers or clients are drawn to the fact that you are able to provide more personalized attention without the need for them to follow inflexible procedures or go through three different people before they can speak to someone who can help them. The informality of your business, however, should stop there.

Unfortunately, disputes occur in all businesses. Whether it is a dispute with a supplier, an advertiser, a customer, or a landlord, it can-and most likely will-happen at some point in time. When a dispute arises, documentation is the key to settling the dispute. If your dispute ends up in court the law always favors a written agreement over a verbal agreement. Having the agreement in writing to begin with, however, creates an excellent chance that you will be able to resolve the dispute outside of the courtroom.

Many disputes are the result of honest misunderstandings. A smaller percentage of disputes are the result of unscrupulous individuals trying to take advantage of new, potentially naive, small business owners. Either way, having a written agreement that clearly outlines the terms and conditions of your practice with an individual or company ensures that you are prepared to defend yourself should a dispute arise for any reason.

As a small business owner you are likely working with a very tight budget and are therefore hesitant to spend money on legal fees charged to draft agreements. While this is certainly understandable, you should look at written agreements as a type of insurance. A relatively small outlay of funds now will protect you from a much greater expense down the road. If a dispute arises and you have no written agreement to back up your position there is a much higher probability that the dispute will turn into a lawsuit. A lawsuit, in turn, will require you to hire an attorney. Your attorney fees to defend a lawsuit will be substantially higher than they would have been to draft a written agreement that could have prevented the lawsuit.

You have undoubtedly worked hard to get your dental practice off the ground. By insisting on written agreements in all of your transactions you are helping to protect your investment and ensuring the future success of your business.

Is Your Practice Eligible for Health Insurance Tax Credits?

The Affordable Care Act (ACA) can save your dental practice money through its tax credits.

If your practice has employees, you’ve undoubtedly been paying attention to the news coming out of Washington, D.C., about the Affordable Care Act (ACA). This law was designed to be implemented in waves, rather than all at once, and there have been major changes since it was passed and signed.

Some elements of the ACA have already been incorporated into the health care industry. One of these benefits is a tax credit for the health insurance costs you pay for your employees. For the years 2010-2013, small businesses could take a tax credit of 35 percent of the premiums paid for health insurance. Small tax-exempt businesses got a credit of 25 percent.

Starting in 2014, small business owners can take a tax credit up to 50 percent of the premiums they paid for health insurance. Tax-exempt small business owners’ credit will be 35 percent. This credit can be claimed for two consecutive tax years.

To be eligible for this credit, you will have to meet the following requirements:

  • You must pay at least 50 percent of the cost of employee-only health care coverage for each of your employees.
  • You must also have fewer than 25 full-time equivalent employees. This means the average number of hours worked by your employees is greater than or equal to 40 hours a week.
  • The average wage of the employees covered must be less than $50,000 per year. This amount will be adjusted for inflation every year.

You will have had to pay premiums on behalf of your employees who are enrolled in a qualified health plan offered through a Small Business Health Options Program (SHOP) Marketplace. However, if you qualify for an exception to the requirement to buy health insurance through a SHOP Marketplace, you can still take this credit.

This credit is refundable. This means that if you are a small business employer and did not owe tax during the year, you can get a refund on your return, which can be carried back or forward to other tax years. In addition, if you are an eligible small business, you can claim a business expense deduction for the premiums that are in excess of the credit.

In other words, not only do you get to take a credit for these costs, but you can also take a deduction for employee premium payments.

However, keep in mind that you are eligible to receive the credit and have it be refundable as long as it does not exceed your income tax withholding and Medicare tax liability. Further, if you are a small tax-exempt employer, any refund payments you receive are subject to sequestration.

If you’ve been working with us on tax planning for next year’s filing, you probably know all of this. If not, we encourage you to make an appointment to talk with us about your ACA-related issues – or any other tax questions you may have.

The Risks with Using Email for Business

Email is an incredibly useful tool for dental practices dealing with basic information. However, using email to communicate with customers and other businesses can pose a serious risk for your practice if you don’t take the proper precautions.

Because of the risks inherent in unencrypted email communications for hackers and identify  thieves, businesses are warned to properly encrypt email documents. These are just a few of the risks businesses face when it comes to using email.

The Virus Risk

While this mostly results from employees opening emails and email attachments or visiting unfriendly links in emails on office computers, the risk it poses to not only business computers and networks but also to client information, identifying information of employees, and confidential information concerning your dental practice is potentially catastrophic.

Hacker Entry Points

The other problem with unencrypted email communication for large and small dental practices alike is that it gives hackers an entry point. All they need is an entry point into your network, from which they can then launch all manner of attacks from simply stealing information to launching SPAM campaigns from your company computers that damage your reputation to deleting critical information from your business mainframe.

Trojans in Your Midst

These attacks are quick, unexpected, and brutal, just like the ancient attack on the city of Troy. Trojans are executable files that cause devastation in their wake and all it takes is for someone in your organization to click on the wrong email link.

Reputation Management

SPAM campaigns originating from your email system are bad enough, but people can manipulate your email to release client information, employee information, to send out political  statements, and so much more that can harm your public image and crush your bottom line.

Litigation Potential

Depending on the type of information revealed in unsecured email communications, you could be placing your small dental practice at an increased risk for litigation – especially in fields that deal with financial services, medical information, insurance, medical care, legal information and representation, accounting, investments, and more.

Releasing Information to Wrong Person

It happens all the time. Whether accidental or intentional (when employees are deliberately trying to harm the financial solvency or reputation of the business) employees send sensitive information to the wrong recipient. It’s such a simple mistake to make and one that can be so  devastating for the practice. Think about it. What if an employee sent out medical records or client lists to someone on their list of contacts that isn’t within your organization?

Mitigating Your Risks

That’s why it’s important for all businesses to take steps now to limit their exposure to risks resulting from email communication. Here are a few ways to do just that:

  • Establish strict email policies.
  • Put those policies in writing.
  • Limit email communications whenever possible.
  • Only send emails to necessary recipients.
  • Exercise caution when using carbon copies and blind carbon copies.
  • Create a confidentiality notice that should be attached to all emails sent from business
  • Email channels.

These steps do not absolve dental practices of the responsibility of something going wrong with  emails, but it can help limit some of the risks associated with email communications. The best practice is to use email as sparingly as possible for the purpose of sensitive business communications, particularly if the email is unencrypted.

The Benefits of Accepting eCheck Payments for Small Businesses

Small businesses can benefit from accepting eCheck payments in many ways. It’s a good idea to explore the potential value it can bring to your dental practice before dismissing the idea or missing out on something that can add value to your practice for patients, while simultaneously helping your practice become more efficient and productive.

Increased Security

Whether your dental practice handles high dollar checks or multiple checks for small amounts of money each and every week, the need for security is vitally important to protect the financial state of your business, as well as the personal and identifying financial information of your patients.

Electronic checks provide one of the most secure means for accepting payments on the planet today. Your information and that of your customers is protected with 256-bit encryption, public key cryptography and countless other security measures designed to give you and your customers peace of mind.

Greater Efficiency

Small businesses today are always looking for ways to become more efficient. How about the efficiency of eliminating the entire step of delivering checks to the bank day after day? How much time will that save over the course of a year? More importantly, how can your business benefit from faster access to the cash proceeds from customer payments?

Other Benefits of Accepting eChecks in Your Business

Some of the other benefits you might want to keep in mind as you decide whether or not accepting electronic checks or ACH (automated clearing house) payments is the best course of action for your dental practice include the following:

  1. Eliminate paper waste of thousands of checks each year thereby helping to preserve the environment
  2. No need to store checks while waiting delivery to the bank
  3. Offering expanded payment options to customers
  4. Fewer instances of fraud
  5. Lower processing costs
  6. Greater flexibility when selling products from brick and mortar businesses on the World Wide Web

Businesses really appreciate the fact that they no longer need to wait for consumers to actually write checks and mail them in or find themselves at the mercy of a postal service – a process that sometimes results in lost checks in the mail. On the flip side, consumers appreciate the fact that they no longer have to worry with keeping up with bills or making payments on time. Everything is automated for them.

As you can see there are quite a few reasons to take a good, long look at electronic payments and how they can possibly benefit your dental practice as you move your business forward.

Can I Use Email for Communicating with My Dental Accountant?

In the electronic age, it’s easier for many small dental practice owners to conduct business through electronic means of communication, email in particular. While it may be tempting to conduct as much of your business through email as possible, there are inherent risks in doing so.

The biggest risk is significant. That is, the risk that your private, personal and financial information could fall into the wrong hands. If you’re using an accountant for your family taxes, for example, email makes personally identifying information not only about yourself and your spouse vulnerable, but your children too.

What Kind of Information is Available?

  • Social Security Numbers
  • Addresses
  • Dates of Birth
  • Banking Information
  • And more

This information is highly valuable to hackers and identity thieves who will pay premium prices to get their hands on it. They’re not afraid to break a few laws to get that information either.

How Can You Enjoy the Convenience of Email without the Risks?

The Gramm-Leach-Bliley (GLB) Act, protects the non-public personal information (NPI) of consumers. The act provides the Federal Trade Commission with the responsibility of implementing the law. Under that authority, the FTC has created the following rules.

  • Safeguards Rule - As an important rule, it requires the secure transmission, receipt and storage of data containing any NPI at all times that includes passwords, encryption and physical protection. The email platform used should have 256-bit encryption. A 256-bit encryption is more powerful than a 126-bit encryption to protect sensitive information and files communicated through email. Further protection should be afforded in the form of a written information security plan.
  • Privacy Rule – This rule requires businesses to provide privacy statements to anyone engaging with their appraisers directly. The statement must include how NPI is gathered, shared and secured as well as methods consumers might use in order to opt out of that information being shared with outside parties. Emails that contain personal or financial information between yourself and your accountant should always be encrypted in order to safeguard that sensitive information under the GLB Act.

What Does this Mean for Convenience?

One popular and effective method dental practices and other businesses are turning to in order to comply with the rules of standing law, as well as further laws that are anticipated, is through the use of secured client portals.

These portals serve as alternatives to email that hold sensitive client information in a secure online storage area. With portals, accountants can upload information to the portal, which then sends an email to the client letting you know that you have new information waiting for you. You then log in with your password and retrieve the information.

The risks involved in email communications today are simply too big for such vital information. Take precautions to use 256-bit encryption when transmitting sensitive information and files to your dental accountant or use the accountant’s secure portal. Keep this in mind and avoid those risks completely.

What is a Socially Conscious Business?

In the 21st century, dental practices need to understand and incorporate the concept of socially conscious business practices in order to flourish and succeed. Today’s consumer is better informed, more aware and more than willing to put their spending dollars where their conscious is making it imperative that a business show its willingness to promote social conscious business practices as well. In order to do this, dental practices must first understand what being a socially conscious business entails.

Historically, businesses were viewed as secretive, aloof, egocentric conglomerates that were concerned with nothing more than the bottom line. Social changes that took place during the middle to latter part of the 20th century caused even the average consumer to start questioning that business model. People began to realize that true social change must occur at all levels of society – including the corporate level.

From that thinking came a call for transparency in corporate America. Consumers started to care how businesses were run, who they employed and what they did to better their community. That standard of transparency that consumers came to expect continued into the 21st century. In fact, consumers expect even more today. Simply being forthcoming about how your dental practice operates is not enough – today’s consumer wants to see that your practice has a social conscious as well.

Being a socially conscious business does not mean that you need to be a not-for-profit organization.

On the contrary, a socially conscious dental practice is most definitely a for-profit business; however, it is also a business that indirectly promotes and facilitates positive social concepts and changes. This can be accomplished in a variety of ways such as hiring disadvantaged workers, utilizing environmentally conscious materials, donating a share of profits to a worthwhile cause or participating in local organizations that positively impact the community.

Although there is no “one plan fits all” when it comes to turning your dental practice into a socially conscious business, there are some common steps you may be able to take to move your practice in that direction, such as:

  1. Create a philanthropic foundation or trust and designate a percentage of your profits to it.
  2. Spend a day figuring out where your practice can use environmentally friendly materials or supplies and make the change.
  3. Focus on the family by offering flexible scheduling, job sharing or work from home opportunities.
  4. Provide volunteers for an important community project.
  5. Offer employees incentives for living healthy.

With a little creative thought, you can turn your own dental practice into a socially conscious business that promotes positive change and that also appeals to today’s conscientious consumer.

What are Asset Protection Services?

Asset protection services exist to help place your dental practice’s assets in a position where they are all but untouchable by those you do not wish to have access to them. In the world you live in, one that’s rich with dangers and potential financial pitfalls, protecting your dental practice’s assets and wealth is more important than you may realize – whether you have a large sum of assets or not.

What Risks Impact Your Assets?

Most people are surprised to learn about the wide range of risks they face when it comes to securing and protecting assets. These risks include:

  • Unemployment
  • Disability
  • Death
  • Age
  • Health
  • Divorce
  • Retirement
  • Layoffs
  • Injury
  • Medical Expenses
  • Litigation
  • Judgments
  • Legal Expenses

The list goes on and on. There are hundreds of risks, large and small, that place your practice’s assets at risk every day. That’s why it’s so important to consult with a financial planner or dental accountant that has experience providing asset protection services.

How Can You Protect Your Assets Through Asset Protection Services?

First and foremost, consider using asset protection services from a professional experienced in protecting wealth and assets. Asset protection services involve a blend of financial planning and insurance using specialists such as dental CPAs, attorneys, estate planners, insurance experts, financial planners and/or asset protection specialists.

Careful financial planning is the most important thing you can do to protect your practice’s assets now, and in the future. This is putting your head together with a professional who specializes in asset protection services, developing a plan to manage your existing assets, accumulate future assets, minimize risks and sustain growth over time. Important tools in your arsenal for your goals of financial growth and asset protection include insurance, proper planning and attention to detail.

Insurance

There are many types of insurance products on the market today. There is insurance coverage that protects your dental practice’s assets themselves. There is also insurance coverage that protects you from liability in the event that someone is injured by or on one of your assets. There’s even insurance to cover liability related to professional dental services you offer. In other words, there’s a type of insurance for many different contingencies and you should carefully consider which types of insurance serve to best protect your assets today and in the future. Having adequate insurance, however, is an asset protecting contingency that must be covered. Other insurance to consider includes medical insurance, loss of income insurance, life insurance and disability insurance.

Financial Planning

Financial planning includes components designed to reduce your risks, increase the value of your assets and sustain growth as time goes by. It involves estate planning, wealth protection, tax minimization strategies and wealth recommendations to maximize return. It’s important to work with qualified financial planners with specific experience in asset protection services for this critical task.

You want to know that your future is protected and assured. One way to increase that likelihood is by taking steps today to protect your dental practice’s assets and wealth for the long term by considering the use of asset-protection professionals. Life takes unexpected turns all the time. You can rest much easier knowing that you’re covered for most of the contingencies that could ever come your way.

Business Risks with BYOD Workplaces

Creating a BYOD workplace for your dental practice offers some distinct advantages to business in the form of improved employee productivity and engagement. These are not small benefits in today’s workplace.

Unfortunately, it brings its own share of risks to the table as well. These are just a few of the risks you should consider carefully before making the move to a BYOD workplace as they may have a significant impact on your dental practice.

What Could Go Wrong?

Just as you’d be wary of employees who come to work sick with viruses, you should also be wary of employee devices that may be infected with viruses you can’t see. While most software looks for bad things on the outside of the network, it is still vulnerable to dangers within. BYOD policies make it all too easy for employees to unknowingly expose the entire work network to viruses, malware, and more.

Other risks include:

  • Theft of Device
  • Loaning of Device
  • Inadequate Device Security
  • Information Remaining on Devices when Employee Upgrades (or passed along to children)

If these devices fall into malicious hands, the consequences could be devastating for your dental practice in terms of negative financial repercussions and beyond-repair brand reputation damage. This may be particularly detrimental for businesses, like those in the medical, insurance, and financial industries, where a sensitive and personal information data breach could cause undue harm, including identity theft, to the parties involved.

Preventing a Worst Case Scenario

While not all dental practices can accommodate BYOD policies in the workplace, those that do, must have a set of standards for making the transition as seamless and low-risk as possible.

  • Create standards and policies that establish and define how the intellectual property of the business is to be accessed and treated on these devices.
  • Create a plan of action, in writing, for handling the loss, theft, passing, or elimination of employee devices.
  • Audit the program frequently to make sure it’s working in the best interest of the practice.
  • Finally, understand that all businesses aren’t cut out for this specific work perk. Some businesses, such as legal entities, financial services business, medical firms, and insurance firms face huge legal liability risks when bringing mobile phones into the midst.

Before you decide to embrace the benefits of a BYOD workplace solution, make sure you fully expose the risks they represent for your dental practice.

 

Tablet Safety 101 – Making Your Tablet Safer for Public Use

People are relying on tablet devices in their dental practices more and more every day. You use them for work and some for play. Tablets provide users with many of the benefits a laptop delivers, but in a format that’s even easier to take on the go. But, is your practice’s information safe when you use your tablet?

As with most things in life, there are things you can do to make your tablet a safer choice to use for your dental practice or pleasure while on the go.

  • Install anti-virus software for your tablet device. You should only use trusted anti-virus names for this though as some savvy hackers have taken to creating fake anti-virus programs that actually install viruses on your devices.
  • Be cautious when installing apps. Apps are notorious for not safeguarding your privacy.
  • Enable capabilities to remotely wipe your device if it stolen and notify your provider (if applicable) right away if you have not installed those capabilities.
  • Don’t click on advertisements on your tablet. Many ads automatically download viruses onto your device without your notice.
  • Lock your screen when you’re not using your device.
  • Don’t store log-in data on your tablet device. This makes it too easy for people who “find” your tablet to access your passwords, private, and financial information. The harder you make it for them to do, the less likely it becomes that they’ll go to the effort.
  • Backup your data routinely. Some people do this daily. Depending on how often you use your tablet and what kind of data is stored on your tablet, this is a wise move to make.

The Dangers of Public Wi-Fi

Public Wi-Fi connections present very specific dangers to your tablet device. Many hackers disguise themselves as legitimate Wi-Fi connections and hang out in hot spots hoping someone will choose their connection to attempt a logging on. Once you’re connected to their device, bad things can happen. Look for secure Wi-Fi connections and be cautious when using public Wi-Fi.

It’s best to avoid it whenever possible though – especially when using your tablet for your dental practice or personal financial matters. Tablet devices are somewhat risky to use – especially for personal and financial information like reviewing tax returns or balancing your checkbook in public. However, the steps above will make your tablet safer for limited use in public.