Malware attack on accounting firm causes panic.

What happens when a Malware attack on an accounting firm happens? One did happen on an accounting firm that is quite popular which holds some pretty big assets.

A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers.

Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site. Many of its tax and accounting services, as well as vital storage services, have been down since early Monday morning, leaving customers unable to work, access customer tax returns or personal information, during a busy filing period (taxes for non-profit organizations are due May 15). The approximately $4.8 billion company is headquartered in The Netherlands.

While the company did not comment on how many of its customers were impacted by the downtime, CNBC spoke to accountants and cybersecurity specialists across the U.S., from the biggest firms down to independent operations, who described significant and ongoing problems accessing their customers’ data. One accountant at a large, Midwest-based accounting firm, said that the accounting world was in a “quiet panic” over the attack. This person requested anonymity to protect his clients.

“We have a really close relationship with our customers, and we understand that this situation impacted their day-to-day work,” Elizabeth Queen, vice president of risk management for Wolters Kluwer, told CNBC. “We’re working around the clock to restore service, and we want to provide them the assurance that we can restore service safely. We’ve made very good progress so far.” Queen said the company has contacted authorities and third-party forensic teams to investigate the incident.

Queen reiterated a written statement issued yesterday by the company, which said “We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing.”

Difficult communication and inaccessible data

The attack started around 8am Eastern Time on Monday. Queen said she could not yet release information on the specific type of attack against the company. But the incident is reminiscent of the NotPetya ransomware attacks of 2017, which spread quickly throughout firms, knocking out services including voice and email, and rendering huge databases of documents inaccessible.

After the attack, Wolters Kluwer took many of its systems offline, including “communications systems,” to prevent the malware from spreading further. This made it difficult for accountants and IT staff to reach the company for information about the incident.

“It really gave us the opportunity to investigate the problem safely,” Queen explained. “It takes time to gather information, and we are informing our customers and employees about the situation, updating them as best we can.”

One accountant in the Southeast said his investment firm uses to store client tax returns, working papers and other important information. He asked to speak to CNBC on background because he is not authorized by his employer to speak to media.

The accountant said he was still unable to access documents stored in Wolters Kluwer cloud servers as of 2:20 p.m. ET Wednesday, and that his firm was unable to get much information from the company because of the downed communications channels, including customer service numbers he said his firm typically uses.

“Since Tuesday, it was the same thing, no new information,” he said.

On Wednesday afternoon, Wolters Kluwer provided the accountant’s firm with a back-up customer service number. When called, the new technical support number yielded a message saying “we do not have a specific timeline for when we expect to have service fully restored.”

A cybersecurity professional at one Big Four accounting firm said she had received reassurances from Wolters Kluwer that account information had not been accessed. But she also said her firm took additional precautions to “limit any possible exposure” to the malware attack through the accounting giant’s technology connections to the software company.

“We’re, of course, watching it closely and having our own people look at the problem,” she said. The cybersecurity professional asked to remain anonymous because she is not authorized to speak to media.

The accountant from the Midwest-based accounting firm said that data loss was his “primary concern.” But he said he’d only received one call from a client asking about data.

“I’d characterize it as a bit of a ‘quiet panic’ right now in the corporate accounting world, without a lot of information,” he said.

For the clients who need to file by May 15, the accountant said he is coming up with a back-up plan: “Do it by hand.”


The 1099: How and When To Send?

1099’s can be a bit overwhelming for business owners. When do I send them, at what time of year, how and to who? It is easier than you think. These tips may help.

Who requires a 1099?

A basic rule of thumb is you must issue a 1099-Misc to each person you have paid $600 to in rents, services (including parts and materials), prizes and awards or other income payments. 1099 is not used for personal purposes. Businesses are required to issue 1099-Misc for payments it made and this will be sent to a sole prop., LLC, or LLP, or Estate. You will see why I didn’t include a corporation.

What are the penalties for not sending them?

Do you really want to find out? The penalties can range from $30-$100 per form depending on how long past the deadline you go. If the business were to intentionally disregard, this is a $250 fine per statement with no maximum. Do yourself a favor and get them out.

What are the expectations?

The list is a long one, but you wont need to send them to sellers of merchandise, freight, and, storage. If you make rent payments to real estate agents, there is no 1099 required. You also don’t have to send them to corporations.

Why the W-9 is important

Business owners should always, always, always get a W-9 from the vendor even if they don’t pay over $600. The vendor will have the Tax ID and address on their W-9 for easy tracking. Something else on the W-9 is the vendors company formation.

What are the deadlines?

Just like your W-2 employees, 1099 must be mailed out by January 31. You also have a 1096 transmittal form due February 28. The 1099 may also be applicable to state filing, check with your state.

Why managers need to look closer at the budget.

Do I need to really look that close at the budget? Do I need training in accounting and management? We make enough.

For most department managers in business, there is a set budget of money they can use in their department. The budget is used for various items like hiring staff, events, and upgrades to the department just to name a few. Most get promoted within, but are not properly taught how to deal with a budget. Remember accounting is the language of business.

Most managers are hired from within and from lower positions. At clinics nurses may become clinic managers and it’s a great fit, the nurse managing a clinic, it fits!!!. All my nurses, how much business management did you learn in college or nursing school? Which accounting classes did you take in nursing school? Most nurses may say “I’ve never taken a business class in my life” and that’s ok, but you want this person to be in charge, upon other things, a budget without knowing how to read it? Is this manager going to know when to cut cost and bring the business into a net profit?

Most managers look at the inflow, but not the outflow. The outflow tells you where your money is going. A business could be a cash machine, but if the money is going out as fast as going in the business is making nothing or worse at a negative. Managers must understand this and get control over their budgets because there paychecks are reliant of that budget.

It is my opinion that businesses should have a tuition assistance (not a whole degree) on management and accounting classes. It is money out of their pocket, but in the long-run, it will pay to have a business competent manager. has many resources for accounting including books that can be purchased and free videos.

Should I raise my deductible to beat an insurance increase in price?

How does my deductible have an effect on my policy?

Many people each day, all around the world buy insurance. Most people use an agent or go direct to the insurance company, but never really ask about that thing called a deductible. Now this is going to aim more towards property and casualty insurance (auto, home, etc), but the point is I want to let you know how this part of your policy works.

When you get into a car accident, the coverage payout will depend on if your at-fault or not. When you are not at -fault, you will go after the other parties insurance for damages, but what if it is your fault? What if you hit another car or an object, who fixes your car then? That is where a deductible comes in. Now deductibles can vary based on how your insurance contract is laid out, but we will stick to $500 deductibles since it is the average.

Lets say for example you hit a tree and your car is damaged. You can’t sue the tree or go after it’s insurance, you need your car fixed. This is where your deductible will come in, you will pay out your $500 and the insurance will pick up the rest of the tab. In this case you are also known as the co-insurer.

When I was working in insurance, one thing that irked me was people raising their deductibles just to beat their price increase. This is never ideal for two reasons, 1. you won’t beat the price increase and 2. you lose insurance coverage. Number 2 is the most important part of your policy. When you use your deductible a contingency is your damages surpass your deductible in order to get coverage. For example, if you have a scratch on your car from some falling debris maybe from a truck on the freeway, you can report that to your insurance company. Your insurance company will have an estimate done by a body shop. Now if the damages are lower than $500 (lets say the estimate was $300), your claim will be denied. You won’t need the insurance to pay anything, why would you pay $500 to get $300 out of the insurance company, right?

Now if the damages in that same situation was $600, then you will be able to use your insurance. You pay $500 and the insurance company would pay the remaining $100. Now imagine if you raise your insurance up to $1,000 and you have the same situation where the damage was $600. Well my friend, you will be paying $600 out of pocket. $600 is less than $1,000.

In conclusion, raising your deductible is not always the answer to your policy increase. Now it’s your policy and the agent is happy to keep you as a client, but just be cautious about what your doing.

IRS alerts virtual currency owners of nonfiling consequences

According to the IRS, Cryptocurrency is treated as property. Letters have gone out to taxpayers regarding this.

The IRS has begun sending what it calls “educational letters” to taxpayers it has identified as not reporting virtual currency transactions or reporting them incorrectly (IR-2019-132). The IRS says the letters (Letter 6173, Letter 6174, or Letter 6174-A) are intended to help taxpayers understand their tax and filing obligations for cryptocurrency. The IRS says that by the end of August, it will have sent more than 10,000 of the letters.

The letters point the recipients to the IRS website and inform them which forms and schedules to use and where at the IRS to send them.

“Taxpayers should take these letters very seriously by reviewing their tax filings and, when appropriate, amend past returns and pay back taxes, interest, and penalties,” IRS Commissioner Chuck Rettig said in a news release.

The IRS warned as well that it has stepped up enforcement in this area, including criminal prosecutions. Last year, the IRS launched a Virtual Currency Compliance campaign within its Large Business and International Division.

The only IRS guidance on virtual currency transactions is Notice 2014-21, under which the IRS treats cryptocurrencies as property, rather than currency, for federal tax purposes. The IRS announced that it intends to issue further guidance on the topic in the near future.— Sally Schreiber, J.D., ( is a JofA senior editor

8 summertime to-dos for tax practices

I think business owners including tax Practitioners should always stay busy no matter the season. Everyone wants more money, but wants to skedaddle off to Disneyland as soon as it’s July 1 12:00am. I found a post from Roger Russell that has some great tips.

“April 15 is past, and September 15 and October 15 are comfortably far ahead, which means there are no immediate deadlines for tax practitioners to pay attention to – leaving them, perhaps, with some time on their hands.

While a long, slow summer of leaving early and closing on Fridays may sound nice, it’s probably wise to devote at least some of that downtime to fine-tune some aspects of your practice.

Stephen Mankowski, owner of Mankowski Associates CPA LLC and immediate past president of the National Conference of CPA Practitioners, has put together a list of the primary objectives that many of NCCPAP’s members — including himself — aim to address at this time of year.

1. Continuing education

Rather than wait until the end of the year or the end of the reporting period, now is a good time for all staff members — not just owners — to catch up on their requirements, and to fill in any gaps in their knowledge or improve any areas of weakness.

2. Firm operations

Monkey Business Images Smart firms hold staff meetings to assess and review the prior tax season to prepare for the next, and to determine their off-season game plan. In particularly, they review their staffing levels to see if they had enough staff during busy season, and if they have enough for the balance of the year.

3. Technology: Hardware

Fotolia Tax practices should check their servers — reviewing the systems and performing any needed updates (and possibly consider going to the cloud — see No. 5).

They should also review the performance of their desktop and laptop computers to see if they performed as expected, and if any need to be replaced. Finally, from a hardware perspective, firms should consider how many monitors staff are working with — two is rapidly becoming industry-standard, and some are moving to three, or even more.

4. Technology: Software

Now is a good time to perform needed program and system upgrades and updates, and to check on the firm’s level of cybersecurity.

Perhaps most important, firms should evaluate their tax software in terms of performance, price, support, security and more; vendors are ready to offer demos (and possibly discounts) to those who are considering a switch to a new tax software provider.

5. Consider the cloud

For those practices that haven’t made the shift to cloud-based systems and software, now is a good time to give it some thought.

Among the pros, according to Mankowski, are added data security; the ability to access data and systems from any place with an internet connection; automatic updates; potential savings from not having to buy a server or manage the firm’s IT; and automatic data backups.

Among the cons that he identified are the need to have an internet connection to access data; the relative quality of the practice’s internet connection; the speed on any given device; and the nature of the expense.

6. The office

Bloomberg News With fluctuating staff levels from busy season to the off season, it’s worth looking at whether the practice is utilizing its space effectively. Is there enough space during busy season without excess during the slow season?

7. Extensions

Due dates won’t stay comfortably far away forever, so it’s best to stay on top of extensions to avoid a time crunch come September and October. Keep an eye on outstanding source documents and other information you need from clients, and begin sketching out how you’ll manage the work that’s coming.

8. Recharge the batteries

PaulMaguire It’s not all about housekeeping and improvements to practice: Practitioners should also play lots of golf (or pursue whatever other healthy pastime works for them), take much-needed vacations, and spend time with family and friends.”

Original post from: