ECCU Blog

When I joined the ECCU staff, I was surprised by the scope of training we receive here. Regular training on matters of banking security is mandatory, even for those like me who don’t handle member’s money or have access to their personal information. 

Some of this training is fascinating. In one session a video showed us the sophisticated methods hackers use to get at people’s information online. It had an effect similar to that old documentary Scared Straight. I left the session and immediately changed many of my passwords to make them more secure. 

A recent Forbes article used a little intrigue to underscore the importance of picking smart passwords. “25 ‘Worst Passwords’ of 2011 Revealed” makes you smile unless yours is on the list. My favorite is “letmein.” 

Besides a chuckle, the article gives readers practical guidance, including three tips from a list of password best practices created by NASA to help safeguard their rocket science, including: “It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.” 

Have you chosen smart passwords to protect your important information and assets?

“Your account appears to have an unauthorized transaction. To ensure that your account is not compromised, please click the link below and confirm your identity.”

Sound familiar? That message is from a recent phishing attempt I received via email. In the act of phishing, Internet fraudsters send spam or pop-up messages in hopes of gaining access to your personal information (credit card numbers, bank account information, Social Security numbers, passwords, or other sensitive information). The email looks official and raises concern and may even threaten dire consequences if you do not respond. They include a link to a website that looks official, but isn’t, and captures any personal information you enter so they may steal your identity. 

Now, the same type of scam is finding its way to you via your cellular phone. In a smishing attempt, identity thieves send a similar message to your mobile phone using an SMS text. The text relays that an urgent matter needs to be discussed and provides a toll free number where a fake automated voice-response system records account number and password information. Smishing relies on the tendency for individuals to be more trusting of text messages than email messages. 

In a world where fraudsters are looking for any opportunity to gain access to our private information, how do we defend ourselves? The American Bankers Association suggests financial institutions share tips and remind customers that socially engineered schemes rely on methods financial institution would never employ.

They state,

“To avoid fraud, banks and credit unions should remind customers to”:

• Never give out personal or financial information in response to an unsolicited phone call, fax, e-mail or text.
• Contact the financial institution to confirm the legitimacy of any e-mail that asks for the submission of personal or banking account information.
• Check credit card and bank account statements regularly for unauthorized transactions…even small ones.
• Make sure websites are secure when submitting financial information online. Check for padlocks or key icons at the bottoms of Internet browsers. Most secure Web addresses also use “https.”
• Report suspicious activity to the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
• Contact your financial institution immediately if a phishy link may have been clicked or a suspicious communication responded to.

What have you done to prevent identity theft?

To help you know what to expect if you attend the upcoming 2011 Financial Forum for Ministries, I’ve asked each of the presenters what they’ll be covering. Next up is George Martin, CLU with HUB International Insurance Services. His session is titled, “Slaying the Cost Dragon.” 

MBG: How will your presentation help attendees better serve their ministries?

George: My presentation will give information and ideas to those responsible for their ministries’ benefits programs so that their benefits costs might be more predictable, reasonable, and easier to budget for. 

MBG: What are three important takeaways attendees will learn during your presentation?

George: First will be to think differently about the design of medical plans. Second, we will talk about selling the “We’re all in this together” mindset and teaching employees how to be better consumers of healthcare. Finally, people will learn how to use the new benefit plans to project future costs to their ministries.                                                                                                      

MBG: What is one suggestion you’d offer to help attendees gain the most from this learning experience?

George: Come with an open mind. The plan designs are different, but they have worked very well for many organizations. 

MBG: What do you think are the biggest challenges facing ministries today?

George: Ministries, like all non-profit organizations, typically pay lower wages than other businesses with which they compete for employees. Therefore, most of the secular and non-secular non-profit organizations we work with want to be sure that their benefits packages are as strong as possible. The struggle is how to keep the benefits strong but still affordable to both the ministry and the employees in any economic situation, especially the current one. 

What is the biggest challenge you face regarding benefits packages for your ministry staff?

Employee education is one of the strongest tools in our arsenal to fight cybercrime.  NACHA, the Electronic Payments Association, suggests that one simple question can make the difference between an infected network and a protected one. Teaching our employees to always ask, “Does this email make sense?” before responding to it, opening an attachment, or clicking on a link, can make all the difference.   

Regularly remind your staff that financial institutions, government agencies, and associations will not request personal identification numbers (PINs), user names, passwords, or account verification via an email. Should they receive such a request, it is best to delete the email rather than risk infecting your network. 

Emails from family and friends may include links to sites that also may infiltrate the network. Asking, “Does this email make sense” includes considering whether or not it makes business sense to open an attachment or link to an unknown site. 

When in doubt, NACHA suggests: 

Using a lock up service such as “whois.net” to view domain registration information of an email sender.

Contacting the sender to determine legitimacy, but never use the phone number included in the email.

Deleting the email. 

How have you been educating your staff about the perils of cybercrime?

Yes, this is a blog post about the IRS. So, understandably, I’m afraid I might lose you before we even begin. Please don’t check out too soon, though, because here’s the bottom line: The IRS actually has a new program designed to save you hassle and money. 

Good, you’re still reading. Now let’s talk about why this program might be important to your ministry. 

In the nonprofit world, especially in churches, it isn’t uncommon to find misclassification of workers—usually meaning an employee is mistakenly classified as an independent contractor. Why is it a problem? According to the IRS, “Employers who misclassify workers as independent contractors can end up with substantial tax bills. Additionally, they can face penalties for failing to pay employment taxes and for failing to file required tax forms.” 

The new IRS program allows employers to resolve past worker classification mix-ups. By making a minimal payment to cover past payroll tax obligations, employers can come back into compliance rather than waiting for a dreaded and painful IRS audit. 

If your ministry is eligible for this new program, you can obtain substantial relief from past-due federal payroll taxes. Once accepted into the program, you will pay an amount effectively equaling just over one percent of the wages paid to the reclassified workers for the past year. No interest or penalties are due, and you will not be audited on payroll taxes related to these workers for prior years. 

(Need help determining if you have classification mix-ups? In a blog post I wrote addressing the issue last year, I included a resource from the IRS to help distinguish employees from independent contractors.) 

There you have it. If you discover your ministry has employees who are classified as independent contractors, take advantage of this program to avoid hassle and expense and get into compliance. After all, how often does the IRS try to make things easier for you?