How To Protect Yourself Against A Phishing Attack

You have probably heard about phishing attacks in the context of the Internet. But in fact, phishing is older than the web itself. This password-stealing technique was first used over the phone. Hence the name that’s a portmanteau of “phone” and “fishing”, as in fishing for passwords or other information.

Today, phishing attacks are still going strong, although now in digital form. Read to find out what a phishing attack is and how to protect your accounts from this common cyber threat.

How does phishing work?

Phishing is a game of deception. Hackers send emails posing as a legitimate institution to trick victims into revealing their sensitive information, such as passwords or credit card details.

Phishing emails use manipulation to compel victims to reveal their information. They often convey a sense of urgency, informing the target that they’re in an overdraft or that their credit card has been blocked. Alternatively, phishing emails would describe too-good-to-be-true scenarios, such as winning a contest the victim never entered or getting an unusually high tax return.

Typically, phishing emails contain a link that will redirect the victim to a website. These websites are exact replicas of the sites the hackers are impersonating. The unsuspecting target will be prompted to enter their login details or card details as usual. Unfortunately, this information will then go straight to the hackers who can now take over accounts or perform banking operations in the victim’s name.

In an alternative version of phishing, the link won’t take the victim to a site but it will download malware onto their computer instead. That malicious software will then provide a backdoor to cyber criminals to take control over the device or steal sensitive information.

How to protect yourself and your data

Know how to spot them

The first step to protecting yourself from a phishing attack is to be aware of their existence and treat all incoming emails with a healthy dose of skepticism. Beware of emails that ask you to reveal your personal data and never click any links in suspicious emails.

If you get an email from your bank, the government, or PayPal asking you to log into your account, don’t follow the links in that email. Instead, search the relevant website in your search engine and log in that way. If you want to be extra sure, it’s a good idea to bookmark your bank’s and other important institution’s websites for future reference.

Look also for warning signs in the email. Does it look different than normal? Is the greeting generic and doesn’t include your name? Is the email address correct? Phishing emails are often sent from email addresses that are very similar to the actual ones but so can be easily mistaken at first glance.

Set up two-factor or multi-factor authentication (MFA)

No matter how careful you are, you might still fall victim to a phishing attack. Cybercriminals who run these schemes are experienced and employ increasingly advanced techniques.

The only action that can truly protect you from the consequences of a phishing attack is securing your accounts with two-factor or multi-factor authentication. Two-factor authentication adds another layer of security on top of a password. It combines something you know (password) with something you have (security key, your phone), meaning that the hacker can’t simply log in from a new device just by knowing your password. They will still need to complete the second authentication step which in most cases will be impossible.

There are various methods of authentication that can be used as the second verification step. It’s worth noting that using an authentication app on your phone or a hardware security key are preferred forms of verification. Hackers have been known to redirect text messages of the victim to a different SIM card, so using texts as verification is generally discouraged by security experts.


Phishing attacks can outsmart even extra careful Internet users. It’s important to know how to recognize, what to do when you become a target, and how to prepare a safety net in case you fall for one. In 2019, taking care of one’s cybersecurity is more difficult and more important than ever.

Safeguarding Your Online Funds

In 2018, PayPal completed a major milestone — it processed 227 billion mobile transactions. Truth be told, this comes as no surprise, considering the worldwide popularity of this service and the increasing number of people using mobile devices to complete online purchases.

Unfortunately, mobile shopping isn’t the only statistic that has increased. Mobile malware and other cyber security issues are also on the rise.

In Q2 of 2018 alone, there were 1.74 million software packages targeting mobile payments, social media information, and financial data you’re storing on your phone.

So how can we improve the overall security of our online mobile transactions?

First things first, don’t forget to lock your phone. Surprisingly, not everyone has enabled this security measure. It’s a simple hack but one that could save your money the next time you forget your phone in the company boardroom or at the local McDonald’s.

Secondly, always use two-step verification, also known as multi-factor authentication (MFA). Now, it’s true that this method takes a little more time to log in, but it’s worth the effort.

Another good piece of advice is to use a temporary cash card for your purchases. You choose how much to add to the card which doesn’t need to be connected with your bank account, unlike debit cards. In the U.S. banking system, you only have 48 hours to claw back unauthorized transactions. The Federal Reserve is testing immediate transfer capabilities now, which will shorten this time more. Core banking systems like those from FiServ, Jack Henry, FIS and DCI will implement these capabilities and you’ll see them in your banking portals.

Setting up a limit on your online transactions is another good way to protect your cash. Cards flag suspicious transactions, but not everything is suspicious, and once someone has access to your card, they will keep using it until it gets blocked. Adding a limit onto your accounts speeds up the process of flagging.

Last but not least, if anyone asks you to email or share your credit card information to process a transaction, think twice, or simply refuse to do it. More and more reputable companies have secure credit card payment input, which means no one sees your financial information. Emailing makes your credit card information unsecure and is just not worth the risk.

Internet-based banking and commerce are not things that are just going to fade. Although there are risks associated with them, they provide us convenience. You can have the best of both worlds as long as you take steps to protect yourself.

Cyber Security and Other Statistics for 2019

Author’s note: I recently read a collection of statistics from techjury that will give you pause. TechJury compiled a list of cyber security statistics to help visualize what is happening in the field as well as what to expect in 2019. You can see the entire article and an infographic on their site. I’ve summarized them here with the author’s permission.

Alarming Cyber Security Statistics

  • It takes half a year to detect a data breach.
  • 43% of all cyber attacks are aimed at small businesses.
  • 91% of attacks launch with a phishing email.
  • A business falls victim to a ransomware attack every 14 seconds.
  • 38% of malicious attachments are masked as one Microsoft Office type of file or another.
  • Cyber criminals managed to exploit the credit cards of 48% of Americans back in 2016.
  • The global cost of online crime is expected to reach $6 trillion by 2021.

What are the sources of cyber security incidents?

Data Breaches

Often it is data breaches that steal the headlines.

  1. In most cases, it takes companies about 6 months to detect a data breach.

(Source: ZD Net)

If a robbery took place and the perpetrators got away, how much of a head start do they have if they want to cover their tracks? A day? An hour? Cyber criminals often get a neat 6-month head start, which makes tracking them down that much harder.

  1. There were 8,854 recorded breaches between January 1, 2005 and April 18, 2018.

(Source: Identity Theft Resource Center)

These breaches account for millions of records, with the price per record ranging anywhere from $120-$600. If we average these out at $360 per record, then the total price of these breaches is in the billions. People talk about the cost of cyber security, but they seldom think about the cost of not having it.

  1. In 2017, 61% of data breach victims were companies with less than 1000 employees.

(Source: Verizon)

While this number may be alarming, this has more to do with the fact that the larger-scale companies are more likely to have robust security than smaller companies. Many of these smaller companies simply do not have the means for proper defense to combat advanced cyber threats, which contributes heavily to these cyber security statistics.

Cyber Attacks

Cyber attacks vary in sort and severity, but they can be absolutely devastating, especially for small business owners.

  1. 43% of cyber attacks are targeted at small businesses.

(Source: Small Business Trends)

It makes a lot of sense that the little guy is targeted so often. While the benefit of such attack for the hacker is relatively small, it is much easier to pull it off. Many small businesses have minimal security infrastructure, making them easy prey for data predators. Considering the number of cyber attacks per day, quite a few of those get targeted.

  1. Around 50% of the risk companies face come by way of having multiple security vendors.

(Source: Cisco)

One may think when it comes to security, the more the merrier. However, having multiple security vendors is a great way to complicate your security infrastructure in a way that is likely to create greater vulnerabilities. It is best to stick with one security vendor and comply with all security updates and recommendations the vendor presents, according to various hacking stats.

  1. IoT attacks were up by 600% in 2017.

(Source: Symantec)

Nearly everyone has a smartphone now, making hackers and cyber criminals have greater choice of targets for attack. A portion of the rise could be attributed to the increased number of IoT devices, but the greater issue is that security doesn’t keep up the pace of the growing threats.

  1. 31% of organizations have experienced cyber attacks on operational infrastructure.

(Source: Cisco)

Perhaps the more concerning side to cyber security statistics in general is the number of incidents that have gone unreported. Speculation would lead one to believe that the figure of 31% is significantly lower than reality. Whatever the case, this is an important figure to be aware of as it shows at the very least that hackers are proficient in finding the correct target.

  1. DDoS attacks account for 5% of monthly traffic related to gaming.

(Source: Cox BLUE)

Another prevalent form of attack comes in the form of DDoS. This attack attempts to disrupt regular traffic to the desired web endpoint. Video gaming is a popular place for these attacks to occur because there are predictable and specific endpoints for most devices.

  1. Just 38% of global organizations claim that they are equipped and able to handle a complex cyber attack

(Source: IBM)

Perhaps one of the most alarming cyber security statistics on this list is the understanding that 62% of global organizations cannot claim that they are equipped to handle a cyber attack. This void will lead the charge for improved cyber security in the future.


Malware is by far the most common type of malicious internet activity.

  1. Over 24,000 malicious mobile apps are blocked from the various app stores each day.

(Source: Symantec)

Apple has generally been on top of its app store, not allowing malicious or harmful software onto iOS devices. Android has had a longer journey there because of the freedom afforded to developers. Nevertheless, it improved radically over the past several years. Such malicious apps can still be accessed, but most devices do require user approval before installing any unverified third-party applications. Cyber attack statistics show this to be a key reason why harmful software for mobile devices is not such an issue anymore.

  1. $2.4 million is the average cost of a malware attack in 2017.

(Source: Accenture)

One of the most prevalent attacks comes in the form of malware. Malware can cripple entire systems or even render them useless. A successful malware attack resulting in a cyber security breach can crumble an entire company as well as ruin its public reputation.

  1. There was an 80% increase in malware attacks on Mac computers in 2017.

(Source: Cisco)

Mac computers have always been renowned for their threat security. As far as out of the box security goes, Mac has been the gold standard for quite some time, but things seem to be changing. Malware statistics point to an astronomical increase that raises a few eyebrows. Is it possible that cyber criminals have found new vulnerabilities?

  1. 75% of the healthcare industry has been infected with malware at some point in time.

(Source: CISION: PR Newswire)

The healthcare industry accounts for the most records lost. This has to do with many factors including outdated systems, lack of cyber security training, and substandard protocols. In short, healthcare providers are an easy target with a lot to offer to potential criminals. It is no wonder why this industry is so often a target of large scale cyber attacks.

  1. Around 60% of malicious web domains are associated with spam campaigns.

(Source: Cisco)

For some reason I find it concerning when a company tells me to check my spam folder. The spam folder is where many people get taken advantage of. Spam campaigns attempt to send the user to insecure or malicious domains in an attempt to mine data.

  1. 38% of malicious files came in formats used by the Microsoft Office suite of products.

(Source: Cisco)

Microsoft Office is one of the most familiar sights in a modern working environment. Cyber criminals use these formats for their malicious files in attempts to lure unsuspecting victims into thinking it is just a simple spreadsheet or report. This is valid not only for recent cyber attacks, as executable files masked as harmless, well-known files are a popular digital bait for years now.

Cyber Security Is in High Demand

Security specialist is one of the most promising career choices in the IT sector.

  1. There are over 300,000 unfilled cyber security jobs in the United States, with the demand rising each year.

(Source: Cybint Solutions)

If you are a college freshman deciding on a major, then cyber security might be an attractive option. Not only are there plenty of openings, but the demand is expected to rise at an unprecedented rate. There are plenty of jobs available in tech nowadays, but perhaps none are as vital than as security. The next few cyber security stats show just how pressing this need may be.

  1. By 2021, the number of unfilled cyber security jobs is expected to balloon to 3.5 million.

(Source: The Hill)

The expected rise in jobs is still outpaced by the expected need for them. Chances are, companies will not be able to get enough cyber security experts. There’s simply not going to be enough people with this type of competency to fill all available spots. Let’s just stop and consider what it means that so many companies will not be able to get proper protection from cyber crimes. As cyber crime statistics show, this is one of the biggest problems that companies have to solve.

  1. Cyber security job postings are up 74% over the past five years.

(Source: Cybint Solutions)

This is the silver lining to these attacks. Many young people will be able to find gainful work in the cyber security sector. The unfortunate reality is much of this will be in response to attacks that will take place, and that there will be many more data breaches affecting millions of people within the next few years. Data breach statistics don’t suggest that the need for experts in the field will be lessened any time soon.

  1. Cyber security expenditures are expected to rise above $1 trillion by 2025.

(Source: Cybersecurity Ventures)

Once again, just like the jobs figures, this points to a very secure future for those pursuing a career in cyber security. The question remains if these expected expenditures will be enough prevent data breaches or at least bring them down significantly.

  1. The annual cost of cyber crime damages is expected to hit $6 trillion by 2021.

(Source: CyberSecurity Ventures)

The rate of these crimes is only expected to increase. Criminals are finding increasingly clever and diabolical ways to get their hands on data. This, coupled with the projections for further data breaches, spells an unwelcome story going forward. Some estimates have the number as high as $10 trillion. In this context, whatever the cost of cyber security may be it seems like a worthy investment.

  1. 65% of companies have over 500 employees that have never changed their password.

(Source: Varonis)

I believe most people are guilty of not changing their password often enough. This is just making it easy for would-be cyber criminals to have easy access to sensitive information through compromised passwords. An easy solution to these problems is an automated system that requires employees to regularly change passwords. Many such programs are free and easily implemented by IT professionals.

Ransomware Has Run Rampant

Ransomware, especially with the advent of cryptocurrencies, is an increasingly popular way for hackers to make money.

  1. Ransomware attacks are growing more than 350% annually.

(Source: Cisco)

A ransomware attack is designed to hijack the targets’ systems and hold them hostage in exchange for certain demands. These attacks are particularly effective and growing in number as the data from Cisco shows. The increase in cyber attacks is bound to continue in the foreseeable future.

  1. The damage costs of ransomware will rise to $11.5 billion in 2019.

(Source: Cybersecurity Ventures)

Once again, ransomware holds data and entire systems hostage until demands are met. Independent risk evaluators postulate that compliance with the perpetrator leads to greater security vulnerabilities and greater total loss.

  1. A business falls victim to a ransomware attack every 14 seconds.

(Source: Cybersecurity Ventures)

Something that differentiates cyber crime from any other kind of crime is the automation that can be deployed by perpetrators. Automation allows for cyber attacks to be deployed simultaneously and relentlessly. Failed attacks can be tried again almost infinitely. The number of cyber attacks each day keeps going up. Automation may also be the key to protection from these types of attacks, but for now it is not yet clear how to utilize this technology. As the stakes get higher and cyber criminals become more aggressive, the incentive to develop a solution will rise as well.

Unprotected, Progressively Vulnerable, and Ignored

System upgrades are not the easiest thing to implement. However, they become increasingly necessary to address adequately the growing security threats.

  1. Of all files, 21% remain completely unprotected.

(Source: Varonis)

This isn’t as startling of a revelation when compared to the other cyber security stats, but it is an alarming number of unprotected files. Of course, just because a file isn’t protected, doesn’t mean it’s accessible. Still, there’s a number of cases where that kind of protection is called for, but is not present.

  1. Reported system vulnerabilities went up by 16% in 2017.

(Source: Varonis)

The full reports for 2018 have not become available at the time of this writing, but early indications have this figure even higher over the past year. As tech evolves, most do not upgrade immediately. Older systems have different security vulnerabilities. If these are not addressed in a timely manner the systems are exposed even more with every passing day.

  1. 95% of data breaches have cause attributed to human error

(Source: Cybint Solutions)

With a large data breach, all eyes and fingers begin pointing to the IT department. The fact of the matter is these data breaches can very rarely be attributed to the folks over in IT. Information technology security breaches are few and far between. User error or actions that fall outside of IT recommended behavior will always cause more problems than just following the guidelines set by the IT department.


Phishing mail, just like the popular hobby with similar name, is extremely common and simple.

  1. 30% of U.S. users open phishing emails.

(Source: Verizon)

Unsurprisingly, phishing attacks make up a large amount of cyber security incidents. It is quite likely that most of us have opened phishing emails at some point in time. Kaspersky’s anti-phishing software has caught hundreds of millions of them every year.

  1. 12% of those who opened phishing emails later opened the infected links or attachments.

(Source: Verizon)

As we await the arrival of 2019 cyber security statistics, the report from Verizon shows that phishing attacks had a moderately high success rate. With more and more people understanding the dangers that lurk with these attacks, the hope is that this number will continue to fall in the coming years.

  1. In the last year, 76% of businesses reported that they had been a victim of a phishing attack.

(Source: Wombat)

Phishing attacks are the most common cyber security attack. This type of attacks are a big part of why there are so many compromised passwords. If you check your spam folder in your email, it is more than likely that you will find several of them. If a phishing emails makes it past filters into the inbox, to the untrained eye they will seem like legitimate messages that can be trusted.


  1. ZD Net
  2. Identity Theft Resource Center
  3. Verizon Data Breach Investigations Report
  4. Small Business Trends
  5. Cisco
  6. Symantec
  7. Cisco Data Privacy Study
  8. Cox BLUE
  9. IBM Cost of Data Breach Study
  10. Symantec Internet Security Threat Report
  11. Accenture
  12. Cisco Annual Cybersecurity Report 2018
  13. CISION: PR Newswire
  14. Cisco Data Privacy Study
  15. Cisco Data Privacy Study
  16. Cybint Solutions
  17. The Hill
  18. Cybint Solutions
  19. Cybersecurity Ventures
  20. Cybersecurity Ventures Cybercrime Report
  21. Varonis Global Data Risk Report
  22. Cisco Annual Cybersecurity Report 2018
  23. Cybersecurity Ventures
  24. Cybersecurity Ventures Cybercrime Report
  25. Varonis Global Data Risk Report
  26. Varonis Global Data Risk Report
  27. Cybint Solutions
  28. Verizon Data Breach Investigations Report
  29. Verizon Data Breach Investigations Report
  30. Wombat Security

Related documents and reading:

  1. Know Before
  2. Ponemon
  3. Kaspersky
  4. Cyberark
  5. Time
  6. Ponemon State of Endpoint Security Risk Report
  7. Accenture Cost of Cybercrime Study
  8. Accenture Cyber Threatscape Report
  9. IBM Cost of Data Breach Study
  10. Ponemon Global Cost of Data Breach Study
  11. CSO Online
  12. Accenture Achieving Data-Centric Security
  13. Forbes Technology Council

Other Statistics

Powerful Ways to Reduce Business Taxes for Tax Year 2018 and Beyond

From gathering the necessary paperwork to consulting with tax and financial professionals, tax season is a hectic time for most businesses. However, taking the time to identify all available tax savings opportunities is an essential way for businesses to improve their financial well-being through a reduced tax burden.

For tax year 2018, changes to federal law have made it particularly crucial for businesses to review the various incentives available to them. Most notably, the Tax Cuts and Jobs Act—the sweeping tax reform law enacted in December 2017—made significant changes to individual and business taxation and expanded savings opportunities for both. The following strategies will help businesses take advantage of incentives under the Tax Cuts and Jobs Act and other laws in order to minimize their tax burdens.

Verify that the business is properly classified for maximum tax savings.

The Tax Cuts and Jobs Act provides a deduction of up to 20 percent for pass-through entities, such as S-corporations, partnerships, and sole proprietorships. However, this deduction is not available to certain service-based businesses, including law firms, medical practices, and accounting firms, that have taxable income over $315,000. The new law also lowered the corporate tax rate from 35 to 21 percent. In light of these changes, businesses of all sizes should review their classifications and determine whether they would reap maximum tax savings as pass-through entities or C-corporations.

Claim the §179D deduction for qualifying energy efficiency projects.

Section 179D of the tax code offers commercial building owners a deduction of up to $1.80 per square foot for installing qualifying energy efficiency measures. Specifically, the deduction is worth up to $0.60 per square foot for improvements made to a building’s lighting systems, $0.60 for improvements to HVAC systems, and $0.60 for the building envelope. In addition, governmental entities may allocate their deductions to the primary designers—including architects and engineers—of energy efficiency measures in public buildings. Given the typically large size of commercial and public buildings, the §179D deduction may yield hundreds of thousands of dollars in tax savings.

Unfortunately, the §179D deduction expired on December 31, 2016, but the Bipartisan Budget Act of 2018 retroactively renewed it for projects completed in 2017 only. Therefore, commercial building owners and primary designers should act swiftly to determine whether they may be able to claim the deduction for qualifying projects completed in 2017. Additionally, taxpayers should stay tuned for future renewals of the §179D deduction; due to the widespread popularity of this incentive, there is a chance that it will be retroactively renewed for projects completed in 2018 and subsequent tax years.

Determine eligibility for the Research and Development (R&D) Tax Credit.

The R&D Credit is one of the most lucrative incentives in the tax code, yet it remains underutilized by many eligible businesses that mistakenly assume that it is only available for high-tech or scientific research. In reality, the R&D Credit rewards a wide range of activities routinely performed by businesses in a variety of industries, including architecture, engineering, manufacturing, and construction. This important incentive was formerly a “tax extender” like the §179D deduction, expiring at the end of each year and being renewed based on the approval of Congress. However, the Protecting Americans from Tax Hikes (PATH) Act of 2015 permanently added the R&D Credit to the tax code and made it more applicable to newer and smaller businesses. Specifically, the PATH Act allowed businesses that have been in operation for fewer than six years, have no more than $5 million in gross receipts for the current tax year, and had no gross receipts in the previous five years to apply up to $250,000 of R&D Credits per year toward their payroll tax liabilities. In addition, recent changes have alleviated alternative minimum tax (AMT) limitations that businesses faced when trying to maximize tax savings with the R&D Credit and other incentives.

Given the expansion of the R&D Credit, businesses in various industries should review their project records and consult a tax expert to determine whether they may be eligible. To claim the credit, businesses must present substantial documentation of qualified research activities, including payroll records and project lists, so they are advised to begin preparing records as early as possible. For many businesses, however, the effort involved in claiming the R&D Credit is amply rewarded with hundreds of thousands of dollars in tax savings that may be used in the current year, or carried back or forward for use in other tax years as needed.

Ensure compliance with state sales tax laws.

With over 10,000 sales tax jurisdictions across the country, businesses—particularly those that sell goods out of state—have always faced a confusing patchwork of differing rates and exemptions. However, complying with other states’ sales tax laws has become increasingly important since June 2018, when the U.S. Supreme Court issued a pivotal decision in South Dakota v. Wayfair. In Wayfair, the Court held that states may require retailers to collect sales tax on online purchases—even if the retailer does not have any physical presence, such as a store, office, or factory, within the state. Several states have already responded by enacting legislation requiring out-of-state retailers that meet certain criteria to collect sales tax, and many of these states are beginning to aggressively seek out any remote sellers that fail to comply. As a result, numerous businesses now need to keep track of the varying sales tax rules and rates across the country. Businesses should therefore adopt systems to monitor out-of-state sales transactions, and consult their tax advisors to ensure compliance with the sales tax laws of all states in which they have customers.

Take advantage of bonus depreciation.

Traditionally, the concept of bonus depreciation has permitted taxpayers to depreciate a certain percentage of the cost of business property during the year it is placed into service, and then depreciate the remainder of the cost over the course of the property’s useful life. By depreciating a greater percentage upfront—rather than in equal proportions over the property’s life—bonus depreciation allows businesses to claim more substantial and immediate tax savings. However, the Tax Cuts and Jobs Act expanded bonus depreciation, allowing businesses to deduct the following amounts of the cost of eligible property during the year it is placed into service: 100 percent from now through the year 2022, 80 percent in 2023, 60 percent in 2024, 40 percent in 2025, and 20 percent in 2026. Additionally, the new law allows businesses to claim bonus depreciation for used, as well as new, property. By taking advantage of these changes to bonus depreciation, businesses can maximize tax savings with more valuable deductions.

Invest in Opportunity Zones.

Another way in which the Tax Cuts and Jobs Act changed the tax code was with the addition of Opportunity Zones, which are economically disadvantaged communities in urban and rural areas. With a goal of stimulating economic growth and job creation, the new tax law allows certain investments in these communities to qualify for favorable tax treatment. Specifically, investors may defer tax on any prior gains invested in a Qualified Opportunity Fund (“O-Fund”) until either the date on which the investment is sold or exchanged, or December 31, 2026—whichever is earlier. O-Funds are partnerships or corporations that serve as vehicles for investing in eligible property located in Opportunity Zones. If the investment in an O-Fund is held for more than five years, there will be a ten percent exclusion of the deferred gain, increasing to fifteen percent if the investment is held for more than seven years. If the investment is held for at least ten years, the investor will qualify for an increase in basis equal to the investment’s fair market value on the date when it is sold or exchanged.

Determine eligibility for the new employer credit for paid family and medical leave.

Under §45S of the tax code, the Tax Cuts and Jobs Act offered employers a new tax credit for providing paid family and medical leave for qualifying employees. The credit is equal to a percentage of wages paid while employees are on leave. To claim the credit, employers must have a written workplace policy that provides at least two weeks of paid family and medical leave each year to all qualifying full-time employees; wages paid during leave cannot be less than half of the employee’s regular wages. Qualifying employees are those who have worked for the organization for at least a year and who, in the preceding year, did not earn more than $72,000. (This salary threshold may change in future tax years.) According to the IRS, “family and medical leave” encompasses a variety of circumstances, including the birth of an employee’s child, the placement of a child with the employee for foster care or adoption, and an employee’s own serious health condition or that of his or her spouse, child, or parent.

Employers that provide paid family and medical leave in accordance with IRS guidelines will receive a tax credit of at least 12.5 percent of the wages paid to a qualifying employee while he or she is on leave for up to twelve weeks per year. The credit amount increases by 0.25 percent for each percentage point that paid leave wages exceed 50 percent of the employee’s regular wages. Therefore, employers may claim the maximum credit of 25 percent of wages paid by continuing to pay employees at their regular salaries while they are taking family and medical leave. At this time, the new paid family and medical leave credit will not be available after December 31, 2019. Until then, however, all businesses with employees should review their workplace policies to determine whether they may be eligible for this generous tax credit.

Perform a cost segregation study.

The IRS-approved strategy of cost segregation offers a powerful way for commercial building owners to reduce their tax burdens through accelerated depreciation deductions. Most real property is depreciated over a period of 39 years, while tangible personal property is depreciated over five, seven, or fifteen years. Typically, therefore, taxpayers may claim more substantial and immediate depreciation deductions for personal property assets. However, cost segregation studies—which are performed by third-parties with tax and engineering expertise—identify assets within a building that may be reclassified as personal property. These assets may include wall coverings, carpeting, plumbing or electrical fixtures, and more. By reclassifying these real property assets as personal property, commercial building owners can minimize their taxes and increase cash flow through accelerated depreciation deductions.

Consider whether recent hires qualify for the Work Opportunity Tax Credit (WOTC).

Created with a goal of helping certain categories of job applicants overcome barriers to employment, WOTC offers employers a tax credit of up to $9,600 for each new employee hired from a target group. These target groups include veterans, ex-felons, and recipients of some forms of government assistance. To claim WOTC, employers must file the initial paperwork with their state workforce agency within 28 days of the new worker’s start date, so it is important for businesses to have systems in place for identifying WOTC-eligible job candidates and new hires. WOTC is one of the tax extenders, but was renewed by the PATH Act through December 31, 2019.

Consider tax incentives at the state and local levels.

In addition to the many tax savings opportunities found in federal law, numerous cities and states across the country offer their own tax incentives for businesses. For example, many states have R&D tax credits—which may be even more generous than the federal version.

It is also particularly important for businesses that are expanding and/or adding new employees to explore the incentives available at the state and local levels. These expansion incentives may include tax credits, exemptions, rebates, and training grants. However, many such incentives must be negotiated in advance of any final decision to expand or relocate.

In light of the Tax Cuts and Jobs Act and other changes to state and federal tax law, now is the time for businesses in all industries to work with their tax professionals to claim the savings opportunities available to them. With proper planning, a comprehensive tax strategy can be a powerful way for businesses to boost their bottom lines, freeing up cash to fuel future growth and success.


Jordan Taylor, CPA, CEO/Tax Director, of Capital Review Group,

How Small Businesses Can Bounce Back from Online Threats and Data Breaches

If you pay attention to the news, you know that no business is impervious to hackers and cyber attacks. In fact, even major corporations like Target and Marriott have been impacted by data breaches over the past few years. So, is there anything you can do to protect your own small business? As it turns out, there are some fairly simple measures you can take to help safeguard your business from threats and help it recover in the event of a cyber attack.

 Audit All Hardware and Software Systems

You can protect yourself from data breaches from the start by opting for secure hardware and software for your small business. If it has been a while since you reviewed your systems, now is the perfect time to do so. To protect your sensitive business data, it’s crucial to thoroughly research the companies you use for hardware and software so that you can be sure that data security is addressed by their products. If you can’t find this information or are not sure about your current systems, it may be best to make a few upgrades.

Your payment acceptance systems and programs should be among the first reviewed. If you discover that yours is not as protected as it could be, you should invest in a more secure payment system that has top-quality data security and fraud prevention built-in. Securing your payment systems is a simple tactic for preventing data breaches from disrupting your business, especially since consumer credit card data is commonly targeted by small business hackers. This puts small businesses in the unenviable position of having to mitigate any potential damage and earn customer trust back again in order to recover.

Review Employee Data and Device Usage Policies

While having the right software and hardware can help protect your company’s data, your first line of defense has to be your employees. Employees are privy to sensitive business and customer information every single day, so make sure you safeguard it with effective policies. One practice that has the business community divided is the use of personal devices for the completion of business tasks and communications. This may seem like a cost-effective way for employees to work from home or out in the field. However, a simple mistake is all it takes for hackers to access your company’s information on these unsecured personal devices. If your employees fail to install antivirus software or forgets to update their operating system, for example, any business-related content could be left vulnerable to attacks.

Employees who leave your company can also pose a risk to your data privacy, so take the right steps to ensure your business is fully protected. This may include ensuring that you can wipe company-owned devices and data from devices remotely. So, consider using specialized security apps to delete sensitive business and client information from lost or stolen devices.

Use Secure Email Providers for Business Communications

Implementing the best practices for employee data and internet usage can go a long way in shielding your business from attacks. However, those same employees should also be on the lookout for emails and websites that could link to phishing scams. Hackers are getting pretty good at sending these mock emails or website information to small businesses, attempting to hook users with alarming messages that prompt them to log in or provide sensitive data. Include phishing danger signs in your data training and ensure that your email provider is secure. Using a free account is not always the best choice for small businesses, so make sure your provider uses encryption and filters to properly protect your business from hacking attempts, suspicious spam messages, and malware.

Malware infections can cut into your profits, but more importantly, they cut into your trust with your customers. That damage is often much harder to repair. So, your best bet is to prevent malware and cyber attacks from affecting your small business in the first place.

Being the victim of a data breach or cyber attack is bad for business. That said, you can lessen the online threat to your small businesses with a few preventative steps and measures. So, get proactive about protecting your business’s data.

Security Concerns of the Cloud-Patriot Act Section 215, HIPAA and other issues

I’ve been thinking about choice and freedom frequently during the past few months. For those of you who don’t know me, I like pretty much everybody and don’t have any particular political agenda, nor is this blog a place for such discussion. As my personal mission statement of more than 30 years states, I’m most interested in helping people accomplish their goals more easily by leveraging technology.

The U.S. accounting profession has around 20 (18 by my count) regulations that might have to be followed based on the nature of the data from the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the SEC, the IRS, and more. Some of these laws or regulations require that data stay within U.S. borders, including all backups. Having geographically restricted data usually requires:

  1. A premium be paid to the hosting company.
  2. Data centers to be in the country of origin.
  3. Special encryption or access methods are in place to prevent the use of the data outside the country.

Giving these regulations “teeth” are fines that can easily reach $50,000.00 or more for small businesses. For example, you can expect more requests to sign “business associate agreements” this year since the U.S. Department of Health & Human Services (HHS) has stepped up HIPAA enforcement. The current interpretation of HIPAA data includes patient collection records or reimbursement through accounts payable that might be recorded in accounting software. Most SaaS products aren’t HIPAA compliant, and many hosted versions of desktop accounting products aren’t implemented with a HIPAA-compliant strategy. Likewise, accounting firms that do pension and benefit audits or 401(k) audits are now considered to have HIPAA data. Again, if the HHS agent is a stickler, a business associate agreement can be required.

One of the laws that concerns me regarding client confidential information is the USA PATRIOT Act of 2001, Section 215, which received more notoriety after the National Security Agency (NSA)/Edward Snowden incident of 2013. Of particular note is the Foreign Intelligence Surveillance Court (FISA), which authorizes access to data hosted in public data centers. This access takes place without notification being given to the owner of the data (you or your client), and according to some sources, almost no request is denied. What probably got me thinking about choice and freedom was learning that in the NSA/Snowden incident:

  1. More than 4,200 QuickBooks files were requested for a “fishing expedition” for the IRS to look for potential fraud.
  2. The number of FISA orders was significant.
  3. SaaS vendors had to provide backdoor administrative logins for compliance.
  4. Large companies, including Microsoft, Apple, Google, Yahoo, and others with significant amounts of business and personal data, had to comply.
  5. Canada has a similar law – the Canadian Anti-terrorism Act, Bill C-36.
  6. Reports from the Guardian, New York Times, and others that RSA 4096-bit encryption was broken or backdoors were installed.
  7. Part of compliance included a gag order preventing the companies involved from disclosing, to the owner of the data or publicly, that access had been requested and permitted.

It’s clear that data centers can do a better job related to the security of data than small businesses can. For example, the typical data center has:

  1. Redundant communication lines.
  2. Generators for backup power.
  3. Service level agreements (SLAs) for 99.999(9)% availability.
  4. Physical security and control.
  5. Command centers to watch for attacks, weather, and other threats.
  6. Service Organization Control (SOC)/Statement on Standards for Attestation Engagement (SSAE) 16 certifications (often inherited).
  7. Probable Business Continuity and Disaster Recovery (BC/DR) preparedness.

Our current rule is that if a data center is used, it should be in your home country. If you’re part of the “English colonies,” you can have your data in another United Kingdom–friendly country. However, all of the 5,000 or so data centers or colocation facilities in the United States fall under the PATRIOT Act Section 215, meaning that data stored in these centers has to be surrendered under a FISA court order without notification, even if there’s no wrongdoing. I might call this “guilty until proven innocent,” and the data is simply being taken for review and subsequent action. The current attitude is more similar to the Second Red Scare of 1947 to 1954 in the United States, where many believe the approach is 100% needed and correct and others believe the protections of Section 215 are completely unneeded. President Obama has requested a modification of Section 215. This isn’t likely to happen, but I believe this, or a complete elimination of Section 215, is needed for cloud-related business activity to continue in a secure manner.

Additionally, the increased threat and level of spam, viruses, distributed denial of service (DDoS) attacks, and professional hacker attacks (see the real-time map here), including foreign espionage and corporate espionage, is appalling. Brian Dye, senior vice-president for information security at Symantec, told the Wall Street Journal that antivirus software “is dead.” To this alarming statement, Dye added, “We don’t think of antivirus as a moneymaker in any way.”

While this makes me think protection software won’t help us much anyway, I did take comfort in the May 24 Economist report of a brilliant, new “multicompiler” protection strategy created by computer scientist Michael Franz from the University of California, Irvine. I think Dr. Franz is really onto something, and he has a prototype working with both Linux and Firefox.

If you have client confidential data or your data contains intellectual property, you should never store data in a free data-sharing service. And if you’re concerned about client privacy under the PATRIOT Act Section 215, you should be cautious about using data center–based services. On the other hand, if you believe all of these attacks, threats, and queries don’t affect you and your clients, then you can proceed much like I did originally – naïve that people would want accounting data from honest businesses and people.

Randy Johnston and his NMGI team provide IT consulting services and recommendations. If you have questions on any hardware, software, procedures, or IT strategies for your firm, contact with your questions or to schedule a time to speak.


Solid State Drives(SSD)-Things to Know

Solid State Drives (SSD) are all higher performance than traditional spinning hard drives, but organic…there are a maximum number writes and the products will fail. For the last five years, Samsung has established that they are a market leader in SSD technology, Intel is number two because they are more expensive, but still of high quality. There are a lot of manufacturers trying to enter the market, which you will find in a quick search. There are different grades of SSD drives. Think: consumer, business, enterprise grades.

  • Types
    • SLC (single level cell, 1 bit per cell=low latency, increases longevity, better quality NAND, less heat)
    • eMLC (Enterprise multi-level cell, 2 bit=more right cycles, relatively new in the last couple of years) drives with their enhanced garbage collection techniques have closed that gap between MLC and SLC but only by a small amount.
    • MLC (multi-level cell, original was 2 bit, but now more likely 3 or 4 bit, and fewer right cycles) hybrid drives. These were actually first introduced back in 2008 by Silicon Motion. They were the ones who first produced the SSD controllers which enabled a hybrid SLC-MLC NAND drive.
    • TLC (Triple Level Cell) would be like that found in USB (4 bit or higher, lower quality and cheaper, runs the hottest). (For example, Samsung Evo is TLC NAND)
    • The fact remains that SLC SSD’s (enterprise) are higher endurance drives with regards to writes.
  • Life of drives
    • An SLC drive is rated at 100,000 writes per cell expected lifetime. They are the most expensive (you can buy from HP, 300GB=$8,000)
    • An eMLC drive can reach numbers of 20,000 – 30,000 writes per cell expected lifetime. This is the sweet spot for enterprise. These are being used in data centers. An example is the Samsung sm843 SSD eMLC Enterprise cited below.
    • An MLC drive is 10,000 writes per cell expected lifetime.
    • Consumer MLC = 3,000-10,000 writes
    • From those numbers and with the current cost of eMLC drives I believe the cost vs. writes is a no brainer. These drives when placed in a RAID array should provide a relatively nice service life at a fraction of the cost of SLC drives.
  • Performance in Servers and SANs
    • There is not as much gap in server and SAN controller performance as there once was. Many drives sit behind a caching engine as Tier1 space. The cache (Tier0) handles the processing and write optimization (more on this further below).
    • Latency is not a concern with today’s drives. As with the above, these drives also have the luxury benefit of sitting downstream of the Tier0 cache controller as the second tier.  The cache is 30X faster than SSD on write operations and keeps “hot data/pre-fetch” for faster reads.  Out-of-cache reads (Achilles’ heel of caching) are done at SSD speeds.  SSD drives are super-fast on reads.  This method prevents “write cliffs” that some SSD engines experience as the drives fill up with writes.
    • Endurance numbers are much, much, much higher than 2011. With the right choice of drive, the expected lifetime is 19 years under enterprise class conditions.  Drives in an “abusive” environment should last five years.  We recommend changing the drives by then in those environments (drives will be larger/faster with even higher endurance numbers in the future).  Firmware frequently monitors the SMART data on SSD for replacement prediction based on utilization.
    • Reservation space is large enough on most drives to handle multiple years now (used when a cell reaches lifetime use).
  • Products and product review
    • Samsung just released the 850 PRO which is the successor to the 840 Pro that is mentioned below. It is too early yet to know on this device although it looks to be on track to be just as successful as the 840 Pro.  The 850 Pro would fall into the Performance category just like its predecessor the 840 Pro.
    • These reviewers have been following the SSD market for most of its existence
  • Possible products to purchase:

Make sure that you look for updated information on SSD drives before you make your purchase

Acccounting Firm Survey


Delivering critical decision-making data to firms of all sizes

Randy Johnston, President, Network Management Group, Inc., and Leslie Garrett, PhD, CEO of Insight Research Group, with guidance from an executive board comprised of industry thought-leaders, are conducting a national survey to gather and report research results for firms of all sizes.  Survey results will be analyzed and compiled in an eBook distributed to sponsors and survey respondents. 

Apple iPad Mini

I was fortunate to receive one of the earliest deliveries on the Apple iPad Mini. I had been impatiently waiting to get my hands on this smaller version of the Apple iPad. Based on my personal preferences and work style, I naturally like the smaller format screens better, as evidenced by my earlier articles on the Samsung Galaxy Tab 2 and the Google nexus7. I have not tried the new 10″ Google nexus tablet and now that Samsung is able to ship their larger tablets again, there are those of you who may want to look at the larger format. For me, I like the smaller size that I can hold in one hand, the lighter weight and the thinner form factor. I chose to configure a model that was similar to the two competitors that I have, so I chose the 32MB wireless version of the iPad Mini for $634.99. Perhaps my expectations were too high, but here’s my summary after two days of usage:

  1. The battery life seems reasonable on this model. I don’t stream a lot of video, but do run apps, email, web browsing and other normal business use of the product. Apple claims a run-time of around 10 hours, and I’m currently getting about 8 hours.
  2. The speed is reasonable. Since the Apple iPad Mini uses the same processor as the iPad2 and the new iPad, the performance was quite acceptable.
  3. Since the resolution (163 pixels per inch or ppi) is lower than the iPad 4 Retina Display at 264 ppi, yet higher than the iPad2 at 132 ppi, it was clear that the displays of photos and other visual content was not as good on the Apple iPad Mini as the iPad Retina, but certainly passable.
  4. The product heats up with usage, but it is not nearly as bad as the new iPad(3) unit overheats.
  5. The product is too wide to hold comfortably in one hand. I had my wife try holding this unit as well as the Samsung Galaxy Tab 2, Google nexus7 and Kindle Fire HD. She could not conveniently hold the Apple iPad Mini nor can I. My hand fell asleep holding the product while using it earlier today. Not being able to hold this in one hand is a major drawback on the smaller unit. Single hand operation is critical to commuters as well as many other situations.
  6. The weight of the unit is slightly over 11 ounces and that reduction in weight compared to the larger format units is appreciated. I don’t have the postal scale to weigh all of the 7″ tablet competitors side by side today, but will update this post with that information when I do the “weigh in”.
  7. Comparing the iPhone 5, new iPad and iPad Mini iOS 6.0.1 side by side was an eye-opener. I updated all of my units to the most current release from Friday, November 2 before running the comparisons and I was amazed how many of the settings were different on all three products. This fact is almost worth another post by itself. Certain features I turn off were turned back on in all three units, but not the same features. I’m still trying to figure out exactly why. The iPad mini connected to iCloud automatically although during the setup process, I specifically chose the options to not connect. I wanted to see the native install without any accidental settings updates from iCloud.
  8. The keyboard buttons are slightly too small and close together to allow convenient typing, but they are passable.
  9. Although somewhat expected at this point in the game, some applications seem to be confused if the product is an iPhone or an iPad. Some of this may be issues in my own setup procedure.
  10. Key business apps like email and Citrix don’t work the same on the Apple iPad Mini as they do on the larger iPad models.
  11. The 5MP camera is quite acceptable and similar to the larger iPad although I believe the 8MP iPhone 5 camera does outperform the Apple iPad Mini camera as expected.

Unfortunately, my recommendation is to stay with the larger iPad or consider one of the competitive 7″ tablet products. The primary objection is the product is too wide and too slow to compete favorably with the other advanced 7″ tablets. I really wish this recommendation had come out differently.

Microsoft Surface and the Plethora of New Tablets

Microsoft Surface has shipped, and I was one of the lucky people to get one of the very first units. We are going to see many new tablets released this fall including the iPad Mini, which I have on order ($634.99), as well as the new iPad4 and replacements for the Google nexus7 and Samsung Galaxy Tab 2 that I own, like and use. The tablet operating systems, usability and applications improve daily. I am the most productive on a tablet with a keyboard, but that may not be true for you. My skin type requires touching a screen multiple times for the touch to be recognized. For example, it is normal right now that I have to touch my iPhone 5 2-5 times for each character I type. This past Friday, I counted 17 touches to type a single letter. Interestingly, though, is that the Microsoft Surface has not required me to touch the screen multiple times. I’m not sure if there is a technology difference that makes this touch actually work, or if it is something else, but it is fun to have a correctly working touch Surface!

It is helpful for you to know that I have used every Apple iPad and every Apple iPhone since release. I “get” how Apple’s technology is supposed to work. For business purposes, the Microsoft Surface may be a better product. I have made all of my tablets run Virtual desktops and configured them to support Microsoft Exchange for business purposes. I add keyboards and covers to these units, when possible, to make them fit my business needs more. I naturally like the smaller size and lighter weight of the 7″ tablet size. I enjoy my Apple iPad3 ($1231.30), Kindle Fire ($287.24), Samsung Galaxy Tab 2 ($301.47) and Google nexus7 ($304.91). But wait, there are good things and several shortcomings that you will see about the Microsoft Surface ($841.69) below. After using the product for only three days, here’s a summary:

  1. This tablet is different in use and style than any other tablet released to date. And that is a good thing.
  2. The Microsoft Surface is thinner and lighter than my comparable iPad(3). On my postal scale today, the iPad3 with the Zagg Keyboard weighs 210.0 ounces and the Surface weighs 115.2 ounces. The iPad with keyboard is about 1″ thick and the Surface is 1/2″ thick. The Surface is about 1″ longer with a better shaped HD screen and is about 1/2″ less wide. All around the Microsoft is a lighter, smaller unit. I do have the new Zagg Professional keyboard on order which should make for a lighter, smaller iPad combination. However, after trying nearly 20 keyboards, the model I currently have was the best fit for me until the Zagg Professional was released.
  3. The Microsoft Surface just reeks of quality. The metal stand that holds the product up for you, and the way the keyboard attaches, turns the unit off and on and protects the screen is clearly well thought out. The cover keyboard is so much better than the Apple “refrigerator door” covers that fall off so easily. I have only gotten the keyboard off with some direct effort, so I don’t expect the cover to fall of accidentally, like most Apple iPad covers do.
  4. The included keyboard is flat and has an audible click noise. This works fairly well in low sound situations but not so well in noisy situations. My hands fare poorly on flat keyboards such as those made by Apple (and now by a lot of other manufacturers, too), but oddly enough this keyboard has not hurt my hands. I’m not sure why. I was appalled that different color keyboards cost such a large premium ($120-130) that I was not willing to pay that premium for white, red, cyan or magenta. So like Henry Ford, I chose black. I was interested in the Touch Keyboard, but wanted to experience the standard keyboard first, and had no motivation to spend the extra money since the touch keyboard was the same weight (.46 lbs.) and thickness. The mouse movement on the touch keyboard is sluggish, but acceptable. I did not try to change the mouse speed default settings.
  5. The connectors on the Surface unit are solid and good with two key issues. First, the USB port worked just like a USB port should. Plug in a USB stick and files appear in a typical explorer view. As you would expect, the file structure on the Microsoft Surface is similar to what you see in Windows 7 or Windows 8. The network drives in my home office were accessible (the same as a computer) but this was a tablet doing the job. The Micro SD card slot also worked flawlessly. It is not located in the most convenient spot under the flip metal stand, but it is in a very protected location. Both the USB and Micro SD can expand your storage capability or allow you to work with large files offline. Now for the complaints. The power connector and massive power block were both proprietary. I hate stuff like that. Apple has done better with both the old connector and the new Lightning connector. The Apple power block approach is probably better, too. Simply give me a cord that has a USB plug so I can plug it into computers, airplanes and other power adapters of my choosing! Second, the VGA and HDMI projector adapters should have been a Micro USB connector, not some proprietary form factor that is similar to Micro USB. The connector block of the VGA adapter seemed excessive, but the HDMI adapter was slim. On a good note, both VGA and HDMI worked exactly right on the first try. I could present a presentation from the Microsoft Surface with far greater confidence than I can from any Apple iPad, and I have presented from them all.
  6. Setting up multiple users was interesting, too. The setup process asked if the user was “a child” so security restrictions could be placed on the second user. Remember that the Microsoft Surface that shipped on 10/26 was the “personal” version, not the business version.
  7. Both Portrait and Landscape modes seem to work equally as well. Clearly the device was designed to be used in Landscape mode with the keyboard. The Microsoft Surface is far more natural to run with some touches and some keyboarding. It is clear on the iPad that Apple intended you to only run this with touch, so adding a keyboard is not the most natural.
  8. Integration to Microsoft Exchange and OneNote were phenomenal. The presence of Office 2013 (yes, in preview) was also seamless, quick and superb. The integration into SkyDrive was also completely flawless. Remember, though, that SkyDrive’s security agreement makes me question if business confidential documents should be stored in this resource. I feel the same way about Google Drive, DropBox, SugarSync and
  9. The responsiveness of the Microsoft Surface overall is quite good. The Surface may outrun the Google nexus7 and Samsung Galaxy Tab 2, which both outrun the iPad, iPad2 or new iPad. The iPad4 announced on October 25 will have a faster processor, and I’ll be able to report on the responsiveness of that unit at a later time. (BTW, if you bought an iPad3 in October 2012, take it back and get the new unit!).
  10. The power up and down speed is quicker than any tablet I own. Not sure of the exact reason, but I’m duly impressed. The battery life seems good. I have recharged the unit once since owning it, and can’t give you an accurate run-time estimate. An unexpected nice piece of navigation was the Windows logo at the bottom of the touch screen returned to the Windows menu. Scrolling left and right on the touchscreen is much faster than any Apple iPad or Android unit. Using the mouse to scroll is doable, but painful.
  11. The Windows 8 interface (formerly known as Metro) is interactive, refreshing with information on a continuous and scrolling basis. This is a bit of a concern for confidential email and for appointments both on the Windows 8 screen and on the splash screen for calendar events. The first 35 or so characters who on the splash screen for your appointments, so you’ll need to be careful that your calendar event naming doesn’t contain client confidential information.
  12. The email client connected beautifully to Exchange, but has some usability errors that will have to be fixed in future software upgrades. For example, the Reply button has Reply, Reply all and Forward, but you have to tap twice (once for the button and once to choose one of the options) to reply to an email. This should only require one tap! The email interface was threaded like Outlook 2007 or 2010, which is OK if you like that, and annoying if you don’t. Getting to the settings of the email client is not easy. The biggest annoyance is the difficulty of filing an email that you have completed. Both Apple’s email client and the Android email client have done this better.
  13. I was pleased that my primary password manager, LastPass, was available in the Microsoft App Store and could run on the Microsoft Surface. A major objection to the App Store is no ability to search. The categories of apps is good along with the top free and new releases. The Store should have an easy way to exit back to the Surface and does not.
  14. Camera quality is also marginal, but sufficient. I would have preferred much stronger cameras, than the two 720p HD cameras, (front and rear-facing) that were supplied. These are sufficient to work with Skype, which is one of the available applications in the App Store. One clear error I made was to merge my existing Skype account which changed the way I log in to use Skype. There was not sufficient direction to keep me from making this error. The Skype interface on the Surface was elegant and an indicator of what apps will look like in the future for Windows 8 as well as the Surface. Skype calls on the Microsoft Surface are a better experience than calling from a computer.
  15. I was surprised how some apps worked on the Microsoft Surface. For example, USA Today is available on lots of platforms: Apple iOS for both iPhone and iPad, Android, etc. Everything about the Surface app was better than any other platform except the navigation to sections. The news was far easier to read, the videos and photos were more accessible and sharper, and it probably didn’t hurt to have K-State in the running for the number two poll position. The picture and supporting text on the stories was much easier to read and more navigable. However, one caution on the apps on Surface in general. The developers are still trying to learn how to use the controls in the most effective way, and frequently don’t have the right buttons programmed to return to the Surface Windows RT OS or to switch conveniently somewhere else. We saw this on the Apple iPad for at least two years after initial introduction.
  16. The volume level of audio files is quite good and of high quality. This was one of the key objections I had to the original Kindle Fire. The navigation of the music player is confusing, but I have never understood the Windows Media Player well. The controls were on the Surface keyboard, but should have been equally accessible on the touch screen. It was interesting to watch the Surface tie into my Xbox account and profile.
  17. The Kindle Reader on the Microsoft Surface was quite acceptable.
  18. The built-in OneNote was superb. It was surprising that you could download the old version of OneNote from the App Store, but I suspect that is to maintain file compatibility with older versions of OneNote. I liked being able to write and draw on the screen, but could not get ink to text to work as I expected. The idea here is to take hand writing and translate it to typewritten text. If this works as expected, it may be the “killer app” that would lead me to recommend the Microsoft Surface as the business tablet of choice. BTW, I used my BoxWave stylus (a must for me on the iPad), but the stylus was no better than using my finger for drawing on the Surface.

Downsides, and I’m sure I’ll find more:

  1. There are only around 900 apps in the Microsoft Store as of today. Many of my favorite apps are missing including Audible (books).
  2. The Windows 8 navigation requires too much scrolling, but if you don’t organize your iPad with groups, you have too much scrolling, too. I observed a lady on my flight Thursday night that had 12 screens on her iPad…I wanted to reach over and help her understand how to organize the device to keep from wasting so much time.
  3. The business unit does not become available until January. This unit will have the ability to join a domain. For most business users, this is a reason to wait to purchase.

The other versions of the tablets mentioned above also deserve a written summary like this as well and hopefully will be written up in due course.