Cyber Security

As the world shrinks, business owners may find themselves traveling to foreign destinations. Often, such trips are vital, leading to personal visits with suppliers and potential customers. Ideally, you’ll be able to deduct all your travel costs, but that may not be the case if you venture beyond the 50 states and Washington, D.C.


The Seven-Day Rule

If you travel outside the U.S. for a week or less, your trip will be considered entirely for business, even if you combine business and nonbusiness activities. Then, you can deduct all of your travel costs. A week, for this purpose, is seven consecutive days, not counting the day you leave the U.S.


Example 1: Denise Edwards has a clothing import business in Chicago. She travels to San Francisco on Tuesday, then flies to Hong Kong on Wednesday. After spending Thursday and Friday in business discussions, Denise spends Saturday through Tuesday sightseeing. She flies back to San Francisco on Wednesday and returns to Chicago on Thursday.


Here, Denise was not outside the U.S. for more than a week. (The day she departed from San Francisco does not count as a day outside the U. S.) Therefore, she can deduct all of her travel costs. She also can deduct the cost of her stay in Hong Kong for the days she worked there but not her costs for her sightseeing days.


More than One Week

Business trips longer than one week trigger another set of rules. As long as 75% or more of the trip’s total days are business days, you can deduct all your travel costs. Days traveling to and from your destination count as business days, for the purpose of reaching the 75% mark. Again, your costs for nonbusiness days are not tax deductible.


If your trip is primarily for business, but you fail both the one week and the 75% tests for the travel, calculating your deduction becomes more complicated. You can only deduct the business portion of your cost of getting to and from your destination and must allocate your travel time on a day-to-day basis between business days and nonbusiness days.

Example 2: Henry Jackson owns a restaurant supply business in Boston. He flies to Berlin on March 7 for a conference and spends time there on business until March 17. That day, Henry flies to Brussels to see friends and tour the local museums. On March 24, he returns to Boston from Brussels.

As the IRS looks at Henry’s itinerary, it appears that Henry could have returned to Boston on March 17, after completing his business. Thus, 11 days of the trip (March 7–17) count as business days while the other seven days (March 18–24) are nonbusiness days.

With this reasoning, 7 out of 18 days of the trip were nonbusiness days, so 7/18 of what it would have cost him to travel roundtrip between Boston and Brussels is not tax deductible.

Assume Henry’s total airfare costs were $2,000, whereas roundtrip airfare between Boston and Brussels would have been $1,500. Henry must subtract 7/18 of this roundtrip fare ($1,500 x 7/18 = $583) from his actual travel expenses. Because Henry spent $2,000, subtracting $583 gives him a $1,417 deduction for his airfare. He can deduct his costs while in Berlin on business but not his costs while in Brussels for other purposes.

As you can see, calculating foreign business travel deductions can be complex. If you will be outside the United States for business, our office can help you set up a schedule for optimal tax benefits. Call BiggsKofford at (719) 579-9090 wit any questions you may have.

Cyber Security 

How to Protect Your Organization from Cyber Threats


Guest Speakers
                                            Todd Morris           Jill Webb
                                          Vice President       Vice President
                                           CB Insurance        CB Insurance


What We’ll Discuss:

  • What is cyber security?
  • Why is it an important topic for businesses?
  • What is the impact on your organization?
  • How can an organization protect itself?



Thursday, September 18, 2014

7:30 – 9:00 a.m.

BiggsKofford’s Office,

630 Southpointe Court, Suite 200



The Healthcare industry has become a hotspot for cybercrime due to the wealth and value of the knowledge held in Electronic Health Records (EHRs).  “With its storehouse of patient personal information and financial data, including credit card numbers and health insurance identification numbers, your practice is a tempting target for those who want to use or sell this type of data – and the criminals need only one weak link, such as an under-secured computer or portable device, to gain access.”[1]

Laws governing the privacy of patient’s healthcare records are contained in the Health Insurance Portability and Accountability Act (HIPAA).  They require healthcare organizations to implement administrative, physical and technical safeguards to guarantee integrity and privacy of their patient’s records.  Despite the rigorous rules defined by HIPAA, Healthcare providers are subject to more and more attacks.  Compliance is not enough to ensure the safety of EHRs.

The value of a credit card in the underground market is around $1 USD, but when combined into a full identity profile, to fair value of that same card is dramatically increased to roughly $500. [2]  This makes EHRs a hot item for cyber criminals.

Financial services and retail organizations have learned over the years the true costs of data breaches, and have taken steps to help ensure security.  In 2012, HHS’ Offices for Civil Rights has entered into several major settlements of HIPAA enforcement actions.  Major healthcare providers have settled their data breach cases for between $1.5 and $1.7 million dollars. [3]   A cardiac surgery practice in Phoenix settled a case for $100,000 with OCR for having an appointment calendar publicly accessible over the internet.  State attorneys have pursued smaller cases, which have resulted in over six figure settlements.  Smaller physician practices are at risk for lawsuits and should take care and have extensive safeguards to protect their patients.

This is clearly a challenge that must be overcome by healthcare organizations that traditionally has not been subject to this threat, and has not had to accommodate for cybercrime.  Risks that need to be addressed as more and more information is at risk to cybercrime include [2]:

  • Securing enrollment to ensure that first-time users to a portal are who they say they are before granting access to various applications
  • Securing access to online portals to prevent the loss of patient’s personal and healthcare information
  • Securing access for physicians to clinical applications that contain patient data
  • Securing access for payees and other third parties to sensitive data required to perform their job
  • Securing the web session both before and after login
  • Educating employees on the risks of phishing and malware

Contact your healthcare attorney to ensure you are HIPAA-compliant and what steps you should take once aware of a potential breach of information.  Also, contact your IT provider on better ways to technically safeguard your practice.  If you have any questions regarding cyber security, please contact your BiggsKofford representative at (719) 579-9090, and we will be happy to serve you.







Article written by Nick Phillips, Associate at BiggsKofford.


What is cyber security?

Cyber security is the process of protecting an organization’s network and computer systems from the unauthorized access and use for the purpose of stealing or destroying vital company information or individual personal identification information and personal health information.

Why has cyber security become such an important topic for businesses?

  • The top three causes for a data breach are:
    1. Lost or stolen computing devices.
    2. Third-party snafu.
    3. Unintentional employee action.
  • Average time to notify data breach victims is approximately seven weeks.

What is the impact on an organization when a breach occurs?

  • When an organization experiences a breach there is an instant loss of customer loyalty and confidence.
  • An organization is now in damage control mode to protect its brand and reputation.
  • Employees are forced to divert their focus from core activities to crisis management.
  • There are unnecessary and lingering expenses like credit monitoring, litigation expenses and potentially fines.

How can an organization protect itself?

There are three main components to protecting your business.

  • First is to implement a risk management process that includes having a documented risk assessment and response matrix, a clearly defined response strategy with defined roles for all team members, and a communication plan.
  • Second is to ensure the organization is compliant with state and federal laws, rules and regulations like HIPAA, FACTA and breach notification laws.
  • Third is to purchase a cyber-liability policy that covers both 1st and 3rd party losses. These policies cover losses that are excluded from general liability and umbrella policies.

What kind of coverage can be purchased?

There are four types of coverages an organization can purchase.

  •  Network Security/Privacy Breach – This covers liability from unauthorized access to digital records and negligence or failure to protect or safeguard confidential data.
  • Cyber Extortion – covers the threat to incapacitate your network or website.
  • Internet Media liability – covers claims of libel, slander, copyright infringement or other electronic advertising or personal injury.
  • First Party Internet Liability – this is business interruption coverage that provides for loss of income and extra expenses due to a network or system shut down.

The types of coverage needed for each organization will vary depending upon the existing exposures and your appetite for risk. We recommend that every organization sit down with their advisor to discuss employing a risk management strategy.


Article by Jill Webb, Vice President of CB Insurance, Colorado Springs. See Jill and her colleague, Todd Morris, present at this month’s Entrepreneurial Corner event.

Make a Payment to BiggsKofford

Warning, this is NOT the Colorado Department of Revenue. This is to make a payment to BiggsKofford, CPA Firm.