Author: Service2Client

What Families Need to Know About the New Trump Accounts

4 min read

What are Trump Accounts?American parents now have access to a completely new savings tool designed to give children a financial foundation for the future. Established through The One Big Beautiful Bill Act, these accounts carry the name of the current president and come with a unique set of rules that the IRS has just begun to clarify.

Who Can Open One?

Any minor holding a Social Security number who has not yet turned 18 by Dec. 31 of the current year meets the eligibility criteria. Getting started requires an authorized adult, typically a parent or legal guardian, to submit an application to the Treasury Department. Once processed, the government establishes the child’s account.

Free Money for Newborns

Families welcoming babies during a specific four-year window stand to benefit the most. American citizens born anytime from the start of 2025 through the end of 2028 qualify for a $1,000 federal deposit through a pilot initiative. This starter contribution sits outside all annual limits, meaning it will not reduce how much others can add later.

Billionaire Backing Adds More

Tech titan Michael Dell and his wife, Susan, have pledged $6.25 billion to boost these accounts further. Their generosity will provide an extra $250 to the first 25 million children meeting specific requirements. Kids must be no older than 10 and reside in areas where the median household income is under $150,000. Dell, who runs Dell Technologies as chairman and CEO, ranks 10th among America’s wealthiest individuals with a fortune estimated at $148.9 billion.

How Much Can Be Contributed Each Year?

The law caps annual contributions at $5,000, though this figure will rise with inflation over time. Grandparents, aunts, uncles, family friends, and parents can all put money in, but every dollar from these sources counts toward that yearly ceiling. Exceed the limit, and you will need to pull the excess back out.

Workplace benefits offer another channel. Companies can deposit as much as $2,500 annually into accounts belonging to workers or their children. While this money does apply toward the $5,000 threshold, employees will not owe taxes on these contributions.

Charitable organizations and government bodies at various levels have permission to fund these accounts through something called qualified general contributions. Unlike personal or employer deposits, this category of funding exists completely outside the annual cap.

Keep in mind that money coming from family members or friends provides no tax break. These contributions use after-tax dollars. Also worth noting: the earliest anyone can start funding these accounts is Independence Day 2026.

Strict Rules Govern Investments

Congress placed tight restrictions on where this money can go. Only mutual funds and ETFs tracking American stock market indexes qualify. These funds cannot employ any leverage strategies, and their annual expense ratios must not exceed one-tenth of one percent.

Accessing the Funds

Until reaching adulthood, account holders face severe limits on touching their money. The rules permit withdrawals only in narrow circumstances: transferring everything to a different Trump Account, correcting over-contributions, or closing the account following the child’s death.

Everything changes at 18. From that birthday forward, the account essentially transforms into something resembling a traditional IRA with comparable guidelines around distributions and taxation.

Filing Requirements

Establishing one of these accounts means completing Form 4547, which the IRS titled Trump Account Election. This document accompanies your annual 1040 filing and handles both account setup and pilot program enrollment. The form number itself contains a nod to history, combining 45 and 47 to reflect Trump’s elections as both the 45th and 47th commander in chief.

Conclusion and Official Resources

This new savings tool gives families an innovative avenue to save. Taxpayers seeking detailed information can review Notice 2025-68, which the IRS published to address questions about account creation, investment options, contribution types, distribution rules, and reporting obligations. Full regulations remain in development, with proposed rules expected before final versions emerge following public input. The government maintains a dedicated portal at trumpaccounts.gov for ongoing updates.

How to Account for Accretion

3 min read

What is Accretion?Whether it’s an individual investor or a business owner looking to increase their earning power, understanding how accretion works is essential for individual and business investors to make the correct decisions going forward.

How Accretion Works for Bonds

Accretion is the gradual increase of a bond’s value over time. As a bond moves toward its maturity date, it increases in value until it reaches its face or par value – or what’s paid to the bondholder upon maturity.

If a bond has a face value of $2,000, yet it’s discounted at $1,900 when it’s offered for sale, the present value of the bond is $1,900, leaving the difference of $100 as the discount. Between the time of purchase and when it matures, the value of the bond will appreciate, up to its par value of $2,000. As the bond increases in value, this is referred to as an accretion discount. 

When it comes to accounting for bond accretion, there are two common methods.

Straight-Line Method

This approach documents the bond’s appreciated monetary gain and is laid out equally over the bond’s time frame until maturity. For a bond with a term of 10 years and a business that publishes its earnings once a quarter, there are 40 earnings releases.

If there’s a $100 discount, spread across 40 quarters, that is $2.50 every three months. The $2.50 is the quarterly accretion until the bond matures.

Constant Yield Method

This method is different from the straight-line method in that the bond’s value appreciation increases in value closer to the bond’s maturity date.

Acquisitions and Accretion

Companies can also benefit from accretion. Through the concept of synergy, where there’s more output from combining multiple entities than the sum of them if still separate, an acquiring company adds the earnings before interest, taxes, depreciation, and amortization (EBITDA), for example, to add to its existing shareholders’ value.

Illustrating How it Works

If Company X wants to increase its earnings per share for its shareholders, an acquisition is one way to do so. Assume Company X earned $1 million in net income the preceding year and has 3 million shares. And then there is Company Z, which had $500,000 in net income over the same time frame, with 1 million shares issued to raise cash. The following is a way to calculate the acquisition accretion value of the new combined company.

Earnings Per Share of Company X: 1,000,000 / 3,000,000 = 0.33

Earnings Per Share of the new company post-acquisition: ($1,000,000 + $500,000) / (3,000,000 + 1,000,000) = $1,500,000 / 4,000,000 = 0.375

Based on the calculation, the earnings per share of the post-acquisition company are $0.375. Compared to the EPS for the original, pre-acquisition Company X, the post-acquisition company is $0.045, resulting in a positive acquisition accretion.

Whether an individual investor is looking to see how bond accretion works or a company is looking at whether an acquisition makes business sense, understanding how accretion works is essential to ensure it’s accounted for properly.

Seven Tax Moves to Make Before 2025 Ends – Year-End Tax Planning

4 min read

Tax Planning 2025, Year-end tax planning 2025

Tax planning feels like homework nobody wants to do, but here’s the reality: real money is sitting on the table. The One Big Beautiful Bill Act changed the rules this year, and most people are still figuring out what matters for their wallets.

Max Out Everything While You Can

Here’s something many people miss. Every Dec. 31, workplace retirement accounts basically close their books for the year. That’s it, opportunity gone. The limit is $23,500 this year, or $31,000 for those over 50. Also, anyone between 60 and 63 can throw in an extra $11,250 with the new super catch-up provision. That’s serious money that could be working harder instead of going to taxes.

HSAs remain the best-kept secret in tax planning. Most people ignore them until someone explains the magic; it’s literally the only account where taxes never apply. Not when money goes in, not while it grows, and not when it comes out for medical expenses. Singles can contribute $4,300 and families $8,550, with up until the April 2026 tax deadline to make it happen. Starting in 2026, there’s a bonus feature: $150 a month can go toward concierge doctor memberships tax-free.

IRAs deserve attention, too. The contribution limit is $7,000 (or $8,000 for the 50-plus crowd) with that same April deadline. The catch? Income limits and existing workplace plans can complicate things, so checking the rules is important.

Transform Losing Stocks into Tax Wins

Everyone has those regrettable investments. Maybe it was that “sure thing” tech stock or the cryptocurrency experiment that went south. Here’s the good news, selling losers before year-end can offset winners for tax purposes. Even better, losses can erase up to $3,000 of regular income. Whatever doesn’t get used rolls forward indefinitely, like store credit that never expires.

Play the Charity Deduction Game Smart

The standard deduction has increased yet again, standing at $15,000 for singles and $30,000 for married couples. Most people won’t beat that with itemized deductions, but there’s a clever workaround. By bunching several years of charitable giving into 2025, taxpayers can itemize this year and claim the standard deduction in future years. It’s like buying in bulk for tax benefits.

Timing matters because 2026 brings stingier charity rules. Only donations exceeding 0.5 percent of income will count, and high earners face a 35 percent cap. Anyone feeling generous should probably act this year.

Control the Income Timeline

Freelancers and business owners hold the cards on payment timing. That December invoice could easily become January income with a quick conversation. Even employees sometimes have flexibility with bonuses through understanding employers or HR departments. The trick is knowing whether next year’s tax situation will be better or worse.

The Roth Conversion Opportunity

With permanently lower tax rates now locked in, converting traditional retirement funds into Roth accounts makes increasing sense. Yes, taxes are due on the conversion amount today, but then everything grows tax-free forever. Smart planners often execute these moves during lower-income years, like between jobs or early in retirement.

Navigate Required Withdrawals Carefully

Anyone who’s 73 or older must withdraw from retirement accounts by Dec. 31. No exceptions, no excuses. The penalties for forgetting are harsh. First-timers get a choice, either take it now or wait until April. But waiting means two withdrawals hit in 2026, potentially pushing income into higher tax brackets. It’s worth doing the math.

The Charity Strategy Nobody Mentions

After age 70½, a powerful option opens up. You can send up to $108,000 directly from an IRA to charity. This qualified charitable distribution satisfies required withdrawals without adding to taxable income. Married couples can each do this, potentially moving $216,000 to charity while avoiding taxes entirely. For those already charitably inclined, missing this opportunity is literally giving money to the IRS instead of chosen causes.

Take Action Before Time Runs Out

Smart taxpayers are running projections comparing 2025 and 2026 tax scenarios right now. They’re scanning investment accounts for tax-loss harvesting opportunities. They’re accelerating charitable plans into 2025 before the rules tighten. They’re smoothing income across tax years where possible.

Nobody gets excited about tax planning, but a few hours of attention before year-end could save thousands of dollars. Good tax professionals pay for themselves many times over, especially in years with rule changes like this one.

Long Term Care Insurance Options

5 min read

What is Long Term Care Insurance?In 2024, the median household income in the United States was $83,730. However, the national average annual cost of 24-hour paid long-term care (LTC) for a retiree age 65 and older was more than $125,000, according to the Department of Health and Human Services. Moreover, one in five seniors will require care for more than five years.

Obviously, the math varies by household, but the reality is that the majority of older Americans who rely on paid caregiving will use much of their retirement savings and investments to pay for it. When considering insurance, there are presently two options: Long Term Care Insurance (LTCi) and Hybrid Life Insurance with an LTC component. Be aware that each policy offers a throng of variations and exclusions, so it is important to dig into the details of individual policies before making a decision.

Long Term Care Insurance

Purchasing a long-term care insurance policy can help offset the cost of caregiving for either in-home care (in some cases, even payouts for family caregivers) or care outside the home (e.g., adult daycare services, assisted living, memory care, nursing home). However, it’s important to understand the following about LTCi.

It can be quite expensive.

Premiums can range from $2,000 a year for a man in his 50s to more than $12,000 a year for a woman in her 70s. Furthermore, premiums increase annually until benefits begin (premiums cease while benefits are paid).

It may not cover the full cost of care.

Unless care is needed for only a few hours a day, long-term care policies generally do not cover the full cost of paid caregiving. For example, let’s say a policy pays $150 a day, but the owner needs care for eight hours a day. His in-home caregiver charges $30 an hour. That means his cost is $240 a day, so he’ll have to pay the additional $90 a day out of his own pocket. That’s

up to $2,790 a month or $32,850 a year. So, while LTCi can help defray the cost, someone who needs extensive care must have other assets to cover the rest of the cost. For an elderly person who needs 24-hour home care, the cost can be exponential.

Many new policies cover only a handful of years.

When you purchase an LTCi policy, you choose from various options that increase or decrease your premium. For example, coverage periods may range from two years to five years to life. You may also select a waiting period before coverage begins after purchase, which could range from 30 days to 365 days. The longer the wait period, the lower the premium. If you have an immediate need for coverage, you might be denied coverage altogether. That is why it’s best to purchase coverage when you are younger (50s) and presumably healthy.

You don’t get to choose when to start benefits.

LTCi coverage doesn’t kick in until you qualify, which generally means you are no longer able to independently conduct some or all of the prescribed daily living activities. The five primary qualifiers are bathing, going to the toilet, dressing yourself, feeding yourself, and the ability to move from bed to chair/wheelchair. Qualification to begin taking LTCi benefits usually requires physician verification.

The downside of a standalone LTCi policy is that it is a “use-it-or-lose-it” type of contract, much like auto or homeowner’s insurance. In other words, you may pay for it for decades but never actually use it, so all the premiums paid are lost.

Hybrid Life/Long Term Care Insurance

On the other hand, a hybrid insurance policy will pay out some portion of unused proceeds to beneficiaries upon the death of the policyowner. A hybrid policy is basically a life insurance policy with an LTCi rider or an accelerated benefit clause, which, either way, means it will cost more.

First and foremost, it works just like life insurance – once the owner passes away, the beneficiary receives a payout. However, if the owner needs money to pay for long-term care while he is still alive, he can tap the rider or life insurance payout to pay for the care. Then, when he passes away, his heirs receive any amount of the unused proceeds. With this type of policy, the owner doesn’t pay for LTCi coverage he does not need, but it’s available if he does need it.

Premiums for a hybrid policy, like any life insurance, depend on the age, gender, health, and amount of insurance proceeds desired, as well as any additional charge for the LTCi rider. Some policies include LTC benefits as a standard feature.

Employer-Sponsored Benefit

If your employer offers long-term care insurance as a voluntary benefit, it’s worth considering because group rates are generally cheaper than on the individual market. However, while employer-sponsored LTCi policies are usually portable – meaning you can keep paying for it after you leave your employer – your premiums may increase when no longer part of the group policy.

As always, reach out to a professional when it comes to planning for you and your family’s future care.

The New Face of Phishing: Techniques, Targets and Prevention

4 min read

Phishing Attacks Phishing is a major threat that keeps evolving and has now become a sophisticated and costly cyber risk facing businesses of all sizes. Previously linked to malicious links in an email, phishing is now powered by AI, automation, and social engineering. The attacks have become harder to detect; they are faster to execute; and they can be very damaging if successful. With many business processes happening online – such as payments, approvals, and customer engagement – the attack surface has expanded, and so has the creativity of cybercriminals.

The Changing Landscape of Phishing

Modern phishing is unlike the previous suspicious and poorly written emails, and today cybercriminals are using AI tools to do many things, including:

  • Generate perfectly written and personalized messages – attackers can now easily analyze company websites, social media profiles, public reports, and employee profiles to clone the tone, style, and communication patterns. Messages appear legitimate when they reference recent projects or internal updates.
  • Generate deepfake audio and video – with readily available AI voice-cloning tools, a scammer can easily impersonate CEOs or CFOs and request urgent wire transfers or credential access.
  • Bypass MFA using real-time phishing kits – these kits mirror login screens of popular business tools such as Microsoft 365 or Google Workspace. An employee enters credentials and authentication codes into the fake page, giving attackers instant access.
  • Launch automated hyper-targeted attacks – with automation, criminals can target specific departments using tailored messages relevant to their daily tasks.

High-Value Targets Inside Organizations

Phishing attacks are no longer random but very strategic:

  • C-Suite executives – executives are prime targets due to their authority and access levels. If an executive is compromised, their inbox can be used to authorize payments or request sensitive data.
  • Financial teams – the accounts department faces fake invoice scams, fraudulent banking instructions, and impersonated vendor messages.
  • HR departments – attackers send fake resumes loaded with malware. They might also pose as job applicants to access employee data.
  • Remote and hybrid workers – these workers use shared Wi-Fi, personal devices, and unsupervised collaboration tools. This creates a wider entry point for attackers.
  • Customers and partners – attackers impersonate brands and trick customers into submitting payments or sensitive information through fake lookalike pages.
  • IT admins and system engineers are also valuable as they have privileged access.

Modern Phishing Techniques

Emails remain the dominant delivery method, but attackers have diversified to:

  • Quishing (QR Code Phishing)
    QR codes are everywhere: on flyers, delivery packages, restaurant menus, conference badge,s and more. However, QR codes can lead to malicious sites or credential harvesting pages.
  • Search Engine Phishing or Malvertising
    Fake ads appear above legitimate brands on search results that a user can click on –thinking it’s a legitimate link.
  • Browser-in-the-Browser Attacks
    These are fake login pop-ups that replicate trusted login screens. An employee will enter their credentials, thinking it’s a legitimate site, and this goes straight to attackers.
  • OAuth Application Scams
    Here, attackers don’t steal passwords. Instead, they trick users into granting access to a malicious app. Once the access is granted, the attacker has total access.
  • Deepfake Calls and Video Messages
    These may come as high-pressure video calls or messages from an executive requesting urgent action, emergency payment, or private documents.
  • Fake Travel and Expense Scams
    Taking advantage of corporate travel, attackers clone legit travel sites in order to steal credit card and employee information.

Prevention Strategies Every Business Must Adopt

Phishing is a problem that can’t be eliminated but can only be significantly reduced through a combination of technical measures and human risk management.

Prevention requires a combination of technology, processes, and people.

  1. Build a Security-Aware Culture
    Training must be continuous, engaging, and realistic. It should be conducted via simulation and scenario-based learning.
  2. Strengthen Email Authentication
    Implement modern AI-based email filtering tools to help detect anomalies that human eyes miss. Include identity verification protocols like DMARC, SPF, and DKIM to reduce spoofing attacks.
  3. Adopt Zero Trust Security
    Implement the “never trust, always verify” approach. Access should be limited, monitored, and timed out automatically. High-risk actions should trigger additional verification.
  4. Secure Remote Work
    Implement VPNs, approved devices, endpoint protection, encrypted storage, and clear policies.
  5. Implement Multistep Verification for Financial Transactions
    Require verbal confirmation or dual approvals for high-value transfers.
  6. Monitor Vendors and Partners
    Keep in mind, there is a sharp rise in supply-chain attacks. Regularly verify domains, emails, and communication from suppliers and partners.
  7. Have an Incident Response Plan
    Be ready with a response plan in case of a breach. Acting quickly will reduce potential losses.

Conclusion

Phishing has transitioned into a sophisticated threat targeting the core operations of a business. New phishing variants reveal how attackers continually evolve their techniques. With the right awareness, technology, and processes, organizations can significantly reduce exposure.

5 Rules for Giving to Charity

3 min read

Giving to CharityGiving to charity is good for a couple of reasons. First, giving to organizations you believe in is intrinsically good – for them and for you. When we give, the “love hormone” oxytocin is released. Second, giving can reduce your taxable income, which also might make you feel pretty good. But here are a few things to know before you start doling out your cash.

Make sure you give to an IRS-recognized charity. More specifically, it must be a tax-exempt organization that is defined by section 501(c)(3) of the Internal Revenue Code, which includes entities like religious organizations, the Red Cross, nonprofit educational agencies, museums, volunteer fire companies, and organizations that maintain public parks. Most importantly, you must not have received anything in return for your gift. So before you give, make sure you verify your organization with this handy IRS tool. It’s super important to do this before you donate, and be sure to ask how much of your contribution will be tax-deductible. This is key.

Gifts to family and friends don’t count. As much as you’d like to gift perhaps a worthy nephew, these amounts are not tax-deductible. In fact, if they exceed a certain amount, they could be subject to a gift tax.

Deductions have a cap. Generally, you can deduct up to 60 percent of your adjusted gross income via charitable donations (for cash donations). That said, you may be limited to 20 percent, 30 percent or 50 percent, depending on the type of contribution and the organization. Examples of limited contributions include non-cash gifts, private-foundation gifts, etc. This deduction limit applies to all the donations you make during the year, no matter how many organizations you give to.

Exceeding your limit. If you go over the 60 percent limit of your adjusted gross income, the amount can be deducted from your tax returns over the next five years, or when the money’s gone. This process is known as a carryover. Good news for those who are generous.

Deductions for non-itemizers & itemizers. Specifically, for the 2025 tax year (taxes that are due by April 15, 2026), you’ll have to pivot and itemize to deduct your charitable contributions and get the tax break.

But for the 2026 tax year (taxes due April 15, 2027), the rules change for both types:

  • If you don’t itemize on your tax return, you can deduct up to $1,000 (single) or $2,000 (married filing jointly) in charitable contributions. This means you can take an above-the-line deduction for the 2026 tax year on the tax return that you’ll file in 2027.
  • If you do itemize on your tax return, you must donate an aggregate total of at least 0.5 percent of your adjusted gross income to charity to claim the deduction. Only the portion of your total charitable donations that exceeds 0.5 percent is deductible.

Making sure you follow these guidelines will ensure that you can realize your well-deserved deductions and tax breaks. If you have other questions about charitable giving, consult your tax professional. They’ll know all the ins and outs of charitable giving and keep you secure moving forward.

Sources

Tax-Deductible Donations: 2025-2026 Rules for Giving to Charity – NerdWallet

Partial Government Funding, Promoting Transparency and Protecting Against Foreign Terrorism

3 min read

Government Promoting TransparencyEpstein Files Transparency Act (HR 4405) – The purpose of this bill is to require the Department of Justice to release all documents and records in its possession of investigations and court cases related to Jeffrey Epstein. Epstein was previously convicted of soliciting prostitution from an underage girl, and also faced new sex trafficking charges prior to his 2019 death in custody. The files are expected to reveal the names of other people involved in the sex trafficking scheme. The act was initially introduced by Rep. Ro Khanna (D-CA) on July 15. It was updated and passed in the House on Nov. 18, in the Senate the next day, with only one opposing vote between the two chambers. The bill was signed into law by the president on Nov. 19. The DOJ has up to 30 days to release the documents, which may be lightly redacted to protect against unwarranted invasion of privacy, such as victim names and medical data.

Continuing Appropriations, Agriculture, Legislative Branch, Military Construction and Veterans Affairs, and Extensions Act, 2026 (HR 5371) – This is the bill that ended the federal government shutdown. It includes funding for the remainder of the fiscal year for the food assistance program SNAP, the Department of Agriculture, the FDA, the military, Veterans Affairs, and Congress through Sept. 30, 2026. However, it stops short of funding approval beyond Jan. 30, 2026, for Commerce, Justice and Science (CJS); Defense, Energy and Water; Financial Services and General Government (FSGG); Homeland Security; Interior, Environment, and Related Agencies; Labor, Health and Human Services, and Education (LHHS); State, Foreign Operations and Related Programs; Transportation; and Housing and Urban Development. The continuing resolution did contain a few ancillary provisions, including mandatory backpay and rehiring of all federal employees furloughed or laid off during the shutdown. The original version of the bill was introduced on Sept. 16 by Rep. Tom Cole (R-OK). It passed in the House on Sept. 19 and failed in the Senate 14 times before a revised bill was passed on Nov. 10. The final bill, with changes, passed in the House on Nov. 12 and was signed into law on the same day.

District of Columbia Cash Bail Reform Act of 2025 (HR 5214) – This bill was introduced on Sept. 8 by Rep. Elise Stefanik (R-NY). It represents Republicans’ ongoing battle over who has jurisdiction over Washington, D.C.’s law enforcement and justice system. The bill would return to a cash bail system and require automatic detention of those charged under a wider set of offenses. The new confinement rule counters D.C.’s long-standing system of judge discretion regarding detention or supervised release. The bill passed in the House on Nov. 19 and currently lies in the Senate.

Strengthening Cyber Resilience Against State-Sponsored Threats Act (HR 2659) – This bipartisan legislation represents a federal strategy to strengthen U.S. cyber defenses to counter China’s attempts to actively target American infrastructure. Unfortunately, the bill does not apply to other hostile state-sponsored cyber actors such as Russia, Iran, or North Korea. Introduced by Rep. Andrew Ogles (R-TN) on April 7, the bill passed in the House on Nov. 17 and currently rests with the Senate.

Department of Homeland Security Vehicular Terrorism Prevention and Mitigation Act of 2025 (HR 1608) – This bipartisan bill seeks to address the rising threat of vehicle-based attacks, including the possible misuse of autonomous vehicles, rideshare platforms, and connected vehicle technologies. The legislation was introduced by Rep. Carlos Gimenez (R-FL) on Feb. 26 and passed in the House on Nov. 17. It currently awaits consideration by the Senate.

Controversial Defense Funding Bill, Shoring Up ESOP Plans, and Leave Benefits for Public Health Personnel

3 min read

Shoring Up ESOP PlansNational Defense Authorization Act for Fiscal Year 2026 (S 2296) – Introduced by Sen. Roger Wicker (R-MS) on July 15, the Senate passed this legislation on Oct. 9. The bill is a carve-out of the 2026 budget bill intended to fund military appropriations for the 2025-2026 fiscal year. The bill was largely supported by Republicans but less so by Democrats, who are in favor of keeping the government closed until all of their budget concerns are addressed. In addition to establishing funding and policies for military and defense-related activities, the bill includes a roadmap for bomber modernization, a real-time database for contractor compliance oversight, and authorizing programs for nuclear weapons facilities. The legislation would authorize $32.1 billion over the President’s budget request, and the White House opposes provisions in the bill that thwart the President’s ability to control immigration and conduct foreign affairs, including submitting plans to Congress ahead of actions, dictating the terms of intelligence support to Ukraine, and enabling the Defense Department to bypass the Administration’s tariffs. The bill currently rests with the House, which asserts it will not return to regular session until the Senate passes the current controversial CR budget bill.

Employee Ownership Representation Act of 2025 (S 1728) – This bipartisan bill seeks to expand the membership of the Advisory Council on Employee Welfare and Pension Benefit Plans to include two representatives of employee ownership organizations. While the council presently includes 15 members from business, labor, and the public, the council has no expertise specific to Employee Stock Ownership Plans (ESOPs). The legislation was introduced by Sen. Bill Cassidy (R-LA) on May 13 and passed in the Senate on Oct. 9. It currently awaits consideration by the House.

Retire Through Ownership Act (S 2403) – The main purpose of this bill is to provide a clear definition for certain closely held stock that aligns valuations with IRS standards in an effort to mitigate valuation risk for ESOPs. It would also provide “safe harbor” for trustees relying on these guidelines. The Act was introduced by Sen. Roger Marshall (R-KS) on July 23. It passed in the Senate on Oct. 9 and currently lies with the House.

Uniformed Services Leave Parity Act (S 1440) – Introduced by Sen. Tammy Duckworth (D-IL) on April 10, this legislation would authorize leave benefits (parental leave, emergency leave) to Public Health Service (PHS) officers. The bill sponsors assert that the current lack of these important benefits is a challenge to recruiting and retaining PHS personnel, who should be on par with the same benefits offered to uniformed service members. The bill passed in the Senate on Oct. 9 and is up for review in the House.

Internal Revenue Service Math and Taxpayer Help Act (HR 998) – This bill was introduced on Feb. 5 by Rep. Randy Feenstra (R-IA). Among other provisions, it instructs the IRS to provide taxpayers with details of notices that relate to a math or clerical error. The bill passed in the House on March 31 and in the Senate on Oct. 20. It currently awaits the President’s signature to become law.

Why Authorization Sprawl Is the Next Big Security Blind Spot and How to Fix It

4 min read

Authorization Sprawl, What is Authorization SprawlDespite major investments in cybersecurity, organizations continue to face breaches. Most security mechanisms implemented guard against threats such as password theft. However, there is a growing concern with the unchecked expansion of user access, permissions, and tokens across apps, clouds, and systems.

This growing challenge is known as authorization sprawl, and it is becoming one of the most dangerous and least visible threats in modern enterprise security.

According to insights from the SANS keynote at the RSAC 2025 Conference, attackers are increasingly exploiting this sprawl to gain legitimate, persistent access that bypasses multifactor authentication (MFA), security information and event management (SIEM) alerts, and endpoint detection and response (EDR) visibility altogether.

What is Authorization Sprawl?

Authorization sprawl occurs when access permissions multiply uncontrollably across systems, users, and applications. Every time a team or department adds a new SaaS integration, service account, or API key, another layer of permission is introduced.

In an attempt to make access to multiple applications easy, users also have single sign-on (SSO), designed to help log in once and access multiple applications securely. Here, users are granted access to several connected systems through SSO, adding to the authorization sprawl problem.

Over time, all these factors create a complex ecosystem that even security teams have a hard time tracing who can access what.

Unlike authentication, which verifies who someone is, authorization determines what one can do. When permissions expand without review, attackers take advantage of forgotten tokens, dormant accounts, or outdated roles to move freely inside systems.

Why Traditional Defenses Miss It

Most defenses focus on identity verification, such as MFA, conditional access, and endpoint protection. But once a user is authenticated, there is no monitoring. This is the blind spot that attackers exploit. Instead of breaking in, they log in using legitimate session tokens, application programming interface (API) keys, or open authorization (OAuth) grants.

The misuse of valid credentials or access tokens enables cloud-related breaches. These attacks bypass traditional detection tools because they appear to be normal activity by authorized users.

A recent incident involving Salesloft’s Drift application highlights how damaging authorization sprawl can be. Drift, an AI chatbot often integrated with Salesforce, was exploited after attackers gained access to Salesloft’s GitHub account and later its AWS environment. From there, they stole OAuth tokens and authentication credentials, exposing Salesforce data from potentially hundreds of organizations. This incident is an example of how interconnected SaaS systems and unchecked authorization links can create a cascading breach effect, where one weak point leads to multiple breaches across services.

The Business Impact of Authorization Sprawl

Aside from increasing technical risk, authorization sprawl erodes compliance, governance, and trust.

  1. Regulatory Exposure – Frameworks like GDPR, SOC 2, and HIPAA require strict access control and auditability. Untracked permissions make demonstrating compliance nearly impossible.
  2. Operational Risk – An overprivileged account can unintentionally leak data, delete configurations, or expose APIs.
  3. False Sense of Security – Zero Trust frameworks often stop at identity verification. Failing to continuously validate authorization is equivalent to protecting the front door while leaving internal doors wide open.

How to Fix Authorization Sprawl

Luckily, solving this problem does not require removing existing security controls but rather extending visibility and discipline into authorization.

  1. Conduct Regular Access Audits – Map users, roles, and permissions across your environment. Be sure to look for redundant privileges, dormant accounts, and orphaned API keys. Use tools that help visualize hidden paths and privilege escalation routes.
  2. Implement Structured Access Control – Use frameworks like role-based access control (RBAC) or attribute-based access control (ABAC). Standardizing roles ensures fewer exceptions and easier auditing.
  3. Automate Reviews and Revocations – Integrate identity and access management (IAM) with HR systems so access automatically changes when employees leave or change roles. This helps eliminate the temporary access that never gets removed.
  4. Shorten Token Lifetimes and Rotate Credentials – Session tokens and personal access tokens (PATs) should have an expiration period, such as 30 to 90 days. Using automated key rotation policies will help prevent long-lived access tokens from becoming backdoors.
  5. Enforce the Principle of Least Privilege – Grant users and systems only the minimum access needed.
  6. Extend Zero Trust to Authorization – Verification shouldn’t end with login. Apply continuous authorization checks.

Conclusion

As cloud ecosystems, APIs, and integrations continue to multiply, authorization complexity will grow exponentially. Businesses that invest in mapping and controlling authorization sprawl will stay ahead of both attackers and regulators. In cybersecurity, visibility equals control, and this begins with knowing exactly who can do what.

Understanding The Q Ratio

3 min read

Understanding The Q Ratio, What is Tobin's Q RatioWhen it comes to evaluating a business, there are many ways to perform a valuation. One way to do so is to use the Q Ratio. Known as Tobin’s Q Ratio or simply the Q Ratio, this method looks at the proportion between the values of a physical asset and its replacement cost. Developed by Nobel laureate economist James Tobin, this ratio presumes a single company; for public investors, if asset values can be estimated, the company’s market value of a publicly traded company may be approximately estimated.

The original formula is as follows:

Q Ratio = Market Value of Assets / Replacement Cost of Capital

While this formula is the original iteration, approximating an asset’s replacement value is complicated and oftentimes not 100 percent realistic to analyze. The more realistic way it’s calculated is by using book values in lieu of the asset’s replacement costs. The new way to calculate it is as follows:

Q Ratio = (Equity Market Value + Liabilities’ Market Value) / (Equity Book Value + Liabilities’ Market Value)

When it comes to calculating the overall market’s Q Ratio:

Q Ratio = Value of the Stock Market / Corporate Net Worth

Putting the Q Ratio in Practice

Essentially, it’s used to value a company. Once calculated, the Q Ratio provides internal stakeholders and outside investors with one way to evaluate a company.

Above 1

If the Q Ratio is more than 1, the business’ market value is higher than its booked assets. It means a company’s valuation is overestimated in the eyes of the market since there is some portion of the company’s assets that are either not documented or valued fully. When the Q Ratio is above 1, a business’ earnings are worth more than replacement costs for the assets. At this level, entrepreneurs are incentivized to develop a competitor business to gain market share and financial gain.

Equal to 1

When the Q Ratio equals 1, it implies the market sees the company’s assets as valued fairly.

Below 1

At this level, a business’ assets are worth more than fair market value, establishing the business as undervalued. Investors with enough assets can purchase the company in question, either via shares if publicly traded or outright if a private company, versus trying to create a competitor company to siphon value away from it.

Further Consideration

When it comes to the calculated Q Ratio, it’s important to keep it in context. While accountants can be precise with many things during preparation, when it comes to market forces and intangible assets, analysts need to use their judgment. Investors and market forces can create hyperbole for a business’ value that can’t be quantified and recorded by accountants. Stock analysts’ perspectives on a business’ prospects or rumors regarding future performance can modulate the present, dynamic valuation of the company.

Another consideration is how to document and gauge intangible assets like intellectual property and goodwill. While accountants can approximate IP or goodwill, it’s not an exact science.

Thus, when businesses use the Q Ratio to value their own company or one they consider purchasing, investors must take the Q Ratio as part of a holistic valuation approach.