UBP blog


From phishing, to spyware to network snooping, how identity thieves get your information online and what you can do to stop them

As the Internet evolves and identity theft criminals get more and more tech-savvy, it isn’t any wonder the number of identity theft crimes has skyrocketed over the past few years.  

To keep your personal information safe online, you’ll need to first know the most common methods thieves use to collect your information. That way, you can figure out what actions you’ll need to take to stop them.

These are:

  1. Phishing: Phishing happens when a thief sends out an email under the guise of a legitimate company. The email in question will generally contain links to a very legitimate-looking website. Once the victim arrives at the website, he or she will be asked to give a bank account number, credit card number or other piece of personal data.
  2. Spyware: Spyware is software that collects personal data from individuals’ own computers without them even knowing it. It infects their computers when they visit certain websites or open email attachments from unknown senders. Also, anyone with manual access to computers can install spyware on them.
  3. Fraudulent e-commerce sites: Identity thieves often set up fraudulent e-commerce sites for goods they advertise through spam email blasts or on price comparison websites. When individuals place orders on these sites, identity thieves are able to capture their names, addresses, credit card numbers and other information.
  4. Wireless network snooping: Tech-savvy identity thieves use this technique to connect to unsecured wireless networks and steal information from computer files or information that’s en-route from sender to its final destination.

Massachusetts ID theft law compliance deadline is today:

Any entity that employs and/or does business with Massachusetts residents must be in full compliance today, March 1, with our nation’s toughest ID theft law to date—Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00).

Fines for noncompliance are steep and auditors from the MA Attorney General’s office will be coming any day now, are you prepared to show your compliance or face the facts?

Now is not the time for second guessing, call us now at 617-859-1777 and schedule your free 30 minute compliance overview in partnership with Foley and Foley law firm of Massachusetts.


To prevent identity theft at work you need to know where the thieves will go

Identity thieves can steal personal information from you at work, in public, online or even from your home (a place that so many of us think is a safe haven). The first step to protecting your information in all these places is knowing where the thieves will go to get their hands on it.

Let’s start off by looking at the workplace.

Personal information in any given workplace is vulnerable to the prying eyes and hands of permanent staff, temporary and contract workers or even the after-hours custodial staff that comes in and cleans the building every night.

If there’s an identity thief lurking in and around your workplace, chances are they’ll go for one of the following.

  • Unattended Personal Belongings: This includes both unattended purses and wallets as well as easily accessible personal documents employees may either keep at work of bring with them to work.
  • Employee personnel files: Any employee with access to the personnel files that are kept in HR has easy access to employees’ Social Security Numbers and DOB’s as well as a host of other data ID thieves may use to commit fraud. 

Data in personnel files is especially vulnerable to threats from within an organization. A disgruntled employee or even a temp worker could steal employee personal information, sell it to an identity thief or use it themselves to commit fraud.

Effective monitoring is the key:

The information above goes to show that employers should carefully monitor access to all employee personal information. Certain vital details such as who has access to this information, how long they have access to it and what precise business or compliance need their access to this information will fulfill should be spelled out clearly in your Written Information Security Plan required by Massachusetts law 201 CMR 17.00 (which is enforceable the first of next month).

On top of this, employers should communicate to employees the importance of consistently monitoring all accounts they have in their name, checking for any unauthorized activity or the presence of any new accounts that they didn’t open themselves.  

Individuals who steal your identity or credit card numbers depend on you not to look too closely at your bills and ensure that every charge on them was actually yours. “Small” charges of under $100 are often less scrutinized than larger amounts and thieves know this. That’s why you should never just “excuse away” unfamiliar and unauthorized charges, just because they appear small.

Deadline for Massachusetts Identity theft law 201 CMR 17.00 is just a week away:

One week from today, all businesses that “own, license, store or maintain” personal information on any Massachusetts residents must be fully compliant with the Commonwealth’s identity theft law 201 CMR 17.00. Is your company compliance-ready, and can you prove it to the auditor who may come knocking at your door?

To help Massachusetts businesses get compliance-ready, Universal Benefit Plans has partnered with local employment law firm Foley and Foley to offer a complimentary 30 minute compliance review for qualifying companies. Call us at 617-859-1777 to learn more and see if your company qualifies.


The Security of your Identity is only as strong as the passwords you keep—Part 2

As discussed in the previous blog post, your passwords are often your only barrier protecting personal information from the prying eyes of identity thieves. So, it goes without saying that they should be kept both strong and secret.

We’ve gone over how to make your passwords strong, here are a 4 steps that you should take to make sure they’re kept secret:

1. Don’t write your passwords down:  The safest place to store your passwords is clearly your own mind, which is why they should be relatively easy for you to remember. However, if you’re someone with a lot of different passwords to different accounts, you might need to write them down somewhere to remember which one is which.

If this is you, you’ll need to be extra careful about where you put them. Avoid keeping them in places that are easy for a thief to access, such as in your pocketbook, taped to the monitor of your keyboard or even on a sticky note on the back of your mousepad.

2. Don’t use the “remember my passwords” setting:  Whenever automatic logins and “remember my passwords” settings are enabled on your computer, anyone can sign into your computer as you and log in to all of your personal databases.

3. Don’t log into accounts containing personal information on public computers: Public computers include those in libraries, schools, universities or at an Internet café. Your passwords and usernames could be saved by the computer and used to access your accounts by someone else at a later date.

4. Don’t share your password with others: Also, as soon as anyone finds out your password, you should immediately change it (even if the person promised not to use it or tell anyone else).

Starting March 1, 2010, all businesses that “own, license, store or maintain” personal information on any Massachusetts residents must be fully compliant with the Commonwealth’s identity theft law 201 CMR 17.00. This means encryption, creation and implementation of a Written Information Security Plan and a whole host of other responsibilities must be completed by the end of this month.

Is your company compliance-ready, and can you prove it to the auditor who may come knocking at your door?

To help Massachusetts businesses get compliance-ready, Universal Benefit Plans has partnered with local employment law firm Foley and Foley to offer a complimentary 30 minute compliance review for qualifying companies. Call us at 617-859-1777 to learn more and see if your company qualifies.


Do you know what the five costliest health conditions are?

As an employer, when asked what the five costliest health conditions are what do you think would top your list, cancer and heart disease, correct? It depends on what factors you look at to determine cost.

The Journal of Occupational and Environmental Medicine (JOEM) recently published a study revealing that employers who focus solely on employees’ direct medical and pharmacy costs in creating cost-containment strategies are missing a major component of the picture. These findings were based on data from over 51,000 employees and 1.13 million medical and pharmacy claims.

Where employers could be missing the point:

Employers who just consider direct medical costs are missing out on “presenteeism” costs. These costs are incurred when workers have health conditions that aren’t severe enough to keep them home. They come into work, cannot perform their jobs at full tilt and cause a drain on company productivity. 

In fact, for every dollar spent on employees’ direct medical and pharmacy costs, employers can expect roughly $2.30 in productivity related costs.

The  JOEM study found that when considering direct medical and drug costs alone, the top 5 conditions driving health care costs up are:

  • Cancer (other than skin cancer)
  • Back/neck pain
  • Coronary heart disease
  • Chronic pain
  • High cholesterol

This means that those of you who guessed cancer and heart disease got numbers 1 and 3 on this list.

But, when they factor health-related productivity costs, the top 5 conditions driving health care costs are:

  • Depression
  • Obesity
  • Arthritis
  • Back/neck pain
  • Anxiety

In light of these findings, what’s one major step employers can take to improve productivity and bottom-line results?

When developing your overall employee health strategies and disease management programs, make certain to first recognize and prioritize these conditions. That way you can create targeted solutions that address them head on and save health care dollars in the long run.

These solutions are just a small component of Benefit Plan Optimization (BPO™). So many employers out there are paying too much for their benefits and getting far too little in return. They’re definitely not getting the most out of their benefits and our 13 point diagnostic test could be just what the doctor ordered.

Call us now at 617-859-1777 to schedule yours or visit our website www.universalbenefitplans.com and fill out one of our contact forms letting us know your biggest benefits problem. We’ll certainly get in touch with you ASAP to discuss possible solutions.


The security of your identity is only as strong as the passwords you keep—Part 1

If you lived during the Middle Ages and had a castle, you’d want to prevent invaders from breaking in, destroying your property, kidnapping your loved ones, etc. So what would you do? Build a moat, correct?

Now most, if not all of you, would pull out all the stops to create the deepest, most crocodile-filled moat imaginable. After all, it would be your only barrier for keeping invaders out. When creating passwords for your personal information you should use this exact same logic.

That’s because just like a moat is the only barrier keeping invaders out of a castle, your passwords are often your only barrier standing between personal information and identity thieves.

All passwords you use to access personal information (both online and off) should be both strong and secret. This blog post will educate you on how to keep them strong.

What is a strong password?

A strong password is one that includes:

  • 6 or more characters
  • Letters numbers and symbols
  • At least one case change

When creating your passwords, make sure that they are both easy for you to remember and difficult for others to guess.  If your password contains two distinct words or proper names, make sure they are unrelated to one another. 

One strategy you can use to create a strong, memorable password is to use the first letter of every word in a popular saying (making at least one of the letters uppercase) and add a number plus a symbol to the end. For example, a strong password using the popular saying “Speak softly and carry a big stick” might be Ss&cabs13.

Once you’ve set a strong password, you should also take the following precautions:

  • Never use the same password for more than one of your main accounts: If you do, it could take just one security breach to compromise everything in all of your accounts.
  • Change your passwords regularly: The Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) recommends that individuals change their passwords for access to personal information at least every 6 months.  A helpful tip for reminding yourself to do this is to use a recurring event such as a time to change your password (i.e. change your password every daylight savings time).

For any entity that employs and/or does business with Massachusetts residents, OCABR has passed our nation’s toughest ID theft law to date—Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00).

Businesses must be fully compliant with the law by March 1, 2010. Is all your company’s personal information on Massachusetts residents encrypted and/or protected? Do you have a Written Information Security Plan in place?

These are just a few of the 201 CMR 17.00 requirements that must be met. Attend our  free webinar February 11th at 2 pm and in just 30 minutes you’ll know the answers to these questions plus so much more.


New report from Attorney General sheds light on main health care cost driver in Massachusetts

Just last Friday, Massachusetts Attorney General Martha Coakley released a report pinpointing the main driver of the Commonwealth’s rapidly spiraling health care costs—the market clout of highest paid providers. Simply stated, Massachusetts insurance companies are paying certain doctors and hospitals significantly more than others for the same patient care.

Coakley’s year-long investigation leading up to this report revealed that a small group of roughly 10 hospitals statewide commanded anywhere from 10 to 100 percent higher payments than their competitors for similar work.

The study also found no evidence that this higher pay was due to better quality of patient care or treatment of more complex cases. In fact, the study revealed that:

  • Eight in 10 of the best paid hospitals in one insurer’s network were community hospitals. These hospitals tend to have less complex cases than teaching hospitals and also do not have the added cost of training future doctors.
  • One major teaching hospital that treats some of the Commonwealth’s sickest patients is paid significantly less than dozens of other hospitals that treat healthier patients.

Coakley’s team did discover that the hospitals commanding higher payments were able to do so because of market leverage from factors such as brand-name recognition and geographic isolation.

What the investigation has done:

At the end of the day, Coakley’s investigation had one major accomplishment. It shed light on the true cause of Massachusetts’ health care cost increases.  Over the past several years, it was revealed that provider rate increases, not higher patient utilization rates, were the main contributors to higher health care costs.

The Attorney General’s office will release the above as well as other related findings in a series of reports over the next several weeks.  From March 16 through the 31st, hearings will be held on the issue and state officials will ask hospitals, physicians, insurers, employers and consumer groups to testify on factors contributing to health care cost increases and what could be done to make health care affordable.

As the reports are released and hearings go under way, we’ll make certain to keep you up-to-date on all findings and developments you’ll need to know.


What Identity Thieves Want

Identity theft is a huge and costly problem. In fact, it has recently surpassed drug trafficking as the number one crime in the nation and claims one new victim every 3 seconds.

Identity theft can happen to anyone and its results are devastating: stolen funds, a tarnished credit rating and obligations to pay off debt that isn’t even your own.

To keep from becoming victims of identity theft, all individuals should:

  • Keep sensitive personal information under wraps
  • Learn to recognize and put a stop to common identity theft strategies
  • Act quickly to limit damage

This blog post will focus on keeping sensitive personal information under wraps, and knowing what identity thieves want is a logical first step to keeping personal information safe. That’s because when you know what identity theft criminals want from you (and what they’d do with it) you’ll know exactly what personal details to keep safe and secure.

The following table shows you what common pieces of personal information identity theft criminals want and why they want it.

Type of Information Why ID theft criminals want it
Social Security Number (SSN) Your social security number uniquely identifies you for employment and credit purposes and serves as the gateway to all your financial information
Date of Birth Your date of birth (especially if used alongside your SSN) can be used by an ID theft criminal to verify your identity
Financial Account Numbers This includes bank account numbers and credit card numbers. ID theft criminals can use them to take money out of your accounts or make payments both over the phone and online.
Mother’s maiden name ID theft criminals want this information because it’s often used to verify an individual’s identity and authorize access to their financial information.
PIN numbers and passwords These allow access to banking, credit card and online accounts
Driver’s license number This number can be used by ID theft criminals to obtain a fraudulent ID


Starting March 1, 2010 The Commonwealth of Massachusetts Attorney General’s office will begin enforcing Regulation 201 CMR 17.00. The Regulation is designed to prevent identity theft and it’s the toughest identity theft law for businesses in our nation to date.

Is your company up to speed with compliance? Can you afford not to be?

Register to attend our free webinar February 11th at 2 pm and in just 30 minutes we’ll walk you through the necessary steps to get compliant and stay compliant.



One very costly ERISA mistake most 100+ employee companies are making

Most U.S. employers with 100 or more workers don’t comply with ERISA regulations, which can result in some very steep federal fines that add up fast.

The Employee Retirement Income Security Act (ERISA) has strict requirements for employers that sponsor 401(k), group life, medical, dental and disability plans to report certain financial information on these plans to the Department of Labor (DOL) using Form 5500.

However, public records reveal that of the approximately 110,000 businesses that employ 100+ individuals, roughly 60,000 (or 55%) have not filed Form 5500.  These findings are according to a study done by Atlanta-based ERISA Pros.

What this means for employers:

If your company is one of the many that fails to file Form 5500 on time, the DOL can fine you up to $1,100 for every day that it’s late. This $1,100 applies separately for each of your benefit plans, is not subject to the statute of limitations and is not tax deductible. In other words, you could end up owing a lot of money.

For instance, an employer that sponsors a 401(k), medical plan, dental plan, group life and disability plan could owe the DOL over $100,000 for filing Form 5500 just 30 days late.

Also, beginning in 2010, employers are required to file all Plan Year 2009 and subsequent Form 5500s electronically using the Department of Labor’s EFAST2 system. This will make it a lot easier for the DOL to ensure compliance and enforce penalties.

Summary Plan Descriptions:

Last but not least, as many employers know, ERISA requires all employers sponsoring any of the benefit plans mentioned above to disclose benefit-related information to Plan participants via Summary Plan Descriptions.  Many ERISA specialists believe that the rate of employer compliance for this requirement is even lower than that of filing Form 5500.

The Department of Labor is slated to hire 1,000 new employees for 2010, 678 of whom will be investigators. So employers, start taking all the necessary steps for ERISA compliance now before the DOL comes knocking at your door.


Could the encryption law go nationwide?

As many employers know, Massachusetts Regulation 201 CMR 17.00—enforceable as of March 1, 2010 requires all businesses that “own, license, store or maintain” personal information on Massachusetts residents to:

  1. Digitally encrypt all records containing personal information
  2. Create and implement a Written Information Security Plan (WISP) outlining administrative, technical and physical safeguards for personal information protection
  3. Update all firewalls and system security measures on all computers that store and process personal information

Although Massachusetts’ identity theft law is the strictest in our nation to date, there could soon be a Federal law not too unlike 201 CMR 17.00—although the details of this law haven’t quite been ironed out yet.

The Personal Data Privacy and Security Act of 2009:

Senator Patrick Leahy, a Vermont Democrat, is sponsoring a bill called the Personal Data Privacy and Security Act of 2009.

The bill contains the following provisions:

  • New Data Protection Standards: Private and government entities that keep personal data would be required to establish effective programs for ensuring that it’s kept confidential. These requirements include risk assessment and vulnerability testing as well as measures for controlling access to sensitive information, detecting and logging unauthorized personal information access, and protecting personal data both in transit and at rest.
  • New Federal Breach-Notification Standard: If a breach were to happen, companies would not only need to notify all individuals whose data was compromised, but in some cases, credit reporting agencies and the United States Secret Service as well.
  • An Office of Federal Identity Protection would be established as part of the Federal Trade Commission (FTC) to monitor data breaches and enforce identity theft law.
  • Breach notification exemptions: The law would provide private and government entities that have taken adequate measures to protect sensitive data (i.e. encryption) some exemptions from data breach notification requirements. Also, companies would not be required to immediately make a data breach notification if it gets in the way of a criminal investigation. However, both of these exemptions will need to be vetted by the US Secret Service.
  • Criminal penalties for executives that willfully conceal a data breach: Executives of companies that experience a data breach and willfully avoid notifying affected parties would be subject to criminal penalties under this new law.

Federal ID theft law will likely pre-empt state laws:

One major point to note about this bill is that if passed, it would pre-empt (i.e. nullify) state identity theft and data breach notification laws. This means that the rules of data security could change quite a lot for Massachusetts employers, although it hasn’t been established quite how much they’d change.

The Personal Data Privacy and Security Act of 2009 was approved November 2009 by the Senate Judiciary Committee and is currently under consideration by the full Senate.

We will keep very close tabs on Congress’ progress with this law and keep you posted on any major changes that occur.


“Important Tax Document Enclosed”, now what?: FAQs on the 1099-HC and how to use it

Massachusetts requires all residents to have Minimum Credible health insurance Coverage or face a tax penalty. That’s why every year all employees covered on your health plan in the past year receive a 1099-HC.

Employees will get their 1099-HC forms in the mail this month and will use them to report their health insurance coverage on the Schedule HC form.

Since many Massachusetts employers will be entertaining employees’ questions on what to do with this “Important Tax Document Enclosed”, we’ve put together a few 1099-HC FAQs to help them out.

What is the 1099-HC form?

The 1099-HC is a required document for adult Massachusetts residents. It serves as proof that they had Minimum Credible Coverage* health insurance in the past year. 

*Effective January 1, 2009, all health plans sold in Massachusetts are required to meet the Minimum Credible Coverage standards set forth by the Commonwealth Connector.

Who will receive the 1099-HC?

All Massachusetts adult health insurance plan subscribers who had Minimum Credible Coverage in 2009 will receive the 1099-HC.  Medicare recipients automatically meet the requirements for qualifying health insurance and will not receive the 1099-HC.

Why will I receive the 1099-HC?

Using a Schedule HC form, Massachusetts residents are required to report on their health care coverage when filing their 2009 income tax returns. The 1099-HC contains all the information adult Massachusetts residents need to complete the Schedule HC.

When will I receive my 1099-HC and how will I know I’ve received it?

Health plan subscribers’ 1099-HC forms will be postmarked by January 31, 2010. The form will come directly from your health insurance carrier and the envelope will have the words “Important Tax Document Enclosed” written on the front.

What information will be printed on the 1099-HC for the 2009 tax year?

Your 1099-HC form will contain the following information:

  • Name of your Health Insurance Company
  • Federal Tax ID for your Health Insurance Company
  • Subscriber Name
  • Subscriber Date of Birth
  • Subscriber Member ID
  • Subscriber’s Address
  • Full-year coverage or monthly coverage designation *
  • Dependent (s) Name (s)  
  • Dependent (s) Date (s) of Birth
  • Dependent (s) Member ID (s)
  • Full-year coverage or monthly coverage designation for each listed subscriber and dependent*

*If you and your dependent(s) had Minimum Credible Coverage for the full year of 2009 the “Full Year Minimum Credible Coverage” box will be checked on the 1099-HC for you as well as all of your dependents. Otherwise, a check mark will appear next to each month that you or any of your dependents had Minimum Credible Coverage for 15 days or more.

What must I do with my 1099-HC?

If you are filing a hard copy (paper) return, your 1099-HC should be included in your tax return mailing. You should also keep a copy of it for your records.

If a tax advisor is preparing your 2009 income tax return, he or she should be provided the 1099-HC form along with your other records.

When and where can I get a copy of my Schedule HC tax form? Also, how do I complete the Schedule HC?

All Massachusetts residents should receive a Schedule HC as part of the resident tax package mailed to them. If any of your employees need an additional copy, they can visit the Massachusetts Department of Revenue’s website (http://www.state.ma.us/dor) where they’ll also find instructions on how to complete the form.

Next Page »

Create a free website or blog at WordPress.com.