The guys discuss the recent data breach at the US Postal Service that led to confidential employee information being compromised. They also answer the question, "What do I need to do to my guest room to make it a writeoff for my business?"
NASIR: All right, welcome to our podcast where we cover business in the news and also answer some of your business legal questions that you, the listener, can send in via email to email@example.com. You can also mail us your questions, but we’re not going to read that so don’t do that.
And my name is Nasir Pasha.
MATT: And I’m Matt Staub.
NASIR: And so, we are on our mid-week episode here covering, once again, a data breach except a little bit different though, I think. It’s important, right?
MATT: Yeah, and a little backstory to this one. Did we talk about the Home Depot data breach?
MATT: I think we might have offhanded mentioned it. We talked about Target; I’d know for sure.
NASIR: Yeah, I don’t know if we featured it, but we definitely mentioned it, for sure.
MATT: So, the Home Depot data breach was pretty big and I’ve probably gone to Home Depot, like, thirty times in the last however many months just to buy all this stuff so I’ve been going to Home Depot. Basically, I’ve used my credit card at Home Depot a significant amount over this period where there was potential breach.
NASIR: Where do you go? The one on Mission Gorge or Sunrise?
MATT: Well, I’ve gone to a couple, yeah.
NASIR: Oh, multiple ones, wow.
MATT: Mission Valley area? I don’t know if that’s the right way to classify it. I think that’s what you’re talking about.
NASIR: Yeah, on Mission Gorge.
MATT: Fairmont and then I go to the Point Loma one sometimes.
NASIR: Yeah, Fairmont – Mission Gorge, Fairmont. Anyway, sorry; sorry to distract all the non San Diegans are very confused right now.
MATT: So, you know, I got a notification from the credit card I use saying, “Hey, we don’t know if there’s a breach…”
NASIR: I just liked how you said “Hey.” Sorry, I got distracted.
MATT: We can cut that out. My throat got a little bit stuck.
So, they said, “Hey, we don’t know if there was a breach but, just in case, we’re going to send you a new credit card.” I was like, “All right. Well, that’s fine.” And then, a couple of weeks went by like nothing. I just kind of forgot about it and they sent me an email saying, “If you don’t activate your card in the next however many days, it’s going to be invalid.” I was like, “Well, that’s a problem because I never got a card.” So, I called in. This was on a Monday I think I called in – for the listeners, a week and a half ago. I explained the situation. She’s like, “Well, you would have received it.” I was like, “I didn’t receive it.” Blah blah blah. She’s like, “We’ll send you a new one.” I was like, “Okay. When I get the new one, when I activate it, will it invalidate my current one?” She’s like, “Oh, no, we already cancelled that.” So, they cancelled the one that was apparently mailed and the one I currently had. She’s like, “You’ll need to re-setup all your automatic payments.” I’m like, “Well, I don’t even have a card to set it up because you just cancelled both of them so that’s a problem, right?”
Anyways, that day, I had to go to the post office. This is a long story to get to my point but I had to go to the post office and I took my old credit card out and I swiped it and I was like, “Oh, yeah, I forgot it doesn’t work,” and she kind of look confused and I was like, “Does it not work?” She’s like, “Yeah.” I explained the situation of what happened. This story again. She’s like, “Oh, actually, we just had a data breach.” I was like, “Oh, when?” She’s like, “Just now.” I was like, “What? That’s not good.”
NASIR: “Is it because I swiped my credit card? Did I do that?”
MATT: Yeah, I was like, “Well, that’s concerning, right? I don’t have any cash so I can’t pay with cash and I have to mail this out so I’ve just got to do it.” I only have two credit cards, this was the other one, I was like, “Ah, gosh, we’ll see what happens.”
The point of this story is the post office, the USPS breach was different because, while it did involve some customers, a lot of it was the employees and even high-end employees that work there, and I guess they apparently didn’t get credit card information, but it’s basically employee names, social security numbers which is obviously bad, and things like that. So, that’s my long-winded story. I guess I could have just summed it saying, “This security breach is different because it’s the personnel that work at USPS and not the customers – even though there’s a little bit of customers still.”
NASIR: And it looks like it came from China, or at least that’s what they think it is, right?
MATT: Yeah, supposedly.
MATT: Yeah, that’s the rumor. It’s interesting that they would go after the post office. To me, the post office is kind of almost an outdated archaic sort of thing. Like, I don’t know, there’s other things they could have gone after.
NASIR: What’s crazy, we still get plenty of mail every day even though it is archaic – I agree – but it is strange. So, this is a little bit different, though. We talked about Ammo to Go's response when they got hacked. That was with their customers and I think it was just email addresses. I don’t even think passwords were involved. But, for this, wait… what did they take from the employees? Do you know?
MATT: I’m reading this now; it says names, addresses, phone numbers, and emails were compromised. I thought I saw social security numbers on here. Maybe I didn’t. I did read that they didn’t think it was credit card information. But, yeah, if it’s the employees then they want to have their credit card and information on file anyways. Maybe if they have a direct debit set up to get their paycheck then maybe they have that information which I guess is just as bad – if not worse – because that’s real money that’s coming out.
NASIR: Last week, we talked about how there’s data breach notifications laws and whether you actually have to notify – which I’m sure USPS did so; obviously, it’s public. But whether you have to notify really depends upon what personal information was taken and who it’s from. There are some distinctions. It may not be as clear because they’re employees but, in the most case, obviously, the best, safest way is just to notify your employees anyway if this had happened to you. But, again, I mean, I know we’ve made this point before but is this representing big or small, you know? In fact, we were tweeting about the breach notification last week and we were trying to be praiseworthy of this company, Ammo to Go, because they were a small company and they were going out of their way to do it, and this guy on Twitter was engaging with me basically saying that, “Well, it’s not that remarkable. They should have protected their security in the first place,” and so, basically, almost saying that they’re the bad guys. But this shows you, okay, I’m not saying USPS is necessarily this very intelligent and forward-thinking company, but they are a big company. They, of course, have security but the point is that – big or small – there is not one company that is not vulnerable to attack, and we’re talking about… I mean, how many times have Microsoft, Sony, and Apple have been hacked and they are tech companies, you know? This should be an eye-opener for every business that it doesn’t matter what kind of security systems you may have – unless it’s literally unbreakable, but even then, right? – you are vulnerable and you have to be able to know how to respond to these kinds of things.
MATT: It did say social security numbers were involved in some and it affects, here, it’s over 800,000.
NASIR: Less than Home Depot? Yeah, because it’s customers. But even socials, I mean, so long as you put in those monitoring services or whatever, those people should be protected and hopefully, I wonder if USPS is going to do that for them. Some data breach laws actually require that, in some cases.
MATT: As I said, China, Russia, or the former Soviet Union.
NASIR: And, when that happens, it doesn’t necessarily mean the government either because all the hacking that comes from those types of countries, you know, whether it’s actual hackers going there or they’re using the servers from there, too. But the point is that they have access to servers that they’re able to utilize that for some kinds of illegal activity where it’s just a little more difficult to do that in the States.
MATT: Very true. Well, until the next breach next week, or the next major one…
NASIR: Till next breach.
MATT: I mean, I think that has surpassed how often we talk about pizza on here.
NASIR: I don’t know about that.
NASIR: You just talked about it now – pizza, pizza, pizza.
MATT: We can incorporate the two into something. Can Papa John’s have a huge security breach?
NASIR: Yeah, that would be great. That would be our ideal…
MATT: Right in the wheelhouse.
NASIR: Ideal candidate. Or somehow, like, a pizza delivery person uses Uber to deliver a pizza and, in the midst of that, gets into some kind of data breach; that would be perfect.
MATT: As long as they were classified as an independent contractor – not an employee.
NASIR: Exactly. Oh, you tied it all together.
MATT: That’ll be our 200th episode. I’ll just take a job as a delivery driver and do it. I’ll sacrifice.
MATT: Question of the day.
“What do I need to do to my guest room to make it a write-off for my business?”
MATT: I’m assuming what this person is referring to is home office deduction which, right off the bat, if it’s a guest room, then it’s not going to work because there’s a lot of rules involved, but the two major ones are regular and exclusive use which is the first requirement and, if it’s a guest room, then that’s not exclusive use because you’re not using that room exclusively for business purposes.
NASIR: That was a good catch. The term “guest room” – you’re right – I mean, if it’s a guest room. For some reason, when I said guest room, I think of, like, an extra room. But – you’re right – if it’s literally an extra bedroom, that’s not going to work.
MATT: Yeah, it needs to be exclusively used. Regular use, that should be pretty easy, I guess, unless you don’t use it at all. It needs to be your principal place of business. That little room or I guess wherever you’re housed, that needs to be the principal place of business. You can still do things in other locations. You can still conduct business in other places but that room does need to be considered your business location.
NASIR: Which usually negates this exception for most people, you know, that actually all of it – exclusivity too as well. To me, with the IRS, I don’t mess with them. And, if you’re listening, I pay all my taxes and have perfect tax; in fact, I overpay my taxes just in case.
MATT: You overpay?
NASIR: So I don’t get audited.
MATT: They automatically refund you if you overpay.
MATT: They’ll send you a check back.
NASIR: Yeah, I know. I’d rather do that than sending a letter that they’re auditing me.
MATT: I guess, unless you roll it over to the next year which you can do but…
NASIR: Oh, all right. So, that’s pretty basic, though. Yeah, that’s a pretty basic question. But I’m just thinking, like, I work in my home. Like, I think most people who work at home, even if they have a designated space, it’s like, it could just be like a desk somewhere in a bedroom or a couch even in front of the TV, especially with the nature of laptops and so forth, the designated exclusive space for office spaces is getting harder to come by.
MATT: Yes, you just take the square footage of whatever that couch is and as a percentage of your entire house and multiply it by your rent, that’s what you’ve got.
NASIR: And, if your son or daughter sits there, you tell them to get off because that’s exclusive. “Hey! That’s my exclusive office space.”
NASIR: All right. Okay. Well, thanks for joining us once again and don’t forget to go to iTunes – our iTunes channel or our iTunes website. Gosh, I don’t even know how to explain that dumb thing, but whatever it is, however you get there, you have to leave a positive review for us. I know a lot of you guys, we see in your stats that you listen through the browser and you listen through some kind of non-Apple device, when you do that, it’s a lot harder to rate us which is fine but, if you can take the extra step and go to your iTunes and rate us, that’d be really cool.
MATT: Yeah, I agree, you should do that.
NASIR: Okay. We concur.
NASIR: All right.
MATT: Keep it sound and keep it smart.