combsandco


Feature Friday with Rebecca Rakoski

“No longer are technology and cyber issues confined to tech geeks in some backroom. In the digital age, IT issues are front and center.”  Will Hurd

2021:17

During my 25+ years in and around technology, the most common refrain from those on the business side of a company when it came to cyber was, “It’s an IT problem.”  That is not the case any longer.  Your IT folks have to be involved in the discussion, but cyber is most definitely a business problem now.  Don’t believe me?  Maybe my next guest on Did You Know That? can convince you.

Rebecca Rakoski is a founding partner of XPAN Law Partners, a practice primarily dedicated to their client’s cyber welfare.  Our conversation focuses on what that means for businesses; some best practices required to stay in “compliance;” and a host of other elements of a cyber program.

Website: https://xpanlawpartners.com/

LinkedIn (personal): https://www.linkedin.com/in/rebecca-rakoski-esq-1460b116/

LinkedIn (firm): https://www.linkedin.com/company/xpan-law-partners/

Twitter: @XPANLawPartners

Email: rrakoski@xpanlawpartners.com



Tenacious Tuesday with Lester Morales

Choose Your Own Adventure With Guest Lester Morales

“Take the next step or choose to let it cripple you.” The wise words from the incredibly impactful man himself, Lester Morales is our next guest.

  Lester is no newbie to the game of a go-getter. After many years as a super successful sales leader, he took a good look around and knew there was a bigger impact to be made in his industry & more importantly his life. With the help of wise words from his mom and a strong belief in himself, he chose to take the leap of faith and opened the doors of Next Impact, LLC. 

What happened would be enough to knock many others of course, still after major hits he has proven to never back down and is as successful as ever running a now 7 figure business he gets to call his own.

 Lester’s journey is a true definition that you don’t get to choose the cards you’re dealt on the journey in life, what you do get to choose is how you move forward to make an impact from that.

 Connect with Lester on LinkedIn https://www.linkedin.com/in/lester-j-morales-5064b91/ 

Instagram: @collblum & @tryandstopmepodcast

https://podcasts.apple.com/us/podcast/try-and-stop-me/id1525146944#episodeGuid=da6af75b-96b8-4d34-917a-48ec70ee5c85



Feature Friday with James Mottola!

The United States Secret Service was established in 1865 to combat counterfeiting.  In 1901, the agency was charged with protecting America’s political leaders, their families, and visiting heads of state or government.

2021:16

James Mottola is a frequent collaborator of mine on the Everything Cyber playlist, as well as other engagements revolving around cybersecurity and cyber liability.  What some of you may not know is that Jim spent 20+ years in the United States Secret Service.  That’s where he was indoctrinated into the world of cyber.

We’re taking this episode of Did You Know That? to explore Jim’s time with the Secret Service, talk about the agency’s mission, and discuss how it prepared him for the work he does today.  While Jim doesn’t reveal any agency secrets, you will get a better idea of how it’s disparate mandates are handled and why there is intense competition among all government agencies.

You can learn more about Jim and his current job by visiting the sites below:

Porzio Compliance Services: https://porziocomplianceservices.com/

LinkedIn: https://www.linkedin.com/in/jamesmottola/

Music: “Come Get Yours – Instrumental” by Bunker Buster via Artlist



Employer’s Responsibility for New COBRA Subsidy Notifications
April 29, 2021, 9:30 am
Filed under: Uncategorized | Tags:

We know as employers you have a lot on your plate right now, and unfortunately we are going to add some parmesan, but know we are here to help in any way we can.  You may have been seeing in the news about this new COBRA subsidy that will allow for former employees who were involuntarily terminated or experienced a reduction in hours to get “free” COBRA for six months (April 1-Sept 30).  That isn’t just smoke and mirrors, it is true, but it will require some work on your end. 

Below is the game plan:

  1. Did you have any former employee that their coverage was lost due to involuntary job loss or a reduction in hours of work who is still covered by COBRA? (typically anyone terminated since November 2019)
  2. If the answer to #1 was yes, then you are going to have to send the attached notices to all of the former employees by May 31st, 2021 or be subject to a penalty that is yet to be determined.
  3. If the answer is currently no however layoffs will occur between April 1- September 30th, please refer to the attached documents for your updated COBRA notice that will need to be sent to the employee being laid off or reduced hours.

So what does this mean if you are on the hook to send these notices?

  1. That the COBRA qualified individual is not eligible for a subsidy if they can obtain coverage under another group plan or Medicare.
  2. The subsidy is only available for someone that that has been involuntarily terminated (not for gross misconduct) or had a reduction in hours.

Who pays?

  • For employers with 20+ employees, the premium assistance will be delivered through the employer paying COBRA premiums to the insurance carrier (or covering the cost of providing COBRA coverage under a self-insured plan) and then taking a payroll tax credit to recoup the cost of covering COBRA premiums or costs.  Employers will treat the subsidy as a credit against the employer’s share of Medicare tax under Internal Revenue Code Section 3111(b). 
  • If the credit exceeds the taxes owed for a quarter, the excess will be refundable.

*Please discuss with your CPA for more information regarding the tax credit/refundable amounts.

So what do I have to do again?

  1. Fill out the “Alternative Notice” that is attached (just the areas that are highlighted)
  2. Send that out via email or first class mail along with the Summary of Provisions Application & the COBRA application by May 31, 2021 – the former employee will have 60 days from the date received to send back the applications to you.  Flip them to us when you get them. 
  3. Also, send the “Summary of COBRA Premium Assistance Provision” that includes the form to request the premium assistance as an Assistance Eligible Individual.
  4. You’ll have to send one more notice out, the “Notice of Expiration of Period of Premium Assistance” notice that has to hit their inbox between August 15 – September 15 to remind them to drop the COBRA if they do not have any intentions of paying for it after the subsidy is over.

Know that this is ever evolving and that there will be a lot of questions coming down the pike.  We are in your corner as always to help.  Still have questions?  Click Here for common FAQs!

Looking for the packet of sample notices? Download the packet at the hyperlink below!



Feature Friday with DYKT? Snippets

“The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: Cybersecurity is much more than an IT topic.” Stephane Nappo

And now Part 2 of the 2-part premiere of DYKT? Snippets.  We’re closing out the conversation about the New York State Department of Financial Services (NYSDFS) Part 500 cyber regulations.  Be sure to watch Part 1 before diving into these videos.

For context, here are some links for the regulations & the actual requirements:

Who NYSDFS Supervises: https://www.dfs.ny.gov/who_we_supervise

NYSDFS Industry Definitions: https://www.dfs.ny.gov/institution_definition

NYSDFS Cybersecurity Resource Ctr: https://www.dfs.ny.gov/industry_guidance/cybersecurity

Regulation Sections:

500.02 – Cybersecurity Program

500.03 – Cybersecurity Policy

500.04 – Chief Information Security Officer (exempt)

500.05 – Penetration Testing & Vulnerability Assessments (exempt)

500.06 – Audit Trail (exempt)

500.07 – Access Privileges

500.08 – Application Security (exempt)

500.09 – Risk Assessment

500.10 – Cybersecurity Personnel and Intelligence (exempt)

500.11 – Third Party Service Provider Security Policy

500.12 – Multi-Factor Authentication (exempt)

500.13 – Limitations on Data Retention

500.14 – Training and Monitoring (exempt)

500.15 – Encryption of Nonpublic Information (exempt)

500.16 – Incident Response Plan (exempt)

500.17 – Notices to Superintendent

Music: “Camaro” by Oliver Michael via Artlist



Tenacious Tuesday with Christina Passmore
April 20, 2021, 10:26 am
Filed under: Uncategorized | Tags: , ,

Check out the latest episode of the “Try and Stop Me” Podcast! Learn about Christina Passmore’s inspirational journey as Colleen Blum talks to her about travle, beauty and when she realized: “I Can Kinda Write”

Flight Attendant, Beauty Brand Amazon Seller turned Successful Copywriting Business CEO

Christina Passmore travels the world as a seasoned flight attendant for a large Canadian Airline, during some big life changes she set out to make some side money and dove into the Amazon world where she she quickly gained good traction in becoming a Beauty Brand Amazon Seller. She was still paying the bills with the airline salary while building her Amazon business all until COVID hit and travel came to a screeching halt. Christina knew she needed to pivot quickly so she teamed up with a mentor of hers where she was asked the question I’m sure we’d ALL dread:

What are you good at?

Who can honestly answer that?! + Add a meaningfully response, when you’re already feeling down? Not many of us.

Christina’s response: “Well I can Kinda write”.

Listen in as she shares her journey & how that “kinda” turned into on going success and continued future dreams. She even drops in some pointers for anyone looking to get started in the e-commerce space. 

Give her a follow on IG @copybychristina

Now Available on your Favorite Podcast Platform

Apple Podcast: https://podcasts.apple.com/us/podcast/try-and-stop-me/id1525146944?uo=4

Spotify: https://open.spotify.com/show/4h8CgliCHvAZvYl3kXQGOa

YouTube: https://www.youtube.com/channel/UCwOj_bbR_Wq2TDdWxtIeG0g

Google Podcast: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy8yYjYzNDViOC9wb2RjYXN0L3Jzcw==



Feature Friday with DYKT? Snippets

“The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: Cybersecurity is much more than an IT topic.” Stephane Nappo

We’re shaking things up here at Did You Know That?  We’re always looking to bring you informative conversations that could better your business and sometimes, your life.  But that doesn’t always have to be in long-form interviews.  So, may we present, drumroll please…

DYKT? Snippets.

DYKT? Snippets will be episodes featuring a collection of short videos on a particular topic.  What that topic may be will always be a surprise.  For this kickoff event, we’re going big with a 2-part premiere episode.

In 2017, the New York State Department of Financial Services (NYSDFS) Part 500 cyber regulations went live.  These regulations apply to certain businesses licensed by the NYSDFS to operate in New York.  While the regulations have their shortcomings, in the scope of state-backed cyber laws, they’ve proven to be quite reasonable.  Episodes 1 & 2 will feature videos that outline how businesses can utilize these requirements to get their cyber houses in order.

For context around the videos, here are some links for the regulations & the actual requirements:

Who NYSDFS Supervises: https://www.dfs.ny.gov/who_we_supervise

NYSDFS Industry Definitions: https://www.dfs.ny.gov/institution_definition

NYSDFS Cybersecurity Resource Ctr: https://www.dfs.ny.gov/industry_guidance/cybersecurity

Regulation Sections:

500.02 – Cybersecurity Program

500.03 – Cybersecurity Policy

500.04 – Chief Information Security Officer (exempt)

500.05 – Penetration Testing & Vulnerability Assessments (exempt)

500.06 – Audit Trail (exempt)

500.07 – Access Privileges

500.08 – Application Security (exempt)

500.09 – Risk Assessment

500.10 – Cybersecurity Personnel and Intelligence (exempt)

500.11 – Third Party Service Provider Security Policy

500.12 – Multi-Factor Authentication (exempt)

500.13 – Limitations on Data Retention

500.14 – Training and Monitoring (exempt)

500.15 – Encryption of Nonpublic Information (exempt)

500.16 – Incident Response Plan (exempt)

500.17 – Notices to Superintendent

Music: “Camaro” by Oliver Michael via Artlist



Feature Friday with Jim Mottola

“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” Benjamin Franklin

COVID-19 has certainly made its presence felt at the two-decade mark of the 21st Century (both negatively and positively). The current bent of the world toward vaccinations as a prerequisite for reopening naturally leads to a conversation about identification.

Jim Mottola and I talked about this very topic on the premier episode of Everything Cyber, so we’re returning to this fertile ground to address the changes since and possible future of dynamic identification.


James Mottola: https://www.linkedin.com/in/jamesmottola/
Sean O’Rourke: https://www.linkedin.com/in/scorcyber/

Music: “Tunnel Vision” by Stanley Gurvich via Artlist



Feature Friday with Judy Selby

“Rather than fearing or ignoring cyberattacks, do ensure your cyber resilience to them.” Stephane Nappo

Episode 2021:13

In a few decades, historians will write tomes explaining how the world evolved into its current state based on the 366 days that made up the year 2020.  Among the explanations will be lessons learned during the intervening years and the mistakes repeated.  Those in the technology arena don’t have the luxury of learning lessons over time or of repeated mistakes.

The next guest on Did You Know That? knows the perils of technology, but she’s more interested in how companies protect themselves from those perils.  Judy Selby is an attorney, with a specialty in cyber insurance (a subject with which I’m familiar).  Our conversation is about how businesses prepare for the inevitable cyber event and how they can thrive after being hit.  This is a must watch/listen.

Find out more about Judy and her expertise via the links below:

LinkedIn: https://www.linkedin.com/in/judyselby/

Hinshaw website: https://www.hinshawlaw.com/professionals-judith-selby.html

Music: “Caution” by Skrxlla via Artlist



No Foolin’ – 8 Things to Know About the New COBRA Subsidy
April 1, 2021, 3:35 pm
Filed under: Uncategorized | Tags: , , ,

Curious about how the ARPA COBRA Subsidies work? Check out this article from Benefit Resource!

The American Rescue Plan Act of 2021 (ARPA) was passed through the House and Senate this week. The bill was signed into law on March 11, 2021. While the specifics are still developing, here are 8 things to know about the COBRA subsidy that is included in the bill.

1. It’s a 100% subsidy.

While there were several iterations of the bill and subsidies, the final version includes a 100% subsidy. This will allow eligible individuals to obtain COBRA continuation coverage for their health plan without paying COBRA premiums.

2. It’s specific.

The COBRA subsidy is only available for premiums due from April 1, 2021 through September 30, 2021, referred to as the subsidy period. In order to be eligible, individuals must be in their 18-month Federal COBRA Coverage period.

3. Coverage is not automatic.

While newly eligible individuals will not need to pay premiums, they will still need to elect COBRA coverage in order to take advantage of the subsidy.

4. Employers are responsible for paying premiums, but receive a tax credit.

Employers sponsoring a group health plan will be responsible for paying health insurance carriers for the premiums. They will be reimbursed for 100% of the COBRA premiums through tax credits against certain payroll taxes.

5. New and previous qualified beneficiaries may be eligible.

The COBRA subsidy is available for individuals who are or become qualified beneficiaries as a result of involuntary termination of employment or a reduction in hours. This may include individuals who:

  • become eligible for COBRA during the subsidy period
  • previously elected COBRA coverage and have paid premiums for prior months
  • have not elected COBRA coverage but are still eligible to elect COBRA

6. Eligible individuals will need to be notified.

Eligible individuals will need to receive an updated notification regarding their rights to COBRA and the COBRA subsidy. The Department of Labor and Department of Health and Human Services is expected to provide new model notices within 30-days of enactment of the law.

7. Subsidies apply to Group Health Plans, except FSAs.

The 100% COBRA subsidy applies to the underlying medical coverage, dental and vision plans. Participants may still be responsible for premiums if they elect coverage for an FSA (or other benefits being offered post-employment).

8. Individuals could elect to change coverage.

If an employer permits individuals to change coverage, the premium subsidy cannot exceed the cost of the coverage option the individual was in at the time of the qualifying event.

For example: Assume at the time of termination an employee was enrolled in Plan A and the premium was $500 per month. They have an opportunity to enroll in Plan B, but it costs $700 per month. The employee’s subsidy cannot exceed the original premium of $500 per month.