Author: Service2Client

Why Authorization Sprawl Is the Next Big Security Blind Spot and How to Fix It

Authorization Sprawl, What is Authorization SprawlDespite major investments in cybersecurity, organizations continue to face breaches. Most security mechanisms implemented guard against threats such as password theft. However, there is a growing concern with the unchecked expansion of user access, permissions, and tokens across apps, clouds, and systems.

This growing challenge is known as authorization sprawl, and it is becoming one of the most dangerous and least visible threats in modern enterprise security.

According to insights from the SANS keynote at the RSAC 2025 Conference, attackers are increasingly exploiting this sprawl to gain legitimate, persistent access that bypasses multifactor authentication (MFA), security information and event management (SIEM) alerts, and endpoint detection and response (EDR) visibility altogether.

What is Authorization Sprawl?

Authorization sprawl occurs when access permissions multiply uncontrollably across systems, users, and applications. Every time a team or department adds a new SaaS integration, service account, or API key, another layer of permission is introduced.

In an attempt to make access to multiple applications easy, users also have single sign-on (SSO), designed to help log in once and access multiple applications securely. Here, users are granted access to several connected systems through SSO, adding to the authorization sprawl problem.

Over time, all these factors create a complex ecosystem that even security teams have a hard time tracing who can access what.

Unlike authentication, which verifies who someone is, authorization determines what one can do. When permissions expand without review, attackers take advantage of forgotten tokens, dormant accounts, or outdated roles to move freely inside systems.

Why Traditional Defenses Miss It

Most defenses focus on identity verification, such as MFA, conditional access, and endpoint protection. But once a user is authenticated, there is no monitoring. This is the blind spot that attackers exploit. Instead of breaking in, they log in using legitimate session tokens, application programming interface (API) keys, or open authorization (OAuth) grants.

The misuse of valid credentials or access tokens enables cloud-related breaches. These attacks bypass traditional detection tools because they appear to be normal activity by authorized users.

A recent incident involving Salesloft’s Drift application highlights how damaging authorization sprawl can be. Drift, an AI chatbot often integrated with Salesforce, was exploited after attackers gained access to Salesloft’s GitHub account and later its AWS environment. From there, they stole OAuth tokens and authentication credentials, exposing Salesforce data from potentially hundreds of organizations. This incident is an example of how interconnected SaaS systems and unchecked authorization links can create a cascading breach effect, where one weak point leads to multiple breaches across services.

The Business Impact of Authorization Sprawl

Aside from increasing technical risk, authorization sprawl erodes compliance, governance, and trust.

  1. Regulatory Exposure – Frameworks like GDPR, SOC 2, and HIPAA require strict access control and auditability. Untracked permissions make demonstrating compliance nearly impossible.
  2. Operational Risk – An overprivileged account can unintentionally leak data, delete configurations, or expose APIs.
  3. False Sense of Security – Zero Trust frameworks often stop at identity verification. Failing to continuously validate authorization is equivalent to protecting the front door while leaving internal doors wide open.

How to Fix Authorization Sprawl

Luckily, solving this problem does not require removing existing security controls but rather extending visibility and discipline into authorization.

  1. Conduct Regular Access Audits – Map users, roles, and permissions across your environment. Be sure to look for redundant privileges, dormant accounts, and orphaned API keys. Use tools that help visualize hidden paths and privilege escalation routes.
  2. Implement Structured Access Control – Use frameworks like role-based access control (RBAC) or attribute-based access control (ABAC). Standardizing roles ensures fewer exceptions and easier auditing.
  3. Automate Reviews and Revocations – Integrate identity and access management (IAM) with HR systems so access automatically changes when employees leave or change roles. This helps eliminate the temporary access that never gets removed.
  4. Shorten Token Lifetimes and Rotate Credentials – Session tokens and personal access tokens (PATs) should have an expiration period, such as 30 to 90 days. Using automated key rotation policies will help prevent long-lived access tokens from becoming backdoors.
  5. Enforce the Principle of Least Privilege – Grant users and systems only the minimum access needed.
  6. Extend Zero Trust to Authorization – Verification shouldn’t end with login. Apply continuous authorization checks.

Conclusion

As cloud ecosystems, APIs, and integrations continue to multiply, authorization complexity will grow exponentially. Businesses that invest in mapping and controlling authorization sprawl will stay ahead of both attackers and regulators. In cybersecurity, visibility equals control, and this begins with knowing exactly who can do what.

Understanding The Q Ratio

Understanding The Q Ratio, What is Tobin's Q RatioWhen it comes to evaluating a business, there are many ways to perform a valuation. One way to do so is to use the Q Ratio. Known as Tobin’s Q Ratio or simply the Q Ratio, this method looks at the proportion between the values of a physical asset and its replacement cost. Developed by Nobel laureate economist James Tobin, this ratio presumes a single company; for public investors, if asset values can be estimated, the company’s market value of a publicly traded company may be approximately estimated.

The original formula is as follows:

Q Ratio = Market Value of Assets / Replacement Cost of Capital

While this formula is the original iteration, approximating an asset’s replacement value is complicated and oftentimes not 100 percent realistic to analyze. The more realistic way it’s calculated is by using book values in lieu of the asset’s replacement costs. The new way to calculate it is as follows:

Q Ratio = (Equity Market Value + Liabilities’ Market Value) / (Equity Book Value + Liabilities’ Market Value)

When it comes to calculating the overall market’s Q Ratio:

Q Ratio = Value of the Stock Market / Corporate Net Worth

Putting the Q Ratio in Practice

Essentially, it’s used to value a company. Once calculated, the Q Ratio provides internal stakeholders and outside investors with one way to evaluate a company.

Above 1

If the Q Ratio is more than 1, the business’ market value is higher than its booked assets. It means a company’s valuation is overestimated in the eyes of the market since there is some portion of the company’s assets that are either not documented or valued fully. When the Q Ratio is above 1, a business’ earnings are worth more than replacement costs for the assets. At this level, entrepreneurs are incentivized to develop a competitor business to gain market share and financial gain.

Equal to 1

When the Q Ratio equals 1, it implies the market sees the company’s assets as valued fairly.

Below 1

At this level, a business’ assets are worth more than fair market value, establishing the business as undervalued. Investors with enough assets can purchase the company in question, either via shares if publicly traded or outright if a private company, versus trying to create a competitor company to siphon value away from it.

Further Consideration

When it comes to the calculated Q Ratio, it’s important to keep it in context. While accountants can be precise with many things during preparation, when it comes to market forces and intangible assets, analysts need to use their judgment. Investors and market forces can create hyperbole for a business’ value that can’t be quantified and recorded by accountants. Stock analysts’ perspectives on a business’ prospects or rumors regarding future performance can modulate the present, dynamic valuation of the company.

Another consideration is how to document and gauge intangible assets like intellectual property and goodwill. While accountants can approximate IP or goodwill, it’s not an exact science.

Thus, when businesses use the Q Ratio to value their own company or one they consider purchasing, investors must take the Q Ratio as part of a holistic valuation approach.

Get a Jump on Holiday Shopping: Key November Dates

Holiday ShoppingFor some of us, last-minute holiday shopping is just what we do. That said, it’s probably never fun, and two things invariably seem to happen: The gifts you want aren’t available, and you end up paying too much. That’s why shopping in November to get the best savings on what you want just might be the right thing to do this year. Here are a few sales dates to put on your calendar.

Singles Day, November 11. Originally started in China as a humorous “anti-Valentine’s Day” event, it’s become one of the biggest shopping days of the year, surpassing Black Friday and Cyber Monday. To top it off, the date, 11/11, was chosen because it symbolizes, you guessed it, four ones – aka singles. On this day, you can find huge discounts at a lot of high-end clothing stores like Athleta, Nordstrom, Lululemon, Abercrombie & Fitch, Madewell, Neiman-Marcus, and J. Crew, to name a few.

Pre-Black Friday, November 20-27. Yes, there is such a thing, as if Black Friday isn’t enough in and of itself. Nevertheless, lots of retailers get in on this. This year, you’ll want to check out early access on holiday deals at Costco, Lowe’s, Best Buy, as well as Kohl’s, GameStop, and PetSmart. You can find other merchants who offer deep discounts here.

Black Friday, November 28. It’s probably the most famous shopping day of the year, where you’ll find huge price cuts across all categories. If you’re into tech stuff, head to Apple, AT&T Wireless, Dell, Google, HP, Lenovo, or Micro Center to start. The big box places to hit are Walmart, Target, and Sam’s Club. For home goods, you’ll find savings at Bed, Bath & Beyond, Ashley Furniture, and Crate & Barrel. If you want a comprehensive list, go to blackfriday.com. (See? There’s even a website dedicated to this day!) But get ready to scroll because there’s a lot there.

Small Business Saturday, November 29. Originally launched in 2010 by American Express, this day is all about shopping at your local stores. So hit your neighborhood shops, markets, coffee shops, and boutiques to support your friends and neighbors. If you don’t know where to start and don’t have a lot of time, just Google “small business Saturday sales near me” and you’ll be good to go.

Cyber Monday, December 1. To cap off all the November savings, you can’t forget this day. And yes, it’s not technically in November, but that’s OK. This date is great because you can let your fingers do the shopping. Online-only offers are king, so hunker down and start searching. Some places with the biggest deals are, again, (and not surprisingly) Amazon, Target, and Walmart – the big three. For more price-cutting goodness, go here.

Life gets busy around this time of year, but if you take a moment, get your list and hit a few of the aforementioned stores, you’ll be way ahead come the holidays. And that just might be the best gift of all.

 

Sources

Holiday Shopping Calendar: Key Discount Dates 2025 | GiftList Blog | GiftList

https://giftlist.com/blog/holiday-shopping-calendar-key-discount-dates-2025

Initial Look at the New Tax Form Schedule 1-A: Four Key Deductions for 2025

Tax Form Schedule 1-AThe IRS has released draft Schedule 1-A, introducing four new temporary deductions within the One Big Beautiful Bill Act. If you are wondering what the new form looks like and how the calculations work, read on as we explore each below.

Modified Adjusted Gross Income (MAGI)

It is important to note that all four deductions require calculating your MAGI first, which determines eligibility and phaseout amounts for each deduction.

The Four New Deductions and How the Calculations Work

These deductions are all referred to on the schedule by their colloquial names, for example: “No Tax on Tips,” “No Tax on Overtime” and “No Tax on Car Loan Interest.” The sole exception, however, is popularly referred to as the “No Tax on Social Security” provision, which is called the “Enhanced Deduction for Seniors” on the form.

1. Tips Deduction

  • Maximum: $25,000 annually
  • Eligibility: Must receive qualified tips in customarily tipped occupations
  • Phaseout: Begins at $150,000 MAGI ($300,000 joint filers)
  • Rate: $100 reduction per $1,000 over threshold
  • Requirements: Valid Social Security number; married couples must file jointly

2. Overtime Deduction

  • Maximum: $12,500 single ($25,000 joint filers)
  • Eligibility: Only the premium portion of overtime pay (the “half” of time-and-a-half)
  • Phaseout: Same as tips deduction – begins at $150,000 MAGI
  • Rate: $100 reduction per $1,000 over threshold

3. Car Interest Deduction

  • Maximum: $10,000 annually
  • Eligibility: Interest on loans for new vehicles under 14,000 pounds and assembled in the United States
  • Phaseout: Begins at $100,000 MAGI ($200,000 joint filers)
  • Rate: $200 reduction per $1,000 over threshold
  • Requirements: Must provide VIN; loan must originate after Dec. 31, 2024

4. Enhanced Deduction for Seniors

  • Amount: $6,000 fixed deduction
  • Eligibility: All taxpayers (replaces “No Tax on Social Security” promise)
  • Phaseout: Begins at $75,000 MAGI ($150,000 joint filers)
  • Rate: 6 percent reduction of excess income over threshold

Key Points to Remember

  • All deductions are available whether you itemize or take the standard deduction
  • All require valid Social Security numbers
  • Married couples must file jointly to claim these benefits
  • Income limits mean higher earners receive reduced or no benefits
  • These are deductions, not exclusions – income is still reportable for state/local taxes

Final Steps

After you have calculated everything applicable for the four possible deductions, you will enter the total on the new line 13b on Form 1040. The total amount of the deductions entered here is removed from your income prior to calculating your tax. Remember, these are deductions and not credits, so they only reduce your taxable income and are not a direct reduction in your tax due.

You can see an example of the new draft Form 1040 illustrating this below.

Screenshot of new Form 1040

Conclusion and Draft from Status – and IRS Warning

The above provides guidance to taxpayers and professionals on how both the deductions calculations work and flow through Form 1040. The IRS warns, however, that the forms and instructions currently released are in draft form at this point. Before any forms or instructions can be released in their final state, they need to be approved by the OMB. It is not unusual for draft releases of instructions and publications to have some changes before their final release, even if only minor.

 

The Silent Threat: How Simple Misconfigurations Are Fueling 2025 Worst Cyberattacks

Simple Misconfigurations Are Fueling 2025 Worst CyberattacksAs organizations invest heavily in next-gen firewalls, AI detection, and threat intelligence, grave cyberattacks have been reported as a result of overlooked misconfigurations. According to the latest statistics, about 23 percent of cloud security incidents are directly connected to misconfigurations. These missteps create easy entry points for cybercriminals that may lead to data breaches, ransomware demands, and financial loss.

What are Misconfigurations?

Misconfigurations are overlooked errors in system setups that create vulnerabilities without the need for hackers to apply advanced hacking techniques. These silent threats are human-driven oversights when configuring software, hardware, or cloud services. Good examples include improperly set permissions in cloud storage, insecure API keys left in code repositories, inadequate security monitoring, and unsecured access points like IoT devices with default passwords.

These issues arise from human error, which accounts for 82 percent of misconfigurations. This is also compounded by today’s cloud era, where businesses depend on cloud platforms, software as a service stacks (SaaS), and AI-driven infrastructure. Many organizations now use multiple providers, and this makes configurations challenging. Rushed deployment also adds to the misconfiguration problem, especially when a thorough audit is not conducted. Unlike malware or phishing scams, misconfigurations remain undetected until exploited.

2025’s Worst Cyberattacks Fueled by Misconfigurations

This year alone, there has been a surge in incidents related to misconfiguration, which is alarming. There were more than 9.5 million cyberattacks in the first half of the year. A good example is the Coinbase breach of May 2025, in which data from more than 70,000 customer records was stolen. This breach is attributed to insider threats exploiting misconfigured permissions.

Recently, cybersecurity researchers revealed a botnet campaign that exploited misconfigured DNS sender policy framework (SPF) records across 20,000 domains and compromised more than 13,000 MikroTik routers. This enabled large-scale spam and spoofing attacks.

In many regions, misconfigured VPN gateways and remote access tools have also contributed to ransomware campaigns. This is through attackers bypassing perimeter defenses by exploiting a misconfigured VPN portal.

IoT weaknesses have also seen entire networks of smart devices compromised, simply because administrators did not change the default login credentials. The entry points ranged from security cameras to industrial sensors, allowing attackers to access more sensitive corporate systems.

Why Organizations Keep Making the Same Mistakes

  • Talent shortage – Many IT teams are stretched and lack sufficient experts to catch every misstep.
  • False confidence in automation – While automated tools are a great help, they are not foolproof. Overreliance on these tools and having a set-and-forget mindset can leave room for security breaches.
  • Velocity over security – This happens when rapid delivery of product features overshadows the slower discipline of security reviews.
  • Siloed responsibility – In many organizations, security is delegated to a separate team instead of being embedded across different units like the development, operations, and business units.
  • Awareness gap – Many teams underestimate how a single overlooked setting, like an open test environment, can escalate into a full-scale breach.

Prevention Strategies and Best Practices

Fortunately, misconfigurations are one of the preventable causes of security breaches. Preventing misconfigurations requires proactive measures that include:

  • Continuous auditing and testing – It is crucial to ensure regular audits and testing of automated tools for configuration management to detect and reduce the window of exposure.
  • Adopt zero-trust models – No device or user should be trusted by default; grant only minimum access where required.
  • Strengthen access controls – Always change default device credentials, partition networks, and enforce MFA across all accounts.
  • Automated detection tools – Use cloud security posture management, compliance-as-code, and drift detection to catch misconfigurations in real time.
  • Cross-functional training and culture – Employee training is vital, as human error accounts for 82 percent of incidents. Security literacy should extend to both technical and non-technical teams.
  • Follow industry guidelines – Align with recognized security frameworks (NIST, ISO, CIS) and CISA’s published guidance on the Top Ten Cybersecurity Misconfigurations. For example, avoid using default configurations, enforce patch management, and properly segment networks.
  • Incident response readiness – Have a well-drilled response playbook to ensure minor disruption in case the defenses fail.

Conclusion

Simple misconfiguration remains a silent enabler of devastating cyberattacks through avoidable errors. Business owners must prioritize configuration hygiene to build resilient digital infrastructures and protect against future threats.

It is a clear lesson that cybersecurity doesn’t always depend on battling sophisticated hackers but rather ensuring they don’t get an easy way in.

Understanding Contribution Margin After Marketing

Contribution Margin After Marketing (CMAM)Contribution margin after marketing (CMAM) measures how much money is generated per unit retailed after factoring in a company’s variable costs, along with marketing costs.

It’s analogous with contribution margin, however, a business must factor in marketing costs the company experiences when publicizing a good to likely consumers with details on the business’ wares. This metric determines how well net sales can satisfy expense obligations and what percentage of net sales may remain to satisfy fixed expenses.

Comparing Variable Versus Fixed Costs

Variable costs, as the name implies, are expenses that rise and fall according to output quantities. Fixed costs, conversely, are expenses that don’t change despite variation of production quantities. Understanding these concepts is helpful when calculating CMAM to see how both types of expenses impact the different calculations.

CMAM = Sales Revenue – Variable Costs – Marketing Expense

It can also be determined on a per-unit basis to help a business understand how a single product unit contributes to the company’s comprehensive profits. One can calculate the CMPU (contribution margin per unit) as follows to provide a more granular analysis:

CMAM/Unit = Sales Revenue/Unit – Variable Expenses/Unit – Marketing Expense/Unit

What separates variable costs (including marketing expenses) from the sales revenue is CMAM. The balance is profit along with fixed costs. To calculate if a business saw a net loss or profit, the formula is:

Net Operating Profit = CMAM – fixed costs

If a profit is reported after subtracting variable costs, costs to market, plus fixed costs, it means a business or specific department is profitable. If it’s negative, the business sees a loss that won’t enable it to pay its bills.

Illustrating CMAM

When it comes to a company producing widgets, the following is already known. Variable costs for production for a single widget are detailed below:

  • $2.25 for unprocessed inputs
  • $1.80 firsthand production expenses
  • $0.50 power
  • $0.40 freight expenses
  • $4,500 business equipment rentals
  • $6,000 factory rent
  • $30,000 management salary
  • $10,000 marketing costs

Each widget costs $10, and the business sold 30,000 last year. Therefore, it’s calculated as follows:

CMAM = Sales Revenue – Variable Costs – Marketing Expense

Sales Revenue = $10 x 30,000 = $300,000

Variable Costs = ($2.25 + $1.80 + $0.50+ $0.40) x 30,000 = $4.95 x 30,000 = $148,500

CMAM = $300,000 = $148,500

The next step is to calculate net operating loss or profit: we take CMAM ($148,500), then subtract fixed costs:

$148,500 – ($4,500 + $6,000 + $30,000)

$148,500 – $40,500 = $108,000

Based on that calculation, the company producing widgets realized $108,000 for its net operating profit last year. The next section will discuss how businesses can use this information to improve their operations.

Using CMAM for Business Analysis

Managers use this metric to determine the viability of a product. If there are multiple iterations or options of a product, it can help managers determine which product sells the best and rank them if there are multiple versions of a widget. Businesses can analyze each unit’s contribution margin for each version of a widget to determine which versions provide the greatest option for profitability. Depending on the outcome, the company may choose to produce only the most profitable one or two widgets.  

When it comes to the CMAM, businesses that use it for analysis can increase their sales efficiency for the present and future.

How to Save Money with the Half Rule

What is the Half Rule?What if you could lower your grocery bill without giving up the things you love, fight inflation, and have some money left at the end of the month? Sounds too good to be true? It’s not. It’s the Half Rule. This means cutting the amount of product you use in half and seeing what happens.

Truth is, most of us probably use too much of the things we love. Here are several reasons why:

  • Manufacturers often ask you to use more of the product than you need.
  • You’ve probably gotten used to using a certain amount of a product;
  • And finally, product inflation. Specifically, you might think that if you get pleasure out of something, you might need to use more of it. For instance, why get a tall vanilla latte when you can get a grande, right? But ask yourself: Is it really that much better?

To this end, here are some things you can easily use half of and never miss the other half:

  • Shampoo. Try using half the amount and adding more water, especially if it’s concentrated.
  • Laundry detergent. Try a half cup. A little goes a long way, especially if it’s a small load.
  • Dryer sheets. These are so easy to tear in half.
  • Cooking oil. Use an oil mister instead of pouring it into your pan or skillet.  
  • Restaurant meals. Eat half or a third and save the rest for another meal. Or better yet, split a meal with your partner, friend or work colleague. Bonus: you’ll also save calories.
  • Bagels. Just eat half! Save the other half for your next snack or breakfast.
  • Starbucks order. Try a tall. Or if you get a vente, try a grande. Give it a whirl. See what happens.
  • Glass stovetop cleaner. If you use less, you might have fewer streaks.
  • Tape. When you’re wrapping gifts, give string a try.

When you change a few things here and there, over time, you’ll really see the difference in your bank account. Also, imagine how nice it’ll feel not to have to buy these items so often. That’s a big change in spending.

The Half Rule is not for everything. While it works on so many things, there are some things you cannot to apply it to – like filling up your gas tank or cutting a prescription in half. Never do that.

Overall, it’s a good rule. And when you’re persistent over time, you’ll start to develop a habit – one that will help you see a difference quickly and save you money in the long run. It’s a ripple effect that might expand into other areas of your life. In sum, the Half Rule is so effective, you just might go all in – and stay there.

Sources

“The Half Rule” – A Frugal Hack I Live By

Enhancing Homebuyer Protections, Wildfire Risks, 911 Response and Domestic Manufacturing

HR 2808, HR 2483, HR 3400, S 306, S 725, S 433Homebuyers Privacy Protection Act (HR 2808) – Introduced by Rep. John Rose (R-TN) on April 10, the House passed this bill on June 23, and the Senate passed it on Aug. 2. Signed into law on Sept. 5, this bipartisan bill prohibits a consumer reporting agency from selling a mortgage applicant’s personal information to other lenders without their explicit consent. The legislation is designed to safeguard homebuyers’ personal financial information and eliminate the frequent bombardment of other lender marketing offers during the financing process underway with the applicant’s existing lender.

SUPPORT for Patients and Communities Reauthorization Act of 2025 (HR 2483) – This bill renews billions of dollars in federal funding for programs responsible for preventing overdoses and further strengthening treatment and recovery services. The renewal of funds to nationwide county programs is timely, given the current behavioral health and substance abuse disorder crises. The bill was introduced by Rep. Brett Guthrie (R-KY) on March 31, passed in the House on June 4 and in the Senate on Sept. 18; it currently awaits signature by the president.

TRAVEL Act of 2025 (HR 3400) – Also known as the Territorial Response and Access to Veterans’ Essential Lifecare Act, the purpose of this bill is to enable VA physicians and specialists to travel to hard-to-reach areas in U.S. territories for up to one year. The Act is designed to help fill critical gaps in VA medical services across the Pacific territories by compensating providers with travel bonuses. The legislation was introduced by Representative Kimberlyn King-Hinds (R-Northern Mariana Islands) on May 14. It passed in the House on Sept. 15 and currently lies with the Senate.

Fire Ready Nation Act of 2025 (S 306) – Introduced by Sen. Maria Cantwell (D-WA) on Jan. 29, this legislation would establish a fire weather program at the National Oceanic and Atmospheric Administration (NOAA). The new program would enable scientists to better predict wildfires, fire weather, and fire risk via forecasting, detection, and modeling, as well as respond quickly to prevent devastation to families, homes, and businesses due to wildfires. The legislation was passed in the Senate on Sept. 10 and is now under review in the House.

Enhancing First Response Act (S 725) – This bill was introduced on Feb. 25 by Sen. Amy Klobuchar (D-MN) and passed in the Senate on Sept. 10. The law would reclassify 911 dispatchers as public safety workers from their current role as office and administrative support in the federal Standard Occupational Classification system. In addition, the bill contains provisions to improve access to the 911 call system during major disasters and make the system more resilient against outages and disruptions. The fate of this bipartisan bill now rests in the House.

National Manufacturing Advisory Council Act (S 433) – This Act was introduced by Sen. Gary Peters (D-MI) on Feb. 5. It seeks to establish a working group of representatives from industry, labor, and academia to advise Congress on policies and programs to enhance domestic manufacturing despite the challenges of global competition, U.S. supply chain issues, and the current tariff solution. The bipartisan legislationwas  passed unanimously in the Senate on July 14 and is currently under review in the House.

A Look at the Nonaccrual Experience Method

Nonaccrual Experience MethodWhen it comes to running a business, having outstanding invoices that turn into uncollectible receivables or simply bad debt is a fact of life. The Internal Revenue Service (IRS) has a safe harbor that permits businesses to reduce consideration of such bad debt from taxation if it qualifies. However, understanding how to determine if a business is eligible is essential to making the most of it when a business files its taxes.

Defining the Nonaccrual Experience Method (NAE)

When businesses perform a service, they expect to be paid. However, they sometimes have unpaid invoices that are uncollectible. One provision within the IRS’s Internal Revenue Code (IRC) is that of the nonaccrual experience method (NAE) and how it intersects with bad debts.

How It Works      

Once a company sees bad debt in its system after customers fail to pay their invoices, it calculates the amounts it projects it won’t be able to collect. Projecting bad debt is accomplished by the company looking at previous experiences with its payees. It’s important to note that this accounting is used by businesses for only a portion of their projected uncollectable customer bad debt; businesses similarly project the remaining percentage they expect to collect from outstanding invoices in the future.   

One important step for businesses to determine their eligibility for relief from the accrual segment of uncollectible revenue, per the U.S. Securities & Exchange Commission (SEC), is by determining their industry classification. Sample industries include legal professionals, engineers, performance art professionals, architects, and actuaries.

It’s important to note that if businesses don’t use this method, they may charge off such debts. Charge-offs are when a company writes the debt off its balance sheet and expenses the uncollectible funds on the income statement. Companies must also adhere to the following criteria to take advantage of the safe harbor:

  • The company must currently use the accrual method of accounting when recording revenues, and not the cash method to account for revenue.
  • The company, in a single year, within the past 36 months, has earned up to, but no more than $5 million in gross receipts.

IRS Guidance

Beginning in September 2011, the Internal Revenue Service permitted taxpayers to use the NAE method to determine applicability by applying a factor of 95 percent to their allowance for bad debts via their past 60 months of financial documents. This permits businesses to exclude qualifying uncollectible revenues from their taxable income, which is beneficial for lowering the amount of taxes owed. It is often easier for NAE-specific designated industries to qualify; however, only companies with the appropriate amount of historical information to substantiate are eligible.

Further Considerations and Conclusion

One example of this safe harbor includes having financial information that’s expertly tracked for the past 60 months via financial statements. If the company can’t substantiate it, they won’t be able to qualify. Similarly, eligible services provided or the resulting receivables that have interest and/or financial penalties attached are ineligible.

When it comes to navigating the IRS code, the NAE can provide another way for eligible companies to maximize filings and tax obligations.

Beyond the Hype: A Strategic Blueprint for AI Investment in 2025 and Beyond

AI Investment in 2025Artificial intelligence (AI) is one of the most talked-about technologies today. It has taken a shift from the broad general-purpose tools to specialized innovations that promise real impact. AI is dominating headlines with investor pitches. There has also been a surge in startups promising AI-powered solutions. However, some businesses have already adopted and invested millions into AI projects with little return. As AI advances, business owners and investors need to stop chasing the latest headlines and consider how to best integrate AI to create lasting value.

Understanding the AI Investment Landscape in 2025

Since the AI breakout, it has advanced dramatically. There are three forces that are reshaping the investment and adoption of AI.

  1. Maturation of Foundation Models
    The large language models (LLMs) are now cheaper and faster. They are also customizable. This means that businesses no longer need to build from scratch and can just adapt existing models in their industry.
  2. Regulations and Accountability
    Governments are tightening frameworks around data privacy, transparency, and responsible AI. Compliance has become a key competitive differentiator.
  3. Sector-Specific Applications
    Advancements in AI have given way to specialized use cases. For example, fintech AI can track fraud, while manufacturing AI optimizes the supply chain.

The AI Hype Cycle

According to Gartner’s 2025 “Hype Cycle for Artificial Intelligence.” AI technologies move through predictable stages. These include the innovation trigger, peak of inflated expectations, trough of disillusionment, slope of enlightenment, and plateau of productivity. Between 2023 and 2024, generative AI dominated the headlines. It has now entered the trough of disillusionment as organizations confront their limitations, governance risks, and the difficulty of proving ROI. However, this is not to be seen as a setback, but rather a turning point as businesses shift focus from experimentation to scaling reasonably. Investment is now focused on foundational enablers such as ready data, ModelOps for lifecycle management, and AI agents. By 2025, businesses will be realizing that quick wins are harder than expected. On the bright side, businesses have an opportunity to build sustainable systems that offer measurable business value.

Lessons Learned from the First Wave of AI Adoption

The promises that came with AI led some businesses to invest heavily. This resulted in several mistakes:

  • Chasing innovation over value
    Many businesses rushed to invest in AI-powered projects like chatbots without linking them to actual business goals. For instance, customers have raised concerns about frustration with bank AI bots that confuse rather than help customers, according to the Consumer Financial Protection Bureau (CFPB).
  • Falling for AI hype
    Some businesses invested in companies branding themselves as AI-driven, even when the solutions offered relied on basic automation.
  • Ignoring integration
    Failing to consider that AI is not a plug-and-play solution. This saw some early adopters underestimating the cultural, technical, and operational changes required to integrate AI into workflows.

A Strategic Blueprint for AI Investment

For businesses to invest wisely:

  1. Start with the problem, not the tool
    Instead of shopping for tools to adopt, a business should first ponder what problem it wants to solve. This means clearly defining the problem to solve, such as personalizing marketing campaigns or predicting supply shortages. Clarifying a problem ensures the AI investment is focused and not an experiment.
  2. Build a portfolio approach
    Borrowing from how investors diversify portfolios, a business should also diversify its AI initiatives. They can do this by balancing short-term projects, such as automating repetitive tasks, with long-term projects like predictive analytics. This is to ensure there is a steady return on investment.
  3. Prioritize responsible and compliant AI
    Reputation is crucial, and businesses should avoid mishandling customer data. To do this, companies must invest in compliance, transparency, and explainability as part of their AI strategy.
  4. Invest in people, not just technology
    AI does not replace talent. Companies should invest in training and upskilling their workforce. This prepares employees to work well with the new technology to ensure adoption is smooth and effective.
  5. Build scalable infrastructure
    Even with the most advanced AI model, failing to have the right foundation will result in unsuccessful implementation. The lesson? Companies must invest in flexible systems that can grow with them.

Conclusion

AI is no longer a futuristic concept. It is a business reality. Adopting AI alone is not enough, and businesses need to do it wisely. Businesses should refrain from jumping on the latest trends. Instead, make strategic choices that align with long-term goals. The focus should be on the problems to be solved and not the tools.