CALL TOLL FREE: 855-833-3604
Follow Zarwin, Baum on Twitter Follow Zarwin, Baum on Facebook Follow Zarwin, Baum on YouTube Follow Zarwin, Baum on LinkedIn Print Contact Us Office Locations

Zarwin Baum Breakfast Series Recap: Cyber Threats & Vulnerabilities

On December 7, 2016, we continued our ongoing Zarwin Baum Breakfast Series with ‘Cyber Threats and Vulnerabilities: How Exposed Are You?’ Zarwin Baum shareholder Ted Schaer and Beth Fitch of Righi Fitch Law Group shared expert insights regarding financial exposures, disruptive technologies, external threats, and internal vulnerabilities facing businesses today.

The seminar began with examples of data breaches that occurred in 2016, and the cases that resulted from them.  Common types of lawsuits following a cyberattack include:

  • HIPAA Violations: Healthcare entities that experience breaches are often pursued for Health Insurance Portability and Accountability Act violations, for failing to protect medical records and personal health information.
  • FTC Enforcement: The Federal Trade Commission takes action if it believes an organization violated consumers’ privacy rights, or misled them by failing to maintain security.
  • PCI Exposure: The Payment Card Industry is hit hard when it comes to breaches, because stakes are particularly high when credit card information is at risk.

And with rapid online advancements and the Internet of Things, potential problems for organizations are always evolving. The seminar detailed the following disruptive technologies:

  • Cloud Computing: With data and programs housed on the Internet and not a computer’s hard drive, risk is spread to different entities.
  • Dark Web: A collection of websites with hidden IP addresses, known as the Dark Web, make it difficult to detect a hacker’s identity and location.
  • Bitcoin: A payment system of digital money, Bitcoin is like cash for the Internet that cannot be tracked.

While we can rarely put faces to these hackers, we must remember they are people, not robots. Three types of external threats include:

  • Hacktivists: Individuals or groups motivated by ideology.
  • Criminals: Individuals or groups seeking a financial return.
  • Nation States: Countries using cyber teams to hack into foreign or domestic systems for intelligence collection or covert action.

In addition, there are a few organizational vulnerabilities to keep in mind:

  • Technical Vulnerabilities: Exposures or weaknesses in software or devices that allow a hacker to infiltrate a system.
  • Human Vulnerabilities: Elements of human nature, like trust and fear, that hackers take advantage of to provoke a response.
  • 3rd Party Vendors: Fitch reminded attendees that an organization’s data security is only as strong as their vendors’. If your payroll company experiences a breach, you have too.

And while these threats and vulnerabilities can be jarring, there are steps to protection. Schaer offered best practices to close out the seminar:

  • Run cyber assessments to determine exposures.
  • Vet 3rd party vendors and evaluate contracts.
  • Evaluate insurance coverage and sub limits of coverage.
  • Establish a breach response team and ensure all parties know their roles.

The bottom line? Knowledge is power. If you are informed and aware of the various threats you face, you will be better prepared to mitigate them.

To continue the conversation on cyber threats and vulnerabilities, contact Ted Schaer at  And stay tuned for our next breakfast seminar, ‘Risk Transfer,’ on April 26.

Posted in Uncategorized | Leave a comment

Zarwin Baum Breakfast Series Recap: Anatomy of a Cyber Data Breach

As part of the ongoing Zarwin Baum Breakfast Series, on September 13, our firm hosted ‘Anatomy of a Cyber Data Breach,’ featuring expert opinions from Zarwin Baum shareholder Ted Schaer, Beth Fitch of Righi Fitch Law Group, Ken Pyle of DFDR Consulting, and John Nahas of Marsh Risk Consulting. First discussing the importance of proactive preparation, the panel of experts dove into the five stages of a cyber breach, and what each stage entails.

With cyber data breaches on the rise, preparation has become increasingly important. Schaer said companies should be familiar with the type of information hackers are seeking out, which includes Personally Identifiable Information (PII) like social security numbers, Protected Health Information (PHI) like medical records and healthcare payments, and credit card information. Even documents that may seem harmless can be a risk – Nahas noted that hackers can find ways to monetize anything. Effective preparation also requires a comprehensive data breach plan that specifically notes how each department should respond, and what the data security laws are in your state.

Successfully prepared companies will have an easier time navigating a cyber-attack, but the process can still get dicey. Here are the 5 stages of a cyber breach and how to handle them:

Stage 1: Suspect a Breach. Whether it’s a system irregularity, a report from an employee or vendor, or a customer complaint, no suspicious activity should be ignored. Fitch stresses that all employees and stakeholders should understand their responsibility in reporting anything unusual.

Stage 2: Confirm the Breach. If the compromised system contains private data, then a breach can be confirmed. At this point, timing is critical. Schaer suggests immediately contacting your legal counsel before making any decisions.

Stage 3: Remediate. Close the hacker’s method of entry and mobilize all teams to perform their assigned cyber breach duties. This includes internal and external teams, the legal team, the forensics team, and the PR team.

Stage 4: Assess the Damage. Determine the scope of the breach by identifying who and what was compromised. Preserve the evidence, including what occurred, when it occurred, and why it occurred.

Stage 5: Mitigate. Notify stakeholders, law enforcement and the public of the data breach your company experienced. Oftentimes, the attempt to cover up a hack is more damaging than the hack itself.

With best practices in place, companies can overcome cyber breaches. It’s important to remember, however, that past data breaches don’t necessarily predict future exposures, because risk is always evolving.

To continue the conversation on cyber data breaches, contact Ted Schaer at

Posted in Uncategorized | Leave a comment

Making-A-Difference at S. Weir Mitchell School

Mitchell Group Photo

Philadelphia elementary school students and teachers can expect to come back to refreshed classrooms in September, thanks to the team at Zarwin Baum. On June 27, nearly two dozen Zarwin Baum attorneys and associates spent the day priming, painting and brightening up the classrooms and hallways, with hues of red, yellow, green and blue, at S. Weir Mitchell Elementary School in Southwest Philadelphia.

This beautification effort is a part of the firm’s ongoing commitment to serving the community through charitable and philanthropic activities. In 2014, Zarwin Baum adopted Mitchell Elementary after hearing about the lack of resources in some of Philadelphia’s public schools, and seeing a need that it could help fulfill. Since that time, the firm has provided ongoing support through quarterly fundraising and the donation of refurbished computers, printers, tables, bookcases, and a host of school supplies and upgraded technology, ensuring young people have the tools they need to succeed.

As a ‘Thank You’ for the firm’s hard work, students and school administrators gave the Zarwin Baum team a framed, hand-painted piece of artwork, depicting the Philadelphia skyline, and with messages of gratitude and appreciation.

Posted in Uncategorized | Leave a comment