by Adam Abresch

Last night we learned that Equifax, one of the three main consumer credit reporting agencies, suffered a data breach that has the potential to expose confidential information of nearly 50 percent of the American population.

This cyber security breach was discovered on July 29th and appears to stem from hackers exploiting vulnerabilities in Equifax’s website software.

Why it matters

The Equifax breach is different from prior breaches due to the sensitivity of the information exposed. Names, addresses, DOBs and Social Security Numbers are the four main pieces of information necessary to set up credit card accounts, take out loans and create new bank accounts. These four pieces of information are all available in one place, Equifax.

Making matters worse, Equifax also offers credit monitoring services to its customers. This sets up potential a scenario where hackers access confidential information through Equifax, set up phony accounts, then manipulate credit card monitoring to make it appear as if there is no fraudulent activity at all. If a hacker controls the credit monitoring how would you know if there is fraud on your account?

At this point you may be wondering: “How could things get worse?” Easy, sprinkle in some insider trading.

Insider Trading

Three Equifax executives sold nearly $2 Million worth of stock just days after Equifax discovered the breach. Executives typically set up 10b5-1 plans to schedule planned stock sales and avoid accusations of insider trading. According to SEC filings, none of these sales were planned in advance.

Burrowing deeper into its already sizable crater, Equifax publicly announced that the executives (one of them being the CFO) had no knowledge of the breach when they sold their shares. How could the CFO of Equifax not know about a potentially catastrophic data breach that was discovered and acknowledged days earlier?


Considering that one of its sources of revenue is tied directly to data breach response, you would think that Equifax would include a robust Cyber Incident Response Plan as part of their cyber security strategy. One that would set its customers minds at ease and show regulators that it takes this event seriously. Although its still early, the Equifax response has basically been a joke.

It took 5 weeks to announce the data breach to consumers, a period of time which would have violated Europe’s new breach disclosure regulations. The website Equifax set up for customers, to determine whether or not their information was compromised, asks for the last 6 (!!!) digits of their Social Security Number, then politely informs you that you will be eligible for ID protection in two weeks.

Finally, the Equifax response website itself is so poorly secured that certain systems have been blocking access to it, labeling the breach recovery site as a phishing threat.

The Equifax Data Breach Debacle of 2017 is a clear case of why it is so important for organization’s cyber security plan to include a comprehensive Cyber Incident Response Program. A robust CIRP enables your organization to rapidly contain damages, deploy response resources, and ultimately limit financial and reputational damage in the wake of a data breach.

by James Oliveri

As of January 1, 2018, New York State will make mandatory of all NY employers a Paid Family Leave (PFL) benefit which will be included in an employer’s already mandatory NYS Disability insurance coverage.




Family leave use is by definition and can be an employees’ leave to provide care for a family member, time to bind with the employee’s child, or leave taken arising out of the fact a spouse, domestic partner, child or parent of an employee is on active duty or called to impending order to active duty in the U.S.Armed Forces (as defined under the Federal FMLA). (Please see the attached for definition of a covered family member and detail on all of the foregoing topics).

The premium for this this benefit will be entirely funded by Employee payroll deductions, currently set at no more than 0.126% of an employee’s weekly wages (not to exceed $1.65 per week contribution). The insurance carriers have the right to amend this premium annually.

NY Paid Family Leave will be phased in beginning January 1, 2018 over a 4 year period with benefits increasing each year from 8 weeks of paid benefit to 12 weeks by January 1, 2021 and benefit amount of 50% of the employees average weekly wage, not to exceed the state’s average weekly wage up to 67% by January 1 2021.

As of July 1, 2017, smaller employers who pay DBL premiums each month may begin to deduct and accrue the employee contribution; larger employers who pay their DBL premiums quarterly in arrears may wait until January 2018 to begin deductions.

There is certain criteria for an Employer to comply (a covered employer must have 1 or more employees on each of 30 days in a calendar year) and employee eligibility is also defined as well for both full time and part time employees (a FT employee must work 20 hours or more per week for the covered employer for 26 or more consecutive weeks; part time working fewer than 20 hours per week would be eligible if employed by covered employer for 175 days).

Please note that some of the rules and regulations are still being formulated by NYS Department of Financial Services (Insurance Dept.)

At Signature B&B Companies we are making every effort to keep you informed with the latest information.

Contact us immediately with any questions about this or any other compliance topic.

by Lewis Bernstein

If you want to sell your agency or buy an agency then you need to understand what is EBITDA.

Some people mistake EBITDA for an agency’s revenue or cash flow. Sure, revenue is part of it but there is more to your valuation. Let’s unpack this thing and understand its place in mergers and acquisitions.

Earnings Before Interest, Taxes, Depriciation and Amortization is what makes up EBITDA. 

When The Signature B&B Companies were acquired by Acrisure there was, as you would imagine in a transaction of that size, quite a bit of due diligence. We started by examining our own financial statement.

If you have questions, like “what happens after you calculate your EBITDA?” feel free to give us a call at 516.764.1100.

by Adam Abresch

New York Cybersecurity regulations are here.

The 23 NYCRR 500, or NYC500, is First-in-the-Nation Cybersecurity regulation requiring New York businesses to design a program to address and assess their unique risk profiles starting March 1, 2017.  


This regulation applies to every business operating in NY and required to have a “license, registration, charter, certificate, permit, accreditation or similar authorization” under banking, insurance or financial services law.

While these regulations are similar in many ways to existing cybersecurity guidelines, the NYC500 takes things a step further. Outside counsel, accountants, IT firms and other Third Party Service Providers (3PSPs) must also implement policies and procedure to ensure the security of Information Systems and Non Public Information.

Covered entities and their 3PSPs must establish:

A comprehensive Cybersecurity program that performs the 6 core cybersecurity functions

An organization must protect the confidentiality, integrity and availability of its information systems. In order to accomplish this, firms must establish a Cybersecurity program that is able to effectively identify, defend against, detect, respond to, recover and report Cyber Threats.


A comprehensive Cybersecurity policy that addresses 14 specific areas

 Every organization faces three main threat vectors:

  • Outside attacks
  • Insider Threats
  • Third Party Incidents

In order to protect against these threats, organizations must set forth policies and procedures for the protection of its Information Systems and Nonpublic Information stored on these systems. Securing data inventory across all systems and devices is crucial to protecting customer data privacy.

Once systems and networks are secured and physical and environmental controls are established, an organization’s policies and procedures must be constantly monitored and updated via risk assessments. 

Covered entities are also responsible for establishing Third Party Service Provider management that ensures vendors with access to Information Systems and Non Public Information are implementing New York Cybersecurity policies mirroring that of the covered entity.

NYC500 Cybersecurity policies must also contain business continuity and disaster recovery planning and resources. These incident response mechanisms need to include procedures for accurately reporting data events to the Department of Financial Services in timely matter.   


Cyber Security Personnel (CISO) to manage 6 core functions of Cybersecurity program

The Chief Information Security officer must be a qualified individual employed by the entity, affiliate or Third Party and is responsible for implementing, overseeing and enforcing the Cybersecurity program. If the Covered Entity elects to use a 3rd party CISO, the covered entity retains responsibility for compliance, must designate a senior staff member responsible for oversight of 3rd party and the 3rd party must maintain a cybersecurity program that protects the covered entity.

The CISO must report on the Covered Entity’s Cybersecurity program and cybersecurity risks in writing annually to the board of directors or equivalent company management. These reports must consider systems integrity, material risks, cybersecurity policies and procedures, effectiveness of cybersecurity program along with all material Cybersecurity Events involving the covered entity.


Periodic Cybersecurity Risk Assessments

Assessing your Cybersecurity policy must include periodic vulnerability testing and periodic penetration testing. Periodic Risk Assessments must also evaluate risks, assess adequacy of controls and document decisions to mitigate or accept risk.


Audit Trails 

Covered entities must maintain secure systems that are designed to reconstruct financial transactions. These audit trails are designed to detect and respond to Cybersecurity events that have a reasonable likelihood of harming any material part of CE’s normal operations.

While covered entities must maintain records for at least five years, they are also responsible for destroying Non Public Information in a responsible and timely manner.


Incident Response Plans 

Organizations must establish a written Incident Response Plan (IRP) to respond to and recover from Cybersecurity events affecting confidentiality, integrity or availability of the Covered Entity’s Information Systems and Nonpublic Information.

An Incident Response plan must include internal and external processes, goals, role and responsibility definitions, system remediation and documentation and reporting mechanisms for incident related response actions.


Cyber Incident Reporting 

Covered Entities must notify the Superintendent, no later than 72 hours, after notification is required by another regulatory agency or supervisory body and when the Cyber Event has a reasonable likelihood of materially harming any part of normal operations.

Annually, all covered entities must certify in writing that the organization is in compliance with all reporting guidelines set forth in the regulation. Organizations are required to maintain information and evidence necessary to support this certification for a period of 5 years. If a covered entity has identified areas which require improvements or updating, the organization must document the remedial efforts planned or underway


While no organization can eliminate their exposure to Cyber Risk entirely, taking a proactive, comprehensive approach to Cyber Risk Management will ensure that your company is not only compliant with the new NYC500 Regulatory guidelines but also resilient in the face of constantly evolving Cyber threats.

by Adam Abresch

Are you aware that there are people with sinister intentions to hack your personal information?


Have you or someone you know been a victim of a data breach?


Do you know how easy it is for them to prey on our weaknesses and exploit our lives?

You have no idea.

Watch this excellent video by Cisco only if you never want to use a computer again.

by Ronald Brunell

The Wharton School of the University of Pennsylvania and Chubb recently awarded 33 insurance agents and brokers the Certified Advisor of Personal Insurance (CAPI) designation.

This program is designed to address the needs fo the high-net-worth household. Larger wage earners tend to live and play harder, this requires an insurance program to protect them from possible loss.

We, at Signature B&B and Acrisure, are very pleased to announce that our own Gerry Tobias, Partner, was one of the agents to receive the CAPI designation.

“We couldn’t be more proud of our Partner, Gerry. The CAPI program is extremely competitive and selective and Gerry’s designation is just one more example of the highly specialized, value added services we bring to our clients”, said Peter Schapero, Managing Partner.

Gerry Tobias sweater.jpg

The curriculum for the CAPI consists of six modules related to the needs of the high-net-worth family. It is a 12 month course of study during which students must complete a project to demonstrate their mastery of the curriculum.

The courses, taught by Wharton faculty and Chubb subject matter experts, include “Understanding the Total Family Balance Sheet”, “Collections” (art, jewelry, wine, etc.), and”Family Security”.

“Agents who have completed the CAPI program have demonstrated a full understanding of high-net-worth customers, including their financial affairs, family management and philanthropic activities,” said Annmarie Camp, Executive Vice President, Chubb Personal Risk Services.

The Signature B&B Companies have always put a premium on education and personal development. This is done by reimbursing all of our employee’s Continuing Education courses and through our Tuition Reimbursement Program.

You can find more information on Gerry Tobias or the CAPI program here.

by Lewis Bernstein

After growing up in the insurance business with modest means, it gives me great pride to be asked to serve as a Director for the Ronald McDonald House of Long Island.

Having experienced a financial event as an Acrisure Agency Partner, I am very fortunate to now be in a position to give back, not only monetarily, but with whatever intellectual property there is for me to share.

This is especially fulfilling as it helps such a worthy organization that aligns with values that are important to my family and me; making sure children and families are able to receive help when they’re in need.

A good friend once mentioned, “it’s good to take with one hand, but great to give back with the other,” and I look forward to all of the ways I will be able to give back to the Ronald McDonald House of Long Island.
RMH_LI_30th Anniv_ Centered Script.jpg

As I’m sure you’re aware the RMHC allow families to stay together during times of great illness. The House was built on the foundation that nothing else should matter when a family is dealing with the health of a child.

Our homes are filled with more than help, they’re filled with hope

Every House provides the following services for families:

  • Home-cooked meals
  • Private bedrooms
  • Playrooms for children

The Ronald McDonald House of Long Island sits on the campus of the Cohen Children’s Medical Center of New York. Since it opened its doors in 1986, the House has welcomed over 18,000 families from over 80 countries.

You’re invited to take a virtual tour of the House and see our 2-year 44,000 sq. ft. renovation we recently completed. This would not have been possible if not for the private and public donations of time or money.

by Peter Schapero

We have a great deal to be thankful for this year.

One example is the work we’ve done with the Long Island Real Estate Group (LIREG).

If you don’t know LIREG, we’re nearly 400 real estate owners, developers, managers and allied trades who come together to raise money for charitable real estate related projects and networking.

As a founding member, I’ve been involved with LIREG for over 10 years, the last two as Co-President. During this time we’ve raised more than $1,000,000 for charities across Long Island. In 2016, we contributed $134,500 to five Long Island charities.

School for Language and Communication Development (SCLD), Glen Cove. The Glen Cove-based organization, whose mission is to identify children with language and autism spectrum disorders and to help them to communicate, received $51,000. The funds will be used for renovation of a preschool and elementary school playground at a school SCLD operates in New Hyde Park.

Interfaith Nutrition Network (INN), Hempstead. The charity, which addresses hunger and homelessness on Long Island by providing food and shelter, received $30,000. The money will help pay for the design and installation of a family dining room at the Mary Brennan INN in Hempstead.

Nassau Suffolk Chapter of the Autism Society of America (NSASA), Wantagh. The Long Island-based chapter of nation’s oldest Autism group works to get families who deal with Autism to become fully participating members of the community, received $28,000. The funds will be used to pay for the renovation of a greenhouse in Wantagh to enhance NSASA’s Day Hab programs.




Tilles Center for the Performing Arts, Greenvale. The Island’s leading voice for the performing arts on Long Island since 1980, received $27,500 to upgrade the assistive listening system used by patrons with hearing loss at the Tilles Center Concert and Recital Halls on the CW Post Campus.

Response of Suffolk County, Stony Brook. The operator of a crisis intervention and suicide prevention hot line received $25,000 to upgrade the working environment at the organization’s offices.

Giving to these charities and others that we have contributed to over the years is particularly rewarding. These contributions demonstrate how seriously the Long Island Real Estate Group regards its efforts to make a difference on Long Island.

Being an Agency Partner with Acrisure has afforded the opportunity to continue pursuing our Charitable and Civic interests. We are truly thankful to have found an organization of growth oriented leaders that value the wisdom of leveraging strengths while maintaining the entrepreneurial spirit & culture of its members.