|
|
CYBER-TERRORISM
FORCES FINANCIAL SERVICES PROFESSIONALS TO SELECT WEBCONFERENCE PROVIDERS THAT DEPLOY
ADVANCED ONLINE SECURITY STRATEGIES AND TECHNIQUES
by Jim Robinson CLU,
ChFC, CFP,MSFS
|
CIA Has Validated
The Danger
Terrorist groups are increasingly using new information technology (IT) and the Internet
to formulate plans, raise funds, spread propaganda, and communicate securely. In
his statement on the worldwide threat in the year 2000, Director of Central Intelligence
George Tenet testified that terrorist groups, "including Hezbollah, HAMAS, the
Abu Nidal organization, and Bin Laden's al Qa'ida organization are using computerized
files, E-mail, and encryption to support their operations." As one example,
convicted terrorist Ramzi Yousef, the mastermind of the World Trade Center bombing,
stored detailed plans to destroy United States airliners on encrypted files on his
laptop computer"
Attacks On National And International Infrastructure
In addition, over the past several years, various groups and individuals have carried
out the following attacks on critical national and international infrastructure:
Richard Clayton and
staff researchers at the University of Cambridge most recently cracked the codes
used by Bank ATMS in the United Kingdom Just to prove it could be done.
A hacker known as"Infomaster"penetrated the Bureau of Land Management network
in Portland, then skipped on to Sacramento where (s)he obtained root access to the
computers that controlled every dam in northern California.
A Massachusetts teenager broke into the Bell Atlantic system and disabled communication
at the Worcester airport and cutting services to the airportís control tower.
This prevented the incoming planes landing lights from activating the sensors that
control the runway lights.
A Tamil guerrilla group known as the Internet Black Tigers launched a DDoS attack
on the Sri Lankan embassy computers throughout Europe, North America and Asia for
two weeks, paralyzing the network.
Ten thousand Internet activists calling themselves the Electronic Disturbance Theater
began a DDoS attack on the Pentagon, Frankfurt Stock Exchange and Mexico presidential
Web servers in support of Zapatista rebels in Chiapas, Mexico.
Other terrorist groups, such as the Tamil Tigers engage in attacks on foreign government
websites and E-mail servers..
Information Warfare:
The prospect of 'information warfare' by foreign militaries against our Nation's
critical infrastructures is perhaps the greatest potential 'Cyber-Terrorism threat
to our national security. We know that several Foreign Nations are developing information
warfare doctrine, programs, and capabilities for use against the United States or
other nations. Knowing that they cannot match our military might with conventional
weapons, Foreign Nations will use Cyber-Terrorism attacks on our critical infrastructures
or military operations as a way to hit what they perceive as America's Achilles heel.
This is the danger we face as our dependence on information technology in government
and commercial operations continues to grow.
The China Factor
Two Chinese military officers recently published a book that called for the use of
unconventional measures, including the propagation of computer viruses, to counterbalance
the military power of the United States.
The Cold War May Not Be Over
And a Russian official has also commented that an attack on a national infrastructure
could, 'by virtue of its catastrophic consequences, completely overlap with the use
of [weapons] of mass destruction.'
Cyber-Terrorists Strike In Confusion
The old war tactic of confuse the enemy first, then strike works well with Cyber-Terrorists.
'I don't think it's out of the realm of possibilities that Cyber-Terrorism could
be used as one ingredient of a larger plan or perhaps another mechanism to create
disturbance,' said Bob Cohen, senior vice president of the Information Technology
Association of America, a trade group. In the past, Cyber-Terrorists have shown a
propensity to strike during international conflicts. Skilled Cyber-Terrorists could
disrupt systems for hospitals, power grids, banks and other key institutions. 'A
comprehensive and destructive attack on a critical infrastructure, where it was well-planned,
well-targeted, could clearly have a destructive impact,' said Michael Vatis, director
of the Institute for Security Technology Studies at Dartmouth College.
Financial Planning Clients Fear
The American public, including millions of financial planning clients fear the September
11th attacks could prompt Cyber-Terrorists to try to disrupt our financial systems
including the systems that handle online statements, illustrations, and most importantly
client sensitive data. Additionally terrorist cells and groups may conduct Securities
Fraud, Credit Card Fraud and Identity Theft
as they carry out their Anti-American missions and goals. One of the critical issues
that Financial Services Practitioners have to address is the underlying security
of data transported over the Internet, Intranets, and Extranets such as those of
Web Conferencing providers.
Video Conferencing
and Web Conferencing
The Internet videoconferencing market exploded with products in the late 1990s, but
customer ardor was dampened by the reality that video quality over dial-up bandwidths
just wasn't that great. Today high-speed Internet connections have made the unthinkable
possible in video, audio and file sharing capabilities. . High-speed Internet access
is much more prevalent in the office than at home.
Video Conferencing Primer
Video Conferencing is generally a video communications session among three or more
people that are geographically separated. This form of conferencing started with
room systems where groups of people meet in a room with a wide-angle camera and large
monitors and conference with other groups at remote locations.
VideoConferencing can get you face to face, but sometimes what you really need is
a collaborative working environment as only Web Conferencing can provide. These services
provide scheduled or instantaneous group access to resources such as application
sharing, shared Web browsing. and text chat, whiteboards, and audio conferencing.
This is perhaps the only true distinction between Web-Conferencing and Video Conferencing.
Most webconferencing feature a moderator function to control workflow and interaction,
creating a fertile environment for editing documents, planning proposals or project
plans, or working through budgets in spreadsheets. WebConferencing embraces DataConferencing
The ability to view and interact with the same data or application may be as important
as seeing the participants. Whiteboarding offers the most basic of these capabilities..
Demand Increases
In the two days following the September 11 attacks on the World Trade Center and
the Pentagon, traffic increased 20 to 40 percent on Web conferencing services. Now
that businesses are cutting back on air travel and Americans are more reluctant to
fly, they're turning to online web conferencing services for face-to-face meetings.
Another Tragedy in New York on November 12th, 2001 increases the chances of more
Americans e.g. Financial Service Practitioners embracing this technology.
Teleworkers: National Survey Shows 1 in 5 Americans Choose Teleworking
Trends, point to more Americans working at home also. This activity was on the rise
way before the September 11, attacks. The number of employees who telework in the
United States increased to 28.8 million, for a jump of almost 17%, during the past
year. An overwhelming majority of these teleworkers are more satisfied with their
jobs, are more productive and feel more loyal to their employers.
Many Teleworkers have and continue to manage their assets via the Internet. Financial
Services Practitioners may be forced to service this market through Video and Web
Conferencing
Streaming Video via The Internet Versus Private ISDN Lines
It seem that most people are familiar with web-based videoconferencing and web conferencing.
It you ask a Financial Service Practitioner to mention the name of a web conference
provider, they will mention Webex or Placeware. The Practitioner may also be doing
business with smaller providers e.g. Citizens Conferencing
Corporations Still Favor ISDN
Surprisingly, according to Wainhouse Research, over 80 percent of videoconferencing
is still done via private ISDN lines with the remaining videoconferencing done via
private IP networks. ISDN stands for Integrated Services Digital Network. It was
originally designed as a 'next generation' telephone system, integrating voice and
data into one connection. Advantages that have given ISDN its unique niche:
- Dialup is fast. ISDN
calls typically dial and connect in 1 to 3 seconds.
- It's digital. 64kbps
bandwidth for each 'B' channel is guaranteed.
- It's multi-mode.
A 'B' channel can carry data, voice, fax or video.
- It concentrates calls
as many as 30 concurrent calls through one cable.
- Ideal for remote
working (teleworking).
Business videoconferencing tends to stay away from the public Internet, because it
creates network congestion. Corporate customers prefer not to use streaming video.
Web based videoconferencing services use streaming video. Also internal corporate
networks are too busy dealing with other tasks, such as file sharing, printing, e-mail,
and regular Web access, to handle further drains on their resources. Nextel corporate
network at Nextel's offices in Atlanta is off-limits to any video streaming to prevent
network congestion.
Web-Based Tend To Be Medium To Low Quality
Webex, Placeware, Raindance and other web based web conferencing providers allow
a medium quality webconferencing and medium to low quality videoconferences over
the public Internet. Raindance and WebEx currently aren't meant for true two-way
video, but they let businesses and business travelers share other types of dynamic
software. Again, VideoConferencing can get you face to face, but sometimes what you
really need is a collaborative online working environment. WebConferencing does this
best..
Keep in mind that 82 percent of the Internet's home users still rely on modems. Some
companies use streaming audio and video as part of e-learning applications, such
as DigitalThink and SmartForce. But the best example for e-learning may be Directfit.
Collaboration Services Grid:
|
APPLICATIONS
|
PROVIDERS
|
PRICING
|
| Real-time Web conferencing |
Raindance
Communications
|
$0.21 per minute per
user |
|
|
WebEx
Communications
|
$120 per seat per month
for unlimited meetings, or $0.45 per minute |
| E-learning |
Digital Think |
$25,000-$80,000 per
course being developed |
| |
Powered |
Average contract, $175,000 |
| |
SmartForce |
From $125 (for individual
access to one course) to multi-million-dollar contracts |
| Investor Relations
Webcasting |
CCBN |
Basic audio, $700; audio
and PowerPoint, $2,700; video, $10,000 and up, plus setup fees |
| Internet Videoconferencing |
CUseeMe World |
$39.99 download |
| |
SeeSaw's Distance Meeting |
$0.30 per minute per
user |
| ISDN And IP Videoconferencing |
First Virtual |
Enterprise videoconferencing,
$35,000 and up |
| |
Polycom |
Individual basis, $4,000
per person; private network desktop video, about $600 per person, plus the cost of
a network |
| Video Interviews |
Directfit |
Basic service, free;
hiring an interviewee, 1/3 of the negotiated sale |
Source: Cade Metz ,"Broadband
Inside" PC Magazine November 27, 2001 http://www.pcmag.com/print_article/0,3048,a%253D17722,00.asp
Examples Of Typical Online Collaboration Planning Situations
Special Planning Needs Situation:
A Financial Services
Professional in Cedar Rapids Iowa has a client with special planning issues including
a developmental disabled child.
Web-Based Solution: The Financial Services Professional secures a confidential
WebConference with the specialist who lives and work in Puerto Rico. The person is
a developmental disabled childrens specialist. The Financial Services Professional
arranges for the client and spouse to participate in this planning session to address
the key planning issues for this special child.
Investment Situation: A Registered Investment Advisor (RIA) needs to collaborate
with members of the estate planning team in a far away city. To make matters worse,
the high net worth client is now located in a far away rural area. The CPA is away
on vacation. The Advisor needs to get everyone together to finalize investment strategy
and to complete collaboration with the estate planners. The CPA has agreed to a meeting
if the Registered Investment Advisor can get everyone together.
Web-Based Solution: The RIA would arrange an online conference with a service
provider that specializes in file sharing and collaboration. WebConferencing is offered
with the option to use the RIA existing client planning tools. No learning curve
or security issues -the RIA can concentrate on client issues.
Event and Crisis
Management Situation: Many clients are hearing disturbing news that the tax laws
may adversely affect their retirement savings. They are hearing bits and pieces about"Phase
in rules"and Sunset Provisions. Clients and consumers are hearing about an AMT
Tax and estate tax loops. Many Financial Services Practitioners being told that their
clients are getting calls and letters from sales people encouraging them to bring
their accounts to a firm that understands the changes and can protect their assets.
Adding tension and uncertainty to the current situation is the recent terrorism attack
on the United States Millions of Americans are asking questions such as:
- How will the events
of September 11 affect the life insurance industry?
- Do 'war exclusions'
apply in this tragedy?
- Do 'terrorism exclusions'
apply in these circumstances?
- How much will these
terrorist acts cost the life insurance industry?
- Is the life insurance
industry financially capable of honoring all the claims it will get?
- Will the tragedy
result in an increased cost in life insurance?
- What procedures are
in place to ensure beneficiaries receive their due payments?
IDSN Video Conferencing Solution: 'Event Management' strategies could involve
deployment of industrial strength video conferencing. One Financial Service Professional
contacts for services with a full service video conference provider. Full video and
audio will be deployed with cutting edge presentations tool. At the same time the
Financial Service Professional contacts The American Council of Life Insurance (ACLI)
and arrange a representative to join them on the conference from ACLI headquarters
in (different cities) the Financial Service Professional also contacts the National
Association of Estate Planners and Councils to arrange to have a representative join
them to deal with the estate planning issues. The Financial Service Professional
is well versed in Taxation. Therefore the three professionals will be very effective
in conducting this informative interactive forum.
The Financial Service Professional decides to invite 40 clients to this one-hour
session. A second Professional gets wind of it and decides to invite 100 clients
as well. By the time of the session, the client attendance has swollen to 10,000
in multiple locations.
Not to worry, the videoconference provider can handle it. VideoConferencing Service
Providers do have the capabilities of servicing multiple locations e.g. One provider
boost of public access to over 3,500 videoconferencing sites worldwide, large-scale
videoconferencing productions, multipoint events, and corporate videoconference consulting
and outsourcing. At the same time, on any given day during this period of doubt and
uncertainty, the professional associations and organizations such as the American
Institute of Certified Public Accounting, CPCU Society, Financial Planning Association
and the Society of Financial Service Professionals are deploying similar strategies
for members and clients.
Web and Video
Conferencing Security
Web Based Conferencing
Cyber-Terrorism forces Financial Services Professionals to select webconference providers
that deploy advanced online security strategies and techniques. It is comforting
to know that the potential threats to client and peer confidentiality that Cyber-Terrorism
brings is being minimized by the security efforts of the major webconference providers.
Providers of web-based conferencing should use Webex security model or a higher standard.
System Architecture
WebEx Interactive Web Conferencing Platform is based on the T.120 data conferencing
standard and is deployed on a distributed system of high-speed conferencing servers
that route meeting data to and from meeting participants. T.120 is a suite of networking
protocol standards for real-time multi-point data communications, T.120 is another
critical specification established by the International Multimedia Teleconferencing
Consortium
In addition to interoperability, the T.120 standard was established to ensure a long
list of benefits: data integrity, network transparency, platform independence, network
independence, and scalability. These conferencing servers act as information switches,
transferring data to each meeting participant. From a security standpoint, this architecture
has the advantage that there is no persistent storage of any meeting data within
the webconferencing infrastructure.
Dynamic meeting content displayed during a webconferencing session originates only
from a Presenter's desktop. Attendees see only graphical representations of this
data. At the end of a meeting all such representations are deleted (of course, the
original content remains on the Presenters' desktop).
Contrast this approach with other webconferencing providers that require an upload,
conversion, and storage of presentations. This alternate approach introduces additional
points of attack for sensitive corporate data.
Firewall Compatibility
As one enters a webconference, the client communicates with the conferencing server
to establish a reliable and secure connection. In the process of establishing the
connection: the client first attempts to connect using TCP (port 1270) if this port
is blocked by a firewall, the WebEx client will then tunnel WebEx communications
using HTTP (port 80). If a customer elects SSL the traffic is carried over port 443.
By establishing communication between the client and the conferencing servers in
this manner, customers' firewalls do not have to be reconfigured to enable online
meetings, thus complying with corporate security policies that guard against the
opening of firewall ports.
Authentication
Meeting password
challenge: In order for attendees to gain access to a meeting, they can be required
to provide a password Visible identity: A list of attendees is provided to the meeting
organizer (also sometimes referred to as the meeting host.) This information allows
the meeting organizer to see who is attending the meeting. If the meeting organizer
sees someone she does not recognize, she can challenge the attendee by asking for
verbal authentication.
Expel/Invite: With this capability, the meeting organizer can also expel unwanted/unauthorized
attendees from the call. On the other hand, if the organizer needs to invite someone
into the meeting, he or she can do so by using the invite capability. Lock/Unlock:
The meeting organizer can prevent interruptions in the call by locking the call so
that no new or ejected attendees can join in to the call. Of course, the organizer
can also choose to unlock the meeting at the appropriate time to let new attendees
join in the meeting.
List/Unlist: When organizing the meeting, one does not have to list it. This
means that attendees will have to be explicitly notified of the meeting and must
be given the meeting's ID - a randomly generated eight-digit number. This is usually
done through email and the organizer provides the meeting URL in the email. Moreover,
the organizer can assign a password to the meeting.
Domain Blocking: Webconferencing can also selectively block domains from accessing
a customer's meeting center website..
Encryption
Content is never sent in clear text. A proprietary data format is used for transmitting
data to and from clients to the webconferencing servers, if the SSL option is not
purchased. For maximum security, webconferencing should embrace provides the option
of securing all meeting content with 128-bit encryption using Secure Sockets Layer
(SSL), which is the most widely used Internet standard for securing sensitive data
communications. With SSL, all data is encrypted data traveling to and from our servers
to deter third parties from accessing data in transit.
In-Meeting Security Options
The presenter has a number of options when organizing and running a webconferencing
meeting to enhance security. Webconferencing should restrict attendees' views to
only those applications specifically identified by the presenter. All other applications
should not be viewable by attendee's in this mode. Other Web Conferencing and Web
Collaboration providers expose a presenter's entire desktop.
The presenter should have complete control over attendee privileges, which include
the ability to:
- Save or print any
presentation or documents shared during the meeting.
- Switch pages (look
ahead or behind)
- Annotate documents,
presentations, Web pages or shared applications
- Send text messages
to other attendees, the presenter (or both)
- See the list of attendees
Additionally, when a presenter is sharing an application (or desktop) and passes
remote control to an attendee, he can regain control simply by clicking the mouse.
- If Presenter control
has been passed, the meeting host can take back presenter rights at any time.
Points Of Presence
WebConferencing meeting security would be enhanced by points of presence (POPs) in
various geographic locations. The facilities should have duty security personnel,
24 hours a day and seven days a week. Many webconferencing providers are now looking
at underground facilities post September 11th 2001. To gain access to any Webex router
or server at co-location facility, one must first be on the Webex access list and
then be authenticated by a biometric device (in most facilities these are hand/palm
scanners). The access lists are reviewed on a regular basis by Webex management,
and are updated on as needed basis to reflect the changing access requirements.
Network Prospective
Webconferencing providers should deploy the latest equipment and techniques to secure
data. Multiple firewalls and routers, with limited access control lists, are used
to protect against a variety of attacks. Webconferencing providers should require
security personnel to undergo training in all aspects of network security.
Videoconferencing
Financial Service Practitioners may have used webconferencing providers such as www.webex.com, www.placeware.com www.raindance.com. What Financial Services Providers
may not aware of it the fact that most higher-end videoconferencing systems still
predominately use ISDN for transmissions. Many of these ISDN providers may also support
IP connections similar to Webex etc.
Specifically, encryption is frequently used with ISDN-based videoconferencing systems.
IP- and Web-based videoconferencing communications can be secured using straight
encryption technology.
With 95 per cent of all videoconferencing systems utilizing ISDN lines, encryption
and other stealth technologies becomes mission critical in this these data and collaboration
driven environments.
Biodata as the world market leader in ISDN encryption gives us insight on the evolving
security requirements in this high-end collaboration market. It is interesting to
note that web-based conferencing providers use 128-bit encryption using Secure Sockets
Layer (SSL) whereas ISDN providers can deploy 192 bit encryption to shut out hacked
and other unauthorized users i.e. audio and video.
One other provider VCON new encryption software will provide security against unauthorized
participation and eavesdropping during videoconferences over IP networks. Their technology
consists of a choice of three real-time, encryption/decryption software algorithms,
each of which is effective in securing video, audio and data broadband streams. They
are all based on the private/public key mechanism considered by security experts
to be extremely effective against penetration. When encryption is activated, video,
audio and data streams become meaningless sequences of bits. These sequences can
only be decrypted by a remote system which has the same encryption software activated
as the local system and where passwords (keys) are exchanged in advanced.
Video Conferencing are usually high-end self-hosted solutions. Conference bridges
are created and everyone crosses the virtual bridge to get to the conference. These
bridges are vulnerable. Broadband Security Platform Providers offers VideoConference
Providers versatile security solutions i.e. including bridge encryption hardware,
certification and security clearance of multipoint sites.
Virtual Private Networks..VPNs
Companies can use the inherent security of a VPN to prevent eavesdropping on videoconferencing
sessions
Virtual private networks enable global companies with geographically diverse offices
to work and share information as if they were in the same location. Remote sites
can be connected cost-effectively. Employees are able to exchange documents, access
databases, resources and communicate safely over public networks.
More and more international companies create virtual conference rooms on Intranets,
Extranets and the Internet. During a videoconferencing session, sensitive information
is sent via public networks, where sensitive and confidential information is open
to 'attack'. Companies using videoconferencing are often victims of industrial espionage
by hackers, sometimes third party individuals hired by rival firms to steal mission
critical data. After all, the people using videoconferencing are usually high-ranking
managers, discussing strategic and confidential issues. Broadband Security Platform
Providers connects local area networks (LAN) to insecure public networks by erecting
a virtual private network (VPN), using public wires like the low cost Internet as
international transport medium.
Please keep in mind that VPN security solutions may not be cost effective for occasional
users or small firms e.g. the typical Financial Services Practitioners shop. The
leased line connection to a local ISP provider which will cost approximately $50,000
per year.
Key Features Provided By Broadband Security Platform Providers
- Hardware-based encryption
for ISDN videoconferencing
- Support for point-to-point
and MCU switched video conferences
- Successfully tested
with the leading videoconferencing equipment
- High-security encryption
using the approved TripleDES algorithm
- Enforces policies
as defined by the security system administrator
- Complies with ISDN
signaling standards
- Operates seamlessly
between private and public networks
- Completely transparent
to end-users within the secured environment
- Modular design for
investment protection and cost reduction
- Remote management
- Supports mobile satellite
videoconferencing systems
Biometrics
Biometrics is rapidly being deployed as airports tightens up security post September
11th, 2001, Biometric technologies such as face recognition may have great value
in web and video conferencing in the future.
Biometrics is the name for security technologies that measure a person's physical
characteristics to determine access authorization. With these technologies, Fingerprints,
Iris Scans, Retina Scans, the shape of a Face, or Voice Prints can be used for individual
identification. Biometrics will gain popularity as knowledgeable computer users realize
that computer"hacksí are usually password-related.
Such a system would use a video camera attached to the personal computer. The camera
would scan a field of view for shapes that could be faces. It would then search for
facial features like those already stored in its memory. To be sure the eyes, nose
and mouth belong to a living being and not a mannequin the program looks for eye-blinks
or other telltale facial movements. By the way, sophisticated systems could store
a personís pattern of eye movements.
The system then analyzes the pixels that make up the face image. It compares the
darkness of each pixel to that of its neighbors, looking for areas where abrupt differences
in value radiate outward from a single pixel. These changes can occur between the
eyebrows and skin, the eyes and eyelids, or on features that protrude, such as the
cheekbones and nose.
The system plots the location of each pixel, known as an 'anchor point,' then connects
the dots, forming a mesh of triangles. It measures the angles of each triangle and
comes up with a number made of 672 ones and zeroes that identifies the face. The
program attempts to match that number to a similar one in its database. There can
never be a perfect match, so the program ranks how confident it is about the identification.
And since the program plots the anchor points by bone structure, disguises such as
beards, makeup and eyeglasses won't fool it.
Biometrics would add another layer of security to the mission critical "Triple
A" that relates to online security i.e. Authentication, Access and Authorization.
Steganography
Steganography is an evolving technology that offer another layer of security for
Financial Services Professionals collaboration efforts. It is not widely used in
WebConferencing currently. Steganography, the art of hiding messages inside other
messages, has until recently been the poor cousin of cryptography and encryption.Steganography,
from the Greeks, means covered, or secret writing, and is a long-practiced form of
hiding information. Although related to cryptography, they are not the same. Steganography's
intent is to hide the existence of the message. Cryptography and encryption scrambles
a message so that it cannot be understood. Steganography includes a vast array of
techniques for hiding messages in a variety of media. Among these methods are invisible
inks, microdots, digital signatures, covert channels and spread-spectrum communications.
Today, thanks to modern technology, steganography is used on text, images, sound,
signals, and more. The advantage of steganography is that it can be used to secretly
transmit messages without the fact of the transmission being discovered. Often, using
encryption might identify the sender or receiver as somebody with something to hide.
For example, that picture of your cat could conceal the plans for your company's
latest technical innovation
Conclusion
Cyber-Terrorism will force Financial Services Professionals to be selective in their
online collaboration efforts as they use the Internet to expand and grow their practices.
WebConference providers are deploying advanced online security strategies and techniques
that will minimize potential threats to client and peer confidentiality that Cyber-Terrorism
bring. The use of evolving technologies such as Steganography combined with encryption
and biometrics will provide the Financial Services Professional with a secured interactive
collaborative environment.
Jim Robinson President and CEO of A-PALOnLine , is a financial services
professional with over 15 plus years of financial planning and wholesaling experience.
He has spent the last 19 years in producer support for Financial Services Practitioners.
Jim's passion is to take Financial Services Practitioners 'Collaborative Producer
Support' to the next
level.
Jim previously held the position as Regional Sales Vice President for John Hancock
Financial Institutions Group. Jim also previously held the position of Director of
Annuities and Life Sales for New York Life and has previously worked as a Pension
Specialist for The Equitable Life Insurance Society of America and as Manager of
Mutual Funds Wholesaling for the Mutual of Omaha Companies.
Jim graduated from Depaul University with a Bachelor of Science in Marketing &
Management in 1980, and is a member of the Financial Planning Association and the
Society of Financial Services Professionals, Jim is a Registered Health Underwriter
(RHU), a Chartered Financial Consultant (ChFC), a Certified Financial Planner (CFP),
and has a Master's degree in financial services (MSFS) from the American College.
e-mail: jim@apalonline.com
Phone: 678-566-2702
|
