|
|
WATCH
FOR THE CARS NOT THE TRAFFIC LIGHTS!
by Jim Robinson CLU, ChFC, CFP,MSFS
|
When training our
young ones to cross streets and intersections we know that it is a very smart thing
to train them to watch for cars and not focus entirely on the traffic lights for
obvious reasons.
When you are sending e-mail using instant messaging or transmitting client information
on the Internet.....WATCH THE CARS NOT THE TRAFFIC LIGHTS!
Ok. You are on your favorite website and you decide you will buy that item you must
have! You hit the BUY button and complete the form and press send. Your credit card
info and other personal and sensitive information are transmitted with privacy. You
saw a pop up box (some are a little more colorful than others) telling you being
protected by SSL. Most sites that are e-commerce enabled use SSL encryption. Many
Internet users may not be aware that SSL comes in three strengths, 40-bit and 128-bit,
which refer to the length of the session key generated by every encrypted transaction.
The longer the key, the more difficult it is to break the encryption code. Industrial
strength 128-bit SSL encryption used to be the world's strongest. Encryption technology
has recently delivered higher encryption strength of 1024-bit key encryption.
My question to you: Are You Watching The Traffic Light Or Are You Watching
For Cars? Translation: You completed the form before you press the send button. The
phone rang while you were doing this. So you took the call. 5 minutes. You realized
your coffee was getting cold. You got up and poured a new cup..2 minutes. So 10 minutes
later you pressed send. Are you aware that your information was exposed to the entire
World Wide Web up to the point you pressed the send button ? If fact if you press
the back button you will see the lock (that appears in the lower right hand corner
of the your screen) disappear when you go back to the page just before you pressed
send. Many websites have this vulnerability. This is only one of many vulnerabilities
that you many not be aware of.
By the way, most Company Intranets are safe. Some are safer than others. We are moving
from Company Intranets to the web. One example would be the life career agency system
that has a population of 190,000 and the independent agents with a growing population
of 300,000. If you add the independent brokerages and boutique shops of Financial
Services Practitioners, this numbers swells to over close to 750,000 plus. This trend
indicates that enormous amount of conversations and communications are occurring
on the World Wide Web and not Company Intranets. At the same time, the privacy of
information exchanged online is one of the leading concerns voiced by consumers and
organizations.
How do you ensure your information is protected and private? Today, some Company
Intranets are using basic privacy. Basic Privacy is delivered by a web server certificate
which enables SSL. Typically it is combined with User Name/Password authentication
and it protects information submitted between browser and server. This is not enough..
In January 2000, an attacker accessed and stole CD Universe (www.cduniverse.com) customer records including
credit card information. SSL encryption only provided protection of sensitive information
for part of the way only to the Web server. The fact is that information or data
is vulnerable at multiple points.
Other Recent and Interesting Invasions
- Western Union:
Hackers made electronic copies of the credit and debit card information of 15,700
consumers.
- Credit Cards:
A teenage hacker cracks thousands of computer networks and gains access to more than
23,000 credit card numbers, posting them to the web leading to roughly $2.8 million
in fraudulent charges, including purchases he made to the credit card of Bill Gates.
It appears that SSL encryption is not enough for Financial Service Practitioners
online needs. You must look at Invasion of Privacy while you are on the Internet
as if an advancing conquering army is invading your fortress. The attacks come in
waves. First they are the outright attacks on the fortress and then they are the
covert and stealthy activities that are ongoing after the army retreats.SSL encryption
helps in authorization and validation but in real time dynamic environments more
help is needed. Again...don't relax your guard just because a site says it is secured
with SSL.
Did you do any of the following today:
How does this affect your errors and omissions coverage? Well did you do any of the
following today:
- Have you used e-mail
to discuss a case or client issue with an associate that happens to work for another
company.
- Have you had a casual
conversation using Instant Messaging in which you mentioned a client's situation?
- Did you transfer
a client file via your ISP (Internet Service Provider such as AOL) because your company's
network was down and you had to get it there!
- Did you log on to
a corporate network using a VPN or dial-up connection?
- Did you transfer
a client file or send a e-mail using a School, Airport and or Hotel connection ?
- Do you use wireless
Internet networks that is a must for the stay-connected crowd.
- Trade stocks on-line?
- Purchase items from
web sites like Amazon.com or Ebay.com?
If you did, you may
have placed subsequent online communications with clients and prospects in jeopardy:
In upcoming articles we will give you case examples.
The Financial Services Professional will need to do due diligence on webites before
using their collaboration and communication services. The professional should seek
out those sites that use persistent encryption i.e. protection throughout your entire
communications, collaborative situations and applications. Beyond the web server
right to the back-end application. Coupled with active managed intrusion and protection
services, the Financial Services Practitioner will have SafeHarbor for Internet communications
and collaboration activities with clients and prospects.
By
the way, Watch For The Cars Not The Traffic Lights!
Jim Robinson President and CEO of A-PALOnLine , is a financial services
professional with over 15 plus years of financial planning and wholesaling experience.
He has spent the last 19 years in producer support for Financial Services Practitioners.
Jim's passion is to take Financial Services Practitioners "Collaborative Producer
Support" to the next
level.
Jim previously held the position as Regional Sales Vice President for John Hancock
Financial Institutions Group. Jim also previously held the position of Director of
Annuities and Life Sales for New York Life and has previously worked as a Pension
Specialist for The Equitable Life Insurance Society of America and as Manager of
Mutual Funds Wholesaling for the Mutual of Omaha Companies.
Jim graduated from Depaul University with a Bachelor of Science in Marketing &
Management in 1980, and is a member of the Financial Planning Association and the
Society of Financial Services Professionals, Jim is a Registered Health Underwriter
(RHU), a Chartered Financial Consultant (ChFC), a Certified Financial Planner (CFP),
and has a Master's degree in financial services (MSFS) from the American College.
e-mail: jim@apalonline.com
Phone: 678-566-2702
|
