How Three NAPA Members Were Protected With INVISUS
By Harry J. Lew
Given mounting reports of cyberattacks on financial services firms, it’s easy to succumb to anxiety about how to respond. Should you just keep your head down until the attacks stop, assuming your firm is too small for hackers to care about? Or take action by teaching yourself defensive best practices? Or simply outsource the whole problem to a cybersecurity consultant?
Insurance and investment professionals have used all three approaches. But now there’s a fourth: engage a vendor to guide your own efforts, while keeping time and cost outlays down.
According to three members of NAPA who followed this path, staying involved while receiving expert guidance may be the best of all worlds. It keeps your costs down, while creating a continuous security process and culture. And it’s available today from INVISUS, a leading provider of computer repair and security services for small- to medium-sized companies.
Consistent with their philosophy of providing valuable benefits to their members, NAPA in 2015 selected INVISUS as their cybersecurity partner. Established in 2001, the firm has been a pioneer in digital protection and risk management for both businesses and consumers. Its flagship InfoSafe® security compliance service, iCare Pro® on-demand tech support service, and iDefend® business and employee identity theft protection programs are well regarded and available at a substantial discount for members of NAPA.
Consider the reactions of three NAPA members who have recently worked with INVISUS.
Connie Holt, owner of Goldsum Insurance Solutions, is a Medicare insurance broker based in Pleasant Hill, California. She purchased INVISUS’s ICare Pro® in order to make sure her computers ran safely and reliably. After a career in the desktop publishing industry, she entered the high-tech field, placing contractors in corporate jobs. When the Internet boom fizzled around the new millenium, demand for her services crashed, and she decided to leave the business world for a while, becoming a certified massage therapist and Reiki practitioner. “I was completely removed from Corporate America, and it was very rewarding,” Holt recalls.
However, she faced two daunting challenges. First, she would soon lose her COBRA health coverage and second, she realized she needed to make more money. Fortunately, a visit to a local health insurance broker fixed both problems. She was able to purchase the health coverage she needed and also got invited to return to the broker’s office to check out a health insurance sales career. After observing him in action, she decided to become a captive health agent in 2004. In 2006, she branched out into the government-employee market for life insurance and annuities, entering the Medicare arena a couple years later. After gaining more experience, she evolved from captive-agent status to being an independent producer.
Today, Holt focuses on selling Medicare-related insurance, ACA health insurance, and life insurance. “I love it,” she says. “I love my clients and find the work very rewarding.” What she found less rewarding was dealing with the technical and security aspects of her computer hardware and software. As a provider of Medicare insurance, she is subject to stringent CMS regulations regarding computer security. “CMS is very strict about what we can do with our clients’ personal information,” she says. “HIPAA regulations are strict also. I’ve had to become very aware of compliance with those regulations. Plus, insurance carriers have become much stricter over the years. They want us to encrypt our entire computers.”
As a result, with regulatory concerns mounting, cybersecurity has become an increasingly important part of her business. Having to keep client data on file for 10 years sharply increased her cyberrisk exposure, as well. What to do about it? Becoming a cybersecurity expert herself just wasn’t in the cards. “I was in the business end of tech, not in technology itself,” Holt explains. Thus, she wasn’t comfortable securing her computers on her own. She did have a great IT consultant available. But his services did not come cheap. “I bought a new computer and hired him to port things over,” Holt remembers. “Next thing I know, he sent me a bill for $800.” She also had some dealings with big-box retailer tech-support squads. “I’ve never had a good feeling from or good service working with those guys.”
When she heard of the INVISUS ICare Pro® service, she recognized it was a “no-brainer.” “They’re there when you need them (and they work late). I can add computers as I need to. And they charge me by the computer. Now I just view them as my IT consultants.”
How does she use them? “They just guide me about any troubles I might be having. They help me with encryption issues and make sure my computers are running correctly. They offer a lot I haven’t even taken advantage of yet. But I will,” Holt says.
Holt’s bottom line? “I feel safer having INVISUS just a phone call away. Plus, my assistant is able to tap into them whenever she has trouble. I feel very secure now.”
Evan Beecham, owner of Beecham Financial Services, Inc., in Hillrose, Colorado, has offered safe financial strategies to his clients for 23 years. His specialty is helping people plan for and achieve a secure retirement through effective investment and income planning. He also does life insurance work for people in their forties. Beecham says his forte is educating clients about how to build wealth without the risk of the stock market or the inefficiency of banks. In addition, he helps business owners, real estate investors, and other entrepreneurs to adopt financial strategies that fit their unique needs.
Licensed in insurance sales and investment advisory, Beecham shares the industry’s concern about cybersecurity. “The number one thing is to protect my clients’ information,” he says. “I need everything to be secure and safe, especially client data.”
Even though Beecham doesn’t store investment performance data on local servers—his clients access their results through their insurance or investment firms’ websites—with so much hacking going on, he still worries about criminals breaking into his computer and stealing his clients’ personal information. “You need to take every step you can to protect them,” he warns. Which is why he purchased the INVISUS InfoSafe® program. “They’re experts in this area and developed a package that helps companies solve the problem.” He especially appreciates how INVISUS figured out how to give small- to medium-sized firms the same rigorous protection that large firms enjoy.
Interestingly, Beecham decided to get more proactive about cybersecurity without any prodding from either his FMO, RIA, or state/federal regulators. However, he says NAPA played a key role in educating him about cyber risks and how to address them. Better yet, with INVISUS, it provided a reasonable and affordable solution, which was helpful because he lacked access to a good computer security vendor in his rural community.
“After NAPA made me aware of INVISUS, I checked them out carefully,” Beecham explains. “I liked what they were offering, their professionalism, and the processes they go through to make sure everything is secure.” He also likes how it does a comprehensive assessment up front and then continues to evaluate his system over time to keep him safe. “I had not seen anything quite like INVISUS prior to working with them,” Beecham says.
Although Beecham hasn’t shared his InfoSafe® certification report with prospects or with the firms he works with, he was quick to add the InfoSafe® seal to his website and emails. “This helps people have a high level of comfort about me,” he says.
In addition to purchasing the InfoSafe® program, Beecham also decided to use the iCare Pro® service. “I had a neighbor who built my computer years ago and who also fixed it if something went wrong. But he passed away a couple years ago. When I read about iCare Pro®, I realized it might come in handy. If I have a glitch or some other issue, I can now immediately get hold of someone who can diagnose the problem and fix it.“
At the end of the day, the Colorado agent and advisor says INVISUS “is all about protection. If you ever have an issue, having them on board proves you were diligent. Not only is that good from my perspective, it’s even more important from the client’s perspective. It gives them comfort in knowing we’re taking extra measures to keep them safe.”
Finally, Beecham has been greatly impressed with the quality of INVISUS’ work. “Once I saw how thorough they were, I would have expected to pay more for their services.”
Aaron Smith, Founder of Fusion Advisor, has the ideal background from which to address the cybersecurity issue. He was a practicing investment advisor before starting a software-development firm for America’s family offices. In the former capacity, he learned about the importance of safeguarding his own clients’ personal data. In the latter, he felt the added pressure of protecting the customer data of all of the advisors who put their clients on his online wealth platform.
“One story got me really paranoid,” says Smith, who’s been managing Fusion Software since 2005. “I read about someone breaking into a university’s computer and pulling documents off its server. I had to make sure that would never happen to our firm.”
Smith’s application, Wealth Office, allows family offices to create custom online portals for their clients. It aggregates data from investment firms such as Charles Schwab, TD Ameritrade, and many others and displays them online for client viewing.
“I had to make sure (the university scenario) never happened because my advisors are uploading performance documents, which include account numbers and information about how much their clients are worth. We took several steps to make sure that not only are our document names encrypted, but also that a specific document can’t be connected to a specific client.”
Given this requirement, Smith has been acutely aware of the industry’s cybersecurity threats for years. For him, the problem is finding the right security vendor to help neutralize those threats. “There are a lot of people you can talk to,” he explains. “And they all recommend doing certain useful steps that may get you secure for the moment. But there’s no (ongoing) process.
Enter INVISUS. “What intrigued me was their process,” Smith said. “At first it looked like they just give you a bunch of questions to answer. But when you really look at the questions, it became clear they were challenging us to consider, ‘Do we really do these things?’”
In addition, Smith said it’s one thing to ask yourself the questions in the moment. But it’s quite another to keep asking them over time. “I wanted to make sure we kept doing it,” which is what led him to purchase the INVISUS InfoSafe® service, which requires periodic re-certification.
As he began implementing the process, it became obvious to Smith it wasn’t trivial. “We’d been doing security for years, but after looking at the INVISUS diagnostic questions, we wondered if we’d been doing anything at all . . . . But once we got our ducks in a row, everything fell into place and we were able to implement (their recommendations) in less than a month.
After working with INVISUS, Smith came to appreciate what they brought to the table. “When we looked at other security vendors, it seemed as if we were talking with professional salespeople,” Smith noted. “They told us about all the security things we should do. But in reality, we’d been there and done that . . . . What we wanted was a process the vendor would stay on top of over time.”
That’s exactly what he’s received from INVISUS. “They contact all our employees and remind them to begin doing their annual security checks,” says Smith. “At the end, our employees get a certification saying they completed the process and are doing things right.”
Smith appreciates how INVISUS gives his employees a sense of ownership in the firm’s overall security. Because their computers are gateways to the Internet, each represents an important piece of the security puzzle. Getting certified gives employees an important sense of accomplishment, Smith notes.
Also helpful is the fact that the InfoSafe® program is scalable. When you add an employee and computer, it’s easy to add them to the INVISUS certification process. “Since everyone is doing it, when you bring someone new on board, it’s not hard to get the person going (on security),” Smith says.
Finally, Smith adds that INVISUS taught him how to think about how his computers are interconnected and which are online. “Maybe some of them don’t need to be connected to the Internet all the time,” Smith says. “In an investment firm, you have advisors online, but you also have assistants. To what should you give them access and how do you make sure they’re not clicking on the wrong things?”
Smith’s bottom line? He believes his firm is “100 percent safer” now that it’s InfoSafe® certified. Would he recommend INVISUS to other financial professionals? “Definitely . . . . . InfoSafe® went far beyond what I initially expected.”
If you’re interested in learning more about INVISUS security solutions, please go here if you’re a NAPA member.