For Toronto-based insurance and financial services firm, Independent Financial Concept Group, the privacy and security posture of insurance agents and financial advisers IFCG works with is a constant concern.
These agents use their own computers, mobile device and office software while IFCG provides them with backend office systems, training, administrative support and connections to the eleven major insurance companies it represents.
“We act as the middleman for the brokers and companies such as Manulife and SunLife,” according to Gary Mandel, president of IFCG. “Prior to revamping our endpoint security arrangement, our constant concern is that while we are responsible for a lot of confidential and personal information, we had no direct control over these agents and advisors.”
RELATED CONTENT
Enshrine data breach guidelines in law: Stoddart
Bill calls for mandatory data breach reporting
He said it was difficult to determine if agents were employing security and privacy best practices. Furthermore the agents were backing up data on their own and determining the quality of stored data was difficult.
“For example, they may do data backups, but they could be backing-up corrupt data,” he said. “Cleaning up data causes downtime. Some many not be using updated security software or encryption tools, they don’t realize that when they lose a mobile device holding client data, they are exposing clients to potential fraud and jeopardizing their businesses as well.”
In order to ensure that information such as personal data, income tax returns and health records handled associated with IFCG clients was secure and available for retrieval, the company had to code the data into their own protected database.
The approach was proving to be unwieldy and expensive for IFCG as their clientele grew Mandel said.
“One client document could be made up of 20 to 40 pages and we have clients that have been with us since 1999 which accounts for a huge number of documents,” he said.
From 1999 to 2000, the company experimented with thin clients, but found this solution inconvenient and expensive because of outages and support reliability issues.
“I had to hire a full-time IT person who had to be on-call to handle backup and retrieval maintenance issues,” said Mandel.
Clearly, Mandel said, IFCG needed a better alternative to reduce its own internal risks, cut down cost and set a best practices example for its independent agents.
IFCG had three main requirements:
- It needed a company to provide configured, secured and supported laptops and desktops
- The solution needed to be affordable and on an inclusive monthly fee basis for cost predictability
- The provider must have technicians that can effectively communicate with IFCG staff and agents who may or may not be technically savvy
Recently, IFCG decided revamp is process by employing a secure managed endpoint solution provided by Markham, Ont.-based No Panic Computing Inc. (NPC)
Mandel said NPC provided his company with a fleet of security hardened laptops, desktops and tablets which were monitored and supported by NPC 24/7.
The machines are equipped with biometric access, encrypted hard drives, and anti-virus monitoring software.
The endpoint security firm addressed Mandel’s concerns about lost and stolen devices.
“The machines are continually monitored, customers receive calls from NPC if their computers are unexpectedly accessed in an unexpected or suspicious manner,” said Tom Ward, VP of marketing for NPC. “We verify if the machines are being used by authorized users, if they’re not, we remotely lock down the devices and wipe the drive clean so that customer data is protected.”
Mandel said, the arrangement is also financially beneficial for IFCG because it helps reduce the risk of compliance cleanups that could easily cost anywhere from $100,000 to $150,000. The monthly fee comes to about $125 to $150/user inclusive of device, software, antivirus and monitoring.