What is Connect2A.com or the Connect2A Service?
Connect2A is an application service that starts with an electronic personal information form and then is used as a data manager during the planning, lifetime maintenance, and after death administration of a client's financial/estate plan. The service is especially designed for attorneys, accountants, and financial advisors to enhance relationships and increase efficiencies. The service increases office efficiencies by:
· Tracking the changes in the title to a client's assets during the funding stage of a client's estate plan,
· Entering data once and then using that data many times by exporting the data to popular desk top software solutions,
· Sharing the data with a client, and the client's team of professional advisors, and
· Keeping the data up to date for annual or less frequent meetings and after death administration.
· Providing an emergency backup system for problem area's in your office. If you have staffing problems for Trust Funding or need help from another attorney working co-counsel.
The above are just a few of the efficiencies the service can provide in your practice. To learn more please call us at 317-222-1886 or e-mail us at sales@Connect2A.com to schedule an Online Demonstration for you and/or your staff.
Do I need a website to use Connect2A?
No website is required for a client to connect to the Connect2A website. All a client needs to do is log into the internet and then using Internet Explorer or Netscape go to www.Connect2A.Com and click on "login". Although no website is required, to create top of the mind awareness, we strongly recommend directing your clients to your website and then having them click on the "electronic database" or "electronic personal information" to access the Connect2A service.
How do I get my Logo/Banner to display within the Connect2A Service?
You can have the Connect2A Service personalized for your firm. We need to receive your logo/banner in a specific (250 x 65) pixel size. Once we receive
your logo/banner, then we will display the logo/banner on every page that you and your clients/prospective clients view within the Connect2A service.
If you do not currently have a logo/banner that is in this specific size you can:
Have your website designer create a logo/banner for you in the specific (250x65) pixel size and e-mail it to us at support@Connect2A.com.
Have one of our Strategic Alliance Partners create the logo/banner in the specific (250x65) pixel size for you.
In most cases one can be created inexpensively (approx. $30 to $250 depending on the complexity) from one of the following:
Please e-mail one of the above to support@Connect2A.com and we will give you a quote and create your Logo/banner to personalize the Connect2A service for your firm.
- Your existing website. We need to receive your website address and which logo you would like us to use.
- A current logo you are already using that may not be on your website. Please send your file attachment.
- An electronic letter head from MS Word or Word Perfect. If you do not have a logo or website, you can send us your letterhead and we can create a logo/banner from that.
How can I put a link from my website to send my clients to the Connect2A Service login?
You can create a "button" on your website like the one below. When your clients press this button, the link will take them to our Login screen.
To add this button to your website copy the following text and place it within your webpage:
Note: You can change the button description by replacing "Personal Information Form"
with your own wording and the button will re-size to your wording.
Please call or e-mail us at support@Connect2A.com with any questions.
What type of Computer System do I need to Operate Connect2A?
We recommend that a user have at least the following:
Win 98, 95, ME - 64M of memory and a 200 mhz Pentium.
Win 2000, XP - 128M of memory and a 400 mhz Pentium.
The assumption for both of these is that the computer is configured as a workstation. If the computer is a server in your office you should have 48M of memory more than the needed memory to run your server properly.
The application does not take up any hard drive space on your computer but for proper operation you should always try to have more than 300 MB of space on your C: drive. This should allow for proper operation of your browser.
We recommend that the professional advisor's office have a DSL internet connection or better.
We recommend that a client using the service have a 56K internet connection or better.
What browser should I be using?
For this online service we recommend that you use one of the following browsers:
Netscape Navigator 4.0 and higher
Microsoft Internet Explorer 4.0 and higher
Note: This service supports AOL 5.0 as an Internet Service Provider only with the use of one of the
Windows browsers listed above.
NOTE: With IE 5.5, users may sporadically receive "Security Alert" and "Security Information"
messages. These messages are not exclusive to this Web site. The problem stems from IE 5.5 not
recognizing the use of some Dynamic HTML as secure which is a departure from previous versions
of IE. Understandably, these browser messages can be rather unsettling; however, in no way are
these messages indicative of a compromise in the stringent security standards employed by this
Web site. We are committed to providing the securest operating environment possible, using multiple
layers of security including a 128-bit encryption SSL to protect your financial information and
Can I access this service by using America Online?
If you are in a Windows operating environment and are using America Online (AOL) as your
Internet Service Provider (ISP), you will generally receive better graphical presentations
of Web sites by using one of the following browsers:
Netscape Navigator 4.0 and higher
Microsoft Internet Explorer 4.0 and higher
You can use AOL as your ISP with one of the above Windows browsers by following these simple steps:
- Log into AOL
- Minimize AOL (click on the minimize button in the top right-hand corner of the screen)
- Open Netscape or Internet Explorer
- Input our Web site address in the location or address bar and press the Enter key on your keyboard.
In most cases, the Netscape or Internet Explorer browser can be found either on the desktop or under
Windows Start - Programs. If you do not have Netscape or Internet Explorer on your computer, you can
download the latest versions of either for free at the following Web addresses:
Microsoft Internet Explorer: http://www.microsoft.com/windows/ie/download
What type of software do I need to load on my network to operate the Connect2A service?
One of the benefits of the Connect2A service is that it does not require you to load any software on your office system.
Operating the system is as easy as logging on to the internet, going to www.Connect2A.com, clicking on "login" and then entering your User Id and Password. You are then ready to start using the service. First time users should go to "Member Admin", click on "Question Admin" and then you can either customize your questions or just click on "save" to save the set of default questions that come with the service. The default questions are the questions that our founders, attorneys Brian and Sidney Eagle, use in their law practice.
To learn more about customizing your questions and your budget items, go to www.Connect2A.com, click on "Demonstrations" and then review the tutorial on "Getting Started" or print the initial startup documentation at http://www.connect2a.com/C2Ademo.html#Docu
To review the reports that are part of the service, you must have Word, WordPerfect, Excel, or Adobe Reader. Adobe Reader is easily downloaded to your Computer after you login into the service by clicking on the Adobe logo.
What type of maintenance is required to operate the Connect2A service? What files do I backup?
No maintenance or backups are required. The Connect2A development team performs all software updates and data backups to the service. No software or updates are required to be loaded on to your office computer system. This is one of the advantages of using an Application Service Program.
Where are the Connect2A servers located?
The Connect2A servers are located in a secure room at the operations center at 8500 Keystone Crossing, Suite 555, Indianapolis, Indiana 46240.
Is the Connect2A data confidential?
Connect2A was founded by two attorneys, Brian and Sidney Eagle. Connect2A's confidentiality policy is based on the same standard as found in the legal profession's Rules of Professional Conduct, Rule 1.6 "Confidentiality of Information". Connect2A shall not disclose or share a client's data with anyone without the prior written or electronic authorization of a client. Connect2A policy is that the data is owned by the client and will use every precaution necessary to keep the client's data confidential.
For more on privacy and confidentiality, review our privacy statement at www.Connect2A.com/privacy.html
How do I incorporate the Connect2A service into my practice for my potential clients?
As of September 1, 2001, the law firm of Eagle & Fein began using the service for all of the firm's potential clients. Each potential client is given the option to complete the electronic form or a manual paper form prior to their initial meeting. Eagle & Fein's sample confirmation letter is at http://www.connect2a.com/C2Ademo.html#Docu. To incorporate the service into your practice, it is as simple as adopting the sample letter for your own use.
How do I incorporate the Connect2A service into my practice for my annual meeting clients?
At your annual meeting or prior to it, you can offer the service to your annual meeting clients by adopting the sample announcement letter for your own use. Eagle & Fein introduce the service to their annual meeting clients at the end of their annual meeting. The following is a sample script that you may adopt for your own personal use:
"I would like to share with you an exciting development in our practice. Do you have internet service? To better serve you, we harnessed the power of the internet and have incorporated into our practice an electronic database. To provide this service to you, we have entered into an alliance with Connect2A.com. Connect2A is an electronic database that allows both of us to enter your personal and financial data and update the same for our annual meetings. Because Connect2A is not us, to use this service for you, we must have your consent. With your permission, I would like to read the following announcement letter to you. After reading, if you are comfortable and confidence with using the Connect2A service, I will request that you sign the announcement letter granting us permission to use the service."
Annual meeting letter is at http://www.connect2a.com/C2Ademo.html#Docu
What if a client does not want their data on the internet?
First find out why. The client is always right! If the client does not want to use the service, do not use it for them. It is only a matter of time when all clients will mandate that you have a service similar to the Connect2A service. If the client objects because of security, see the answers to the questions about security concerns.
What should I say if:
My client asks about security?
Or A Client does not want to use the service because of security?
The best answer to a client who asks about security is to compare the service to a system of sending and sharing personal data that the client is confident and comfortable with, which is the U.S. Mail. The following is a sample script that you may use with a client:
" To better understand how secure the Connect2A service is, let's compare it to the U.S. Mail. For many years we have been sending private and confidential data in the U.S. Mail. When we look at the U.S. Mail system, we realize that it is not secure at all. Let's take a look.
Typically, we place the data in an envelope that is sealed. The envelope is then picked up by a mail carrier who we do not know. It then goes into the mail system, again touching the hands of many unknown individuals until it arrives at your local post office where it is then loaded onto the local mail carrier's truck. The local mail carrier, which we also do not know, then delivers the envelope to your mailbox that has absolutely no security. In fact, anyone could come up to your mailbox and remove your mail prior to you arriving home.
With Connect2A, the data is protected by 128-bit encryption (as of today, no one has ever hacked or broken 128 Bit Encryption) as it travels from your computer over the internet to Connect2A and then to our computer. Anyone trying to intercept it, would only receive unreadable information. When the data arrives and is stored in the Connect2A database, the data is kept separate and apart from the actual application. The application is the part that is directly connected to the internet. The application is the operations part of the Connect2A service that responds to the point and clicks that you make. Each request for data that is made in the application is a separate process that calls for the data in the database. Separating the data from the application, makes it virtually impossible for a hacker to break into the database.
Now, I cannot look you in the eye and tell you that the Connect2A service cannot be hacked into, but neither can I look you in the eye and tell you that your data sent in the U.S. Mail is secure. What I can tell you is that it is illegal to break into either system to steal your data!
In my opinion, the Connect2A service is more secure then the U.S. Mail. The only difference is that we are more comfortable and confident with the U.S. Mail. Which system do you think sounds more secure?
Is there anything else that can I add at this time? After our discussion on security, are you comfortable and confident with us using Connect2A to serve you?"
Is the Internet and Connect2A Service secure?
Connect2A.com, LLC and Internet Security Overview:
is a rapidly changing marketplace with a wide variety of goods and services
available online. Although financial institutions and the ABA (American Bar Association)
agree on the merits of Internet financial services, some consumers are concerned about security.
service is built on a foundation of stringent security policies, rigorously
tested technologies, and a highly trained and experienced staff. Our combination
of Internet expertise and in-depth knowledge in data collection and storage provide
a secure solution to consumer concerns. You may rest
easy knowing that personal and financial information will be protected with state-of-the-art
security every step of the way.
Secure Systems - Technology, Policies & People
Secure systems are a combination of technology, policies, and people. Our system is
designed with security as a dynamic feature of the product, not an afterthought or
add-on. The result is an architecture that utilizes a multi-layered approach to
information security, providing safeguards and guaranteeing privacy throughout the process.
This architecture offers client-server authentication, data integrity, complete
transactional privacy, and above all, resistance to all forms of "hacking" attempts.
Layered security means that, rather than relying on a single security measure, layers
of technology are utilized within the security architecture to distance the potential
"hacker" as far as possible from the core of sensitive information and resources.
Security Architecture - Multi-layered Approach
Every data input uses multiple layers of security and every layer adds
a different technology resulting in a trusted system that is monitored at all times.
The five basic layers are:
External Access/Firewall Layer
The Web Browser Layer
The first layer of online financial security is the 128-bit Secure Sockets Layer
(SSL) encryption between your browser and the Web Servers. SSL is the industry standard
that provides secure access to online financial services from anywhere on the Internet
using any current Internet browser.
SSL provides a secure channel for data transmission over the Internet. It allows for
the transfer of digital signatures to authenticate users and provides message integrity,
ensuring that your data cannot be altered en route. Browsers can also display a certificate
to the user about the source of a secure transmission. This assures Internet users that
they are communicating with the Connect2A service and not a third party trying to intercept
the transaction on the Internet.
Encryption changes everything that travels across the Internet during your online session
(including your User ID, password, the personal and financial information you enter and view
during your connection with Connect2A.com) into a string of unrecognizable numbers. Both our
servers and the browser you use to surf the Web understand the mathematical formulas, called
algorithms, that turn your personal and financial information into numeric code, and back again to meaningful
information. These algorithms serve as the locks and keys of your account information. While the
destination computer and your browser can easily translate this code back to meaningful language,
this process is an overwhelming, almost impossible task for unauthorized intruders.
There are two types of encryption commonly in use - "domestic-grade" or 128-bit encryption
and "international-grade" or 40-bit encryption. The difference between these two types of
encryption is strictly one of capability. 128-bit encryption is stronger than international-grade
encryption. Using 128-bit encryption, means there are 300,000,000,000,000,000,000,000,000 (a three
followed by 26 zeroes) times as many key combinations as there are for 40-bit encryption.
That means a computer would require exponentially more processing power than for 40-bit encryption
to find the correct key.
We provide the use of 128-bit encryption for all communications within the service to provide the
best security possible. In addition to browser encryption, there is server encryption for
users who log in with a browser that has only 40-bit encryption. The server will accept the
message and start a 128-bit encrypted session from the server end. This ensures that all your
transactions have the strongest level of encryption. To start a transaction, you enter an address
in the browser to send a secure message that is encrypted by SSL to a server. The server responds
by checking to see who you are (this is called authentication), comparing your encrypted User ID
and Password against an encoded list, and starting the session encryption. If, for any reason,
the secure session link is broken, the online session automatically terminates. Furthermore, when
your session is logged in with no activity within a 15 minute period, the Connect2A service will
"time your session out". This means you will have to log back into the service. This proceedure
provides an added security layer against someone accessing your data through a terminal that was
left unattended and logged into the service.
The External Network Access/Firewall Layer
Internet access through a properly configured firewall/router provides a point of defense.
This is a controlled and audited access path
to services from inside and outside the organization's private network. Access to the network is
selectively permitted from the Internet. Specifically, the firewall/router shields the server from any unauthorized
Internet traffic. Only messages addressed to the server in the correct language and to the correct door,
can pass through to the server -
all other traffic from the Internet is rejected. Extensive logs of network traffic,
provide auditing and security monitoring.
The third layer of security is the security embedded in the application. The application has been
written to prevent users who login into the system with a valid ID from viewing any information they
are not entitled to see. If attempts are made to view unauthorized data, the application will take
the necessary action to prevent further attempts.
The Internal Network Layer
The fourth layer of security - the internal network systems - prevent unauthorized users from
accessing any transaction data from the Internet by means of physical and logical access controls.
Transmission of your data on the internal network is encrypted between web servers and database servers.
The servers are exclusively used by Connect2A.com LLC and no other companies have access to our servers.
These servers are not used by any other applications other than the Connect2A. Access to these servers is limited to only the senior
The People Layer
The fifth layer of security is people. Internet security does not rely on technology alone.
Without everyone's participation, all the security systems and technology in the world are worthless.
Users must treat the User ID and Password for online accounts with the same care as an ATM or Credit
Card and PIN. In addition, users must make sure that no one is physically watching when you enter
your password. If you are logged in to the service, be sure to exit the browser when you leave the
computer unattended. We have taken the additional precaution of automatically logging out your session
if more than 15 minutes of inactivity occurs.
You should also take standard precautions to keep your system clean and free
from viruses that could be used to capture password keystrokes and financial information.
We take our responsibility with your data very seriously. Every person who has access to any data is trained in
the proper methods of divulging any information. Our procedures ensure we are always
talking to the appropriate person before any information is given out. We also will never send passwords
or personal information via unsecure e-mail. We would suggest that all users of our service do not send sensitive
information via e-mail.
We don't view security as something that is set up once and left alone. We
constantly monitor the security system to be sure that your information is safe and secure.
Any attempt to break into the system will be observed.
New advances in security technology are happening daily. We are continuously reviewing and enhancing security architecture
to ensure that our service provides the highest level of privacy and safety for you.
A Message from Our Chief Developer About Connect2A Security
Security of computer systems creates a great deal of concern for users and also allows for many fallacies. As a provider of a computer service we will address in general how our security works and also address some of the fallacies of security that exist.
The development staff follows "Best Practices" recommended by the SANS institute at http://rr.sans.org/index.php. The security methodology we use in maintaining the service is the "SKIP Method" provided by the CERT Coordination Center for Internet Security Expertise operated out of Carnegie-Mellon University at http://www.cert.org/. We spend approximately 50-60 hours a month performing security functions on the service. This includes updating servers, installing the latest security patches received from our software vendors, verifying and updating virus protection, and reviewing web and system logs for potential attacks against our service. We are constantly reviewing and updating the services' security features as advances in security technology become available.
Our security works in multiple layers. Connect2A's security objective is to make an outsider have to penetrate multiple layers that makes it difficult to breach the service's security. Thus we have designed the service so that a breach of security in one layer will not compromise the integrity or safety of the data.
Connect2A's first layer of protection is using 128 bit key encryption between our member's and/or their clients' desk top and the Connect2A service. This layer makes the Internet communication between members and clients secure. Although we cannot state that this security layer is impossible to breach, it is certainly more secure than unencrypted information and standard e-mail that is used every day. With current technology, it would take many years for an outsider to breach this 128 bit encryption layer, making it unproductive for an outsider to attempt it. This layer of protection is similar to what other on-line services are using such as: Banks, Brokerage Firms, and Insurance Companies. This makes our service significantly more secure than the typical unencrypted services and standard e-mail, which many of our members have used to share and send, personal and financial information, and legal documents.
The next layer of protection is to protect our web server that is connected to the Internet. It is likely that an outsider would attempt to attack our service through our web server. We have implemented the following security measures to significantly reduce the possibility of a breach of our security through our web server:
1. At Connect2A, we have dedicated servers that are not co-hosted with any other companies.
2. A firewall or equivalent hardware/software is in place to prevent all unauthorized types of traffic from reaching the server. This only allows web traffic to reach the web server and blocks out all other types of traffic.
3. We run a minimum amount of software and services on the web server thus leaving fewer possible holes for outsiders to exploit (this means word processing and e-mail are not loaded on this server).
4. We have installed and updated virus protection software on the server to prevent hostile files from being put on the server. We run periodic checks of all files for viruses and also run real time scanning to make sure that whenever a new file is put on the server it is automatically scanned for viruses.
5. We create and review audit logs of web activity to see if unusual activity has occurred through the web server. We also review the system logs for unauthorized/improper login attempts and other unusual activity occurring on the actual server.
6. Finally, we have used "Best Practices" in terms of length and complexity of passwords on our servers and our account lockout policies. This should minimize outsiders' opportunity to brute force or to dictionary attack the web server accounts.
Our third layer of protection is to place all sensitive personal and financial data on a separate server from the web server. The following steps have been taken to isolate the data:
1. We read security bulletins for the new software being used and when notice is received, we update all software patches on a timely basis.
2. All network traffic between our web server and database server use encryption, so that even if another computer that is on the same network were compromised, the outsider would be unable to view the network traffic being passed over the network cables.
3. We regularly review logs on the database server to see if there are any unusual attempts to access the database or the database server.
Our biggest risk to the Connect2A service and most e-commerce solutions is NOT from someone "Hacking" into the service, but from someone giving out a user ID and Password by mistake i.e.: "Social Engineering". At Connect2A, have policies regarding exactly how to give out passwords and how to confirm to whom we are talking. We have written the service so that clients must change their password once they login to the service, thus all advisors will not know their client's password. Advisors do not have access to the Client's Password after a client enters into the service and an advisor cannot print a client's User ID and Password on ANY report that can accidentally be misplaced. Only two people at Connect2A are allowed physical access to the actual application servers. This minimizes the chance for social engineering at Connect2A, since only these two people would know the passwords to login to the servers and would never have a need to give out access.
The Connect2A application is written to minimize unauthorized access to data. The application will only allow five bad attempts on a password before it locks out the account. A client then needs to contact their professional to reset the password or a professional needs to contact Connect2A to reset the password.
We are in the process of adding new functionality to the service, which will track changes to the data. These enhancements will allow professionals and clients to know when anyone makes critical changes to the data as well as provide an audit trail of these changes over time.
The security of the service is not something we take lightly at Connect2A. If professionals or clients have concerns about the security or want additional technical information, we will be happy to address all concerns and answer all questions. Please call us at 317-222-1886 or e-mail us at support@Connect2A.com.
Paul Beck, Chief Developer, October 10, 2002
For more on Connect2A's security and privacy, review our security statement at www.Connect2A.com/Security.html and our privacy statement at www.connect2a.com/privacy.html
What are some common fallacies that exist in the security of systems and the internet?
One fallacy is that if a computer is not attached directly to the Internet, it is safe.
1. This is only true if it is a standalone computer and not part of a network. If a computer is attached to any other computer on a network that is on the Internet via dial-up or broadband, then it is vulnerable. It boils down to the weakest link. It only takes one computer to allow other computers to become insecure. Yes the computer is less vulnerable than being directly connected but it is still vulnerable. There are several remote control software products that allow outsiders to take over a computer and use it as drone to attack other computers. Good current virus protection software will protect you against most of these programs.
2. A good rule of thumb is unless you have taken steps to prevent it, if you receive e-mail, all computers on the network you use could be compromised.
3. With the advent of wireless networks, even if a network is not on the Internet, if the network uses wireless communication you may open the network too uninvited guests.
Another fallacy is "I have a firewall so my computers are protected." The error in this thinking is as follows:
1. The firewall must be properly configured to do exactly what you think it should do for your office. It is worse to have an improperly configured firewall than no firewall. With an improperly configured firewall, one assumes their systems are secure even though they are not. At least with no firewall you know the system is not secure.
2. The point of being on-line is so you can receive e-mail or run a web server or access the outside world. If you are doing these things, you need to make sure that as soon as a software vendor releases a security notice on their product, you install it. If this is not done, the firewall cannot stop an intruder from accessing software problems. Examples of this would be not patching your e-mail software, your web server, or your browser. You want that traffic to get to your workstation or server so the firewall is allowing it through.
What desktop software solutions does the Connect2A service have Import/Export capabilities to?
Currently we export to the following software products:
Goldmine, Outlook, Time Matters, FundingPro, WealthCounsel Practice System, Financial Profiles, and Professional Back Office
Currently we Report data in a usable format to:
PDF, Excel, and RTF (For MS Word and Word Perfect)
On our Short development list to add for exports/imports:
CounselWare, CCH View Plan, SettlementPro, TrustPro, Word, WordPerfect, Excel, Amicus Attorney, and Lacerte Tax Preparation
We are adding Import/export capabilities on a regular basis. Please let us know which desktop software solutions you would like us to export to.
What happens to the data if I cancel my membership or Connect2A goes out of business?
If you cancel your membership or Connect2A goes out of business, you will have the opportunity to export the data to your desktop. Once the data is on your desktop system, you can use it in any manner that you desire.
Does each member of my staff need to have their own password?
Currently we use one password per office. Shortly, a member will be allowed to add up to four additional "staff" passwords. A staff member may be a legal assistant, funding coordinator, or an associate attorney. There is no additional charge for up to four (4) additional staff passwords per member.
Does each one of my professional associates in my office need to have their own password?
A partner attorney or associate attorney may be added as a staff member. However, only the member attorney will appear when the client adds you as an advisor to share data with. If each attorney wants his or her own name to appear, each attorney will need a separate membership.
Can I load Connect2A onto my server and run it as my "own" system?
One of the benefits of Connect2A is that it is an application service that does not require you to load any software on your server. In addition, there are no updates for your office to maintain.
A license to run Connect2A on your own server is currently not available.
The maintenance of the system and the cost to license the system for your own server is cost prohibitive. In addition, the data in your system could not be shared with other members in the Connect2A system.
Please call us at 317-222-1886 or e-mail us at support@Connect2A.com with any questions.