Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA BYOD & Cyber Risks Presenter: Robert Listerman, CPA, CITRMS © Business Technology Resources, LLC June 26, 2014

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Robert Listerman (Bob) is a licensed Certified Public Accountant, State of Michigan and has over 30 years of experience as a process improvement business consultant. He graduated from Michigan State University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member firm of Deloitte & Touche USA LLP Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The Institute of Fraud Risk Management in The designation is in recognition of his knowledge and experience in identity theft risk management. Today Bob focuses his practice on data security compliance. Over 50% of identity theft can be traced back to unlawful or mishandling of non-public data within the workplace. Currently Bob serves his professional community as an active Board Member for the Institute of Management Accountants (IMA), Mid Atlantic Council “IMA-MAC.” He is currently servicing as President of IMA-MAC ( ). He is a regular seminar presenter for the IMA, Pennsylvania Institute of CPAs (PICPA), and the Michigan Association of CPAs (MACPA). Bob serves on, and is a past chair of the MACPA’s Management Information & Business Show committee which enjoys serving over 1000 CPAs in attendance each year. He is Continuing Education Chair of the PICPA’s IT Assurance Committee. Bob serves his local community as a member of the Kennett Township, PA Planning Commission, Communications, Business Advisory, and Safety Committees. He is an active board member of the Longwood Rotary Club. He serves his Rotary District 7450 as their Interact Club Chair (Rotary in High School) since Past professional and civic duties include serving on the Board of Directors for the Michigan Association of Certified Public Accountants ( ), past board member of the Delaware Chapter of the IMA and past Chapter president for the IMA Oakland County, Michigan ( ).

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Convenience = Productivity  Who wants to juggle more than one portable device?  Who’s device are you going to know how to work better?  Which device are you most likely to have with you when you need it? 3 out 4 employees would rather use their own device to connect to work according to Forester Research.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA It makes sense for the employer:  74 % of IT leaders believe “BYOD help our employees be more productive”  58 % of those surveyed cite employee satisfaction is a prime benefit of BYOD. Source: Intel Corporation Survey

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA  The operating systems and form factors of consumer technology are rapidly changing  The lines between “on the clock” and “off the clock” have been irrevocably blurred  Having your device 24/7 allows balancing “work life” with “home life”  Don’t need a company-issued device on top of the one they already own (which they really want to use in the first place)  Nobody wants to be that person with two smartphones stuffed in his or her pocket.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA  BYOD isn’t just coming, it’s already here. –Just as employers had to deal with the challenges of social media like Facebook, LinkedIn and Twitter, just to name a few in recent years now BYOD is also the reality that needs to be addressed. –Just saying “no” is not the best solution. When it’s enviable according to Gartner Research that “by 2018, 70% of mobile users will conduct all their work on personal smart devices.” ? How many here, in this room, use a personal device, whether it be a laptop or “smartphone” to connect to their work , shared data files, or other internally available processes?

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Reasons BYOD May Be A Bad Fit 1.Staff resent paying for their own phones, laptops, or tablets 2.It won’t cut your costs after analysis of your requirements 3.It can make life harder for the IT department – i.e. bad fit 4.Corporate-issue IT makes sense for the same reason schools have uniforms 5.Too many security issues to manage

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Reasons BYOD May Be A Bad Fit 6.Data loss—yours and theirs 7.Short-term gain, long-term pain? 8.It’s a licensing—and legal—minefield 9.Consumer devices will hurt productivity 10.Your staff doesn’t care about gadgets

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA  Malware infects the network when employee logs in  Employees unknowingly installing:  Rogue applications or  Unlicensed software, which can violate copyright compliance laws  Using unsecured wireless connections to send and receive company data  IT staff compromise employee’s personal security on device  Unknown third-party accesses via mobile apps  Stolen, lost mobile devices leak data Security Concerns

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA  “51 percent *of the organizations surveyed experienced data loss resulting from employee use of insecure mobile devices.”  “58 percent* of organizations surveyed have experienced an increase in malware infections as a result of personally-owned mobile devices used in the workplace.”  “56 percent* say that more confidential data has been lost as a result of these devices.” The challenge is managing numerous fragmented operating systems within the company network. Apart from general network configuration issues, this fact could pose a real exposure for companies using security software not designed with BYOD in mind. Cyber Security Risks for BYOD * Ponemon Institute

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Challenges In Supporting BYOD  Managing numerous fragmented operating systems  General network configuration issues  Real exposure for companies using security software not designed with BYOD

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA ChallengeRemarks Device ProvisioningNeed automated provisioning for device Device ManagementNetwork tools can see who’s on board SecurityTied to defined user privileges Network SaturationNetwork tools allocate bandwidth resources Trouble ShootingNetwork monitoring alerts (example follows) User PrivacyOpening Personal Doorway to IT BYOD Challenges

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Source: Cisco web lecture BYOD - Impact on Infrastructure

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA BYOD Deployment Guidelines  Plan for Implementing a BYOD Solution  Develop, Write and Implement a BYOD Policy  IT Capable of Provisioning Infrastructure and Devices  Proactively Manage and Troubleshoot Mobile Devices

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Outlining a BYOD Policy  Build an Internal Team –A good approach is to draw together an interdisciplinary team of a customer’s HR, finance, legal, security, privacy, and IT leaders  Create a Customized Program –Create a robust BYOD Policy Statement, and an accompanying Employee Participation Agreement. The Agreement sets clear expectations with employees, and promotes their voluntary compliance with enterprise and security policies, while protecting employers.  Implement a BYOD Program –With BYOD policies in place, organizations can improve the productivity of their mobile workforce as well as start saving money on phones, data plans, and IT labor costs spent on support.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Deliverable  Complete Policy Statement Based On The Results Of A Workshop Conducted Onsite with the Cross-Functional Team  Employee Participation Agreement  Policy Statements Can Be Incorporated Into Provisioning Tools Used to Monitor Mobile Device Access

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Scope of BYOD Policy  Regulatory Requirements and Constraints  BYOD Program Eligibility  Financial Parameters and Reimbursement Model  Allowable Devices  Carrier Plans  Approved Uses  Security and Enforcement  End User Support Model

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Some BYOD Solution Vendors (many many more)

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Future of BYOD While security teams are getting a grip on smartphones and tablets through basic mobile device management (MDM), enterprise mobility requirements continue to evolve. To address these advanced needs, better integrated and more granular MDM tools are emerging. Like any other technology, it will constantly improve and change as devices change.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA a.k.a: the “CLOUD”

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA The Internet “Web ” Topography

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Prize for first person who raises their hand AND can identify what these numbers are!

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA IP Tracer Source:

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA THE PROBLEM YOU DIDN’T KNOW YOU HAVE IT Administrators harden their networks by building walls with Anti-Virus software to keep out the bad guys The Result is that Anti-Virus software can’t keep up and the bad guys are already inside your walls The Problem is that 76,000 new malware strains are released into the wild every day The Problem is that 73% of online banking users reuse their passwords for non- financial websites

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA STOLEN CREDENTIALS EXPOSE YOU TO UNKNOWN RISK 30,000 The number of new malicious websites created every day 1 80% Of breaches that involved hackers used stolen credentials 14% Of data breaches were due to employees using personal accounts 2 SOURCES: 1. Sophos, 2012; 2. Verizon Data Breach Investigations Report, % of network intrusions exploited weak or stolen credentials. 2

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA MALWARE EVADES TRADITIONAL ANTI-VIRUS SOFTWARE 200,000 – 300,000 The estimated number of new viruses discovered each day 1 52% Of malware in a recent study focused on evading security % Antivirus software’s average detection rate for based malware attacks 3 40% Of malware samples in a recent study went undetected by leading antivirus software 2 SOURCES: 1. Comodo Group, 2012; 2. Palo Alto Networks, Krebs on Security, 2012

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA DO YOU KNOW WHAT THESE ARE? "automatedtest", "automatedtester", "bagle-cb", "c_conficker", "c_confickerab", "c_confickerc", "c_pushdo ", "c_trafficconverter", "c_zeroaccess", "childpredator", "citadel", "condo", "cutwail", "d_tdss", "darkmailer", "darkmailer2", "darkmailer3", "darkmailer4", "darkmailer5", "deai", "esxvaql", "fakesendsafe", "festi", "fraud", "gamut", "gheg", "grum", "hc", "kelihos", "lethic", "maazben", "malware", "manual", "mip", "misc", "netsky", "ogee", "pony", "relayspammer", "s_kelihos", "s_worm_dorkbot", "sendsafe", "sendsafespewage", "slenfbot", "snowshoe", "spamaslot", "spamlink", "spamsalot", "special", "spyeye", "ss", "synch", "w_commentspammer", "xxxx", "zapchast", "zeus"

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA ANATOMY OF A SPEARPHISHING ATTACK Target Victim Target Victim 1 1 Install Malware Install Malware 2 2 Access Network Access Network 3 3 Collect & Transmit Data 4 4 Breach Event Breach Event 5 5

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CASE STUDY: Target Corporation Nov. 27 – Dec Hacker execute extended attach against Target’s point-of-sale system Dec. 18, 2013 News of the breach is reported by data and security blog KrebsOnSecurity Dec. 20, 2013 Target acknowledges the breach, saying it is under investigation Dec. 21, 2013 JP Morgan announces it is placing daily spending caps on affected customer debit cards Dec. 22, 2013 Customer traffic drops over the holiday season, resulting in a 3-4% drop in customer transactions Jan. 10, 2014 Target lowers its fourth- quarter financial projections, saying sales were “meaningfully weaker-than-expected ” Current estimates of the total financial impact to Target is $200 million Target provided affected individuals with 12 months of identity theft protection and insurance coverage 110M user accounts compromised, exposing credit and debit card numbers, CVN numbers, names, home addresses, e- mail addresses and or phone numbers

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA “Ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system.” Molly Snyder, Target Corporation January 2014

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Attack on Vendor Set Up Breach at Target* * Source: The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware- laced phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA THE PROFILE OF AN ATTACKER The malware used to hack Target’s POS system was written by a Ukrainian teen Andrey Hodirevski from southwest Ukraine carried out the attack from his home The card details that he stole were sold through his own forum as well as other communities CyberID-Sleuth™ investigated the breach when it occurred and was able to verify various discussions and identifiers pointing to this suspect

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ PROVIDES MORE THAN AUTOMATED ALERTS Credential Monitoring Identifying addresses from a corporate domain that have been hacked, phished, or breached IP Address Scanning Identifying devices in a corporate network connected to a known malware command and control server Doxing awareness and hacktivist activity monitoring Locating the individuals and exchanges involved in intellectual property theft Hacks, exploits against networks, glitches, leaks, phishing/keylogging monitoring Identification of communities targeting brands, networks or IP addresses Identification of intellectual property distribution Identification of individuals posing a risk to any IP address

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ IDENTIFIES PROVIDES EARLY WARNING AT TWO POINTS CyberID-Sleuth™ scours botnets, criminal chat rooms, blogs, websites and bulletin boards, Peer-to-Peer networks, forums, private networks, and other black market sites 24/7, 365 days a year CyberID-Sleuth™ harvests 1.4 million compromised credentials per month Dark Web Dark Web CyberID-Sleuth™ identifies your data as it accesses criminal command- and-control servers from multiple geographies that national IP addresses cannot access CyberID-Sleuth™ harvests 7 million compromised IP addresses every two weeks

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth ™

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA REMEMBER WHAT THESE ARE? "automatedtest", "automatedtester", "bagle-cb", "c_conficker", "c_confickerab", "c_confickerc", "c_pushdo ", "c_trafficconverter", "c_zeroaccess", "childpredator", "citadel", "condo", "cutwail", "d_tdss", "darkmailer", "darkmailer2", "darkmailer3", "darkmailer4", "darkmailer5", "deai", "esxvaql", "fakesendsafe", "festi", "fraud", "gamut", "gheg", "grum", "hc", "kelihos", "lethic", "maazben", "malware", "manual", "mip", "misc", "netsky", "ogee", "pony", "relayspammer", "s_kelihos", "s_worm_dorkbot", "sendsafe", "sendsafespewage", "slenfbot", "snowshoe", "spamaslot", "spamlink", "spamsalot", "special", "spyeye", "ss", "synch", "w_commentspammer", "xxxx", "zapchast", "zeus"

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Zeus Infection targeted towards multiple entities within the Hotel Industry within India CyberID-Sleuth™ identified a targeted Zeus campaign which appears to have been focused and distributed to Hotel chains, mainly within the India region. The attack in question caused active compromises against a number of systems. CyberID-Sleuth™ ’s main focus is the type of data often held within Reservation and other Hotel systems. Personal information such as credit card data, as well as passport scans or copies, are often held on Hospitality systems and the data identified next highlights that these same systems are compromised and under direct control of malicious actors. CyberID-Sleuth™ CASE STUDY ACTUAL CREDENTIAL DATA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ IDENTIFIES ACTUAL MALWARE VARIANT Infection Type: Zeus Infection - V2.1 Payload: Theft of all credentials, Key logging of all data, Remote access to devices Total Infection Count: 487 Total Credential Count: ( including duplicates ) Command and Control (C2) Domain: matphlamzy.commatphlamzy.com

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA bwstarhotel.combwstarhotel.com ,('92', 'RSV1_E532648A3D69E5DE', '-- default --', ' ', '', '', ' ', ' ', '0', '±\0\0', '1033', 'C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE',\\Program 'RSV1\\owner', '101', ' ', 'ID', ' ') Date extracted and listed below is related to valid and legitimate accounts which are still active. These are not passwords taken from Breach events or other untrusted sources. They are taken directly from devices that are still infected/compromised!

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA bwmegakuningan.combwmegakuningan.com ('447', 'USER-PC_E532648A F', '-- default --', ' ', '', '', ' ', ' ', '0', '±\0\0', '1033', 'C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE',\\Program 'user-PC\\user', '101', ' ', 'DE', ' ')

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ IDENTIFIES ACTUAL CREDENTIAL DATA townsquare.co.id - ' ('453', 'RESERVATION_1F3D59E96522DF69', '-- default --', ' ', '', '', ' ', ' ', '0', '± \0', '1033', 'C:\\Program Files (x86)\\Microsoft Office\\Office12\\OUTLOOK.EXE',\\Program\\Microsoft 'TSPDC\\vitha', '101', :110/' :110/', ' ', 'ID', ' ')

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Over 257 unique credit cards were stolen during the attack. CyberID-Sleuth ™ identified the botnet, which was made up of infected devices. CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS Q. How many credit cards were captured? Q. Specifically what data did it steal and report back that you could see? CyberID-Sleuth ™ could see EVERYTHING that was entered on a user’s device or saved as a password or credential. Q. How much did this breach cost the client? No “price” could be put on the damage caused to a victim after a fraudster has stolen their credentials. The data stolen would allow the fraudster access to internal systems, either via the stolen credentials or via backdoor access to affected systems.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Q. What data about the attacker were we able to find? Limited details. Any information about the attackers are not shared with clients unless a directed attack, and is only shared with US and UK Law Enforcement. Q. How did the authorities use the data to capture the intruders The individual responsible for running the botnet in question is so far still at large. CyberID-Sleuth™ CASE STUDY ANATOMY OF THE FINDINGS

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA CyberID-Sleuth™ Credential Monitoring Demo * * Let us see if your credentials are for sale, at no obligation Tier I

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA A STANDARD RESPONSE TIMELINE SHOULD BE FOLLOWED Incident Detection / Discovery Incident Notification & Resolution Remediation Efforts Internal and External Communication of Event, Reaction, and Remediation Notification Capabilities Go Live Coordinate Breach Notification Copy and Distribution with Breach Remediation Vendor Establish internal or third party communication channel to affected population Contact and or activate contract with Data Breach Remediation Vendor Prepare Internal and External Communication Plan & Copy Determine Organization’s Public Response Plan (including notification type, verbiage, and remediation offering if any) Implement Breach Response Plan Determine total scope of event, size of affected population, type of data lost or compromised, necessary legal and industry specific guidelines Activate technical / security focused breach response team processes and procedures based on Data Breach Plan Initial Internal Reporting, notifications, and security triage of the “event” Assessment Efforts Plan Ahead By Forming a Breach Response Plan CyberID-Sleuth Tiers II & III

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA RECOMMENDATIONS TO REDUCE DATA BREACH EXPOSURE & COSTs Promote Employee Data Management Training & Education Require GC / CISO and their teams to understand industry, state, federal, and event specific data breach response guidelines and recommendations Establish an internal data breach response plan and process flow Prior to a data breach event contract with a data breach remediation, notification, and or forensics provider Utilize and maintain available data loss prevention technologies such as CyberID-Sleuth™ Require advance encryption and authentication solutions be in place across the organization Contractually require notification from vendors who manage data from your organization to alert you of they incur a breach of any data Support enactment of legislation that clearly dictates rules and guidelines for organizations to follow in advance of, and following a data breach event

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Take this 20 Question Assessment to Score Your Risk Level

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Remember to ask us to do a no-obligation credential search for you 2.Allow us to give you the 20 Question Assessment Score on your risk level