Protecting Your Information

At the BCMEA, the security of your personal and private information is of utmost concern. We are committed to keeping your confidential information as safe as possible. While the BCMEA utilizes strong internal measures to protect the security and privacy of your information, there are important steps you should take to help protect your information when using the BCMEA website(s).

THIS SECURITY INFORMATION MAKES RECOMMENDATIONS AND SUGGESTS BEST PRACTICES WHICH USERS MAY FOLLOW AT THEIR OWN DISCRETION. ALL TERMS OF THE WEBSITE USAGE POLICY GOVERNING THIS SITE ARE STILL APPLICABLE.

You play a critical role in keeping your personal information protected. Please review each security section below and become familiar with the measures taken to protect your on-line information as well as the steps you can take to help secure your on-line experience.

Strong Encryption Requirements

The BCMEA web systems require that you have 128-bit encryption, the highest level of encryption generally available today, installed on your browser. When using this encryption, all data sent to the BCMEA website(s) is scrambled and then de-coded. We do not transmit personal and/or private data over any non-encrypted connections.

Your BCMEA website(s) session is protected in a "secured" network environment through Secured Socket Layer (SSL) encryption. SSL technology is used within your session to encrypt your personal information before it leaves your computer to help ensure no one else can read it. Depending on your browser setting, a pop-up window will appear to notify you that you will be entering a secured page. You will know when you are on a secured BCMEA page when you see the "https://" before the web address. A padlock symbol in the lower right hand corner of your browser window will also be present. This padlock indicates that your BCMEA on-line session is in a "secured" environment.

Protecting Our Internal Systems

The BCMEA protects the security of your personal information at all times.  We have taken reasonable measures to protect our internal computer systems from unauthorized access. To protect our systems from public Internet traffic, firewalls are used. Firewalls are a combination of computer hardware and software that separate the Internet from the BCMEA's internal web servers and computer systems. Firewalls prevent unauthorized Internet traffic from accessing our web servers and internal systems, thereby protecting your information and transactions.

Limiting Unauthorized Access To Your On-Line Session

The BCMEA web systems use "timed log-outs" on all of our websites. This means that on-line sessions are terminated after 20 minutes of inactivity. Once the BCMEA website has ended your session, you will be required to re-enter your username and password. "Timed Log-Outs" protect you against unauthorized access.

Intrusion Detection Systems

The BCMEA websites employ state-of-the-art network based IDS (Intrusion Detection Systems) to secure the integrity of our network by ensuring that unauthorized traffic cannot pass though our systems undetected.

What Can You Do To Protect Your Information?

As an Internet website user, you play an important role in protecting your personal and private information. In addition to a myriad of website technologies we use for secure exchange of personal data, you play a significant role in configuring your own computer to maximize its security environment. The following is a checklist to ensure that your system conforms to known "security best practices".

	Two pieces of key information must remain confidential to you - your username and password. Passwords must be kept confidential at all times and not be disclosed to anyone. BCMEA staff and related personnel will NEVER ask for your passwords.
	The auto-complete function on your browser should be disabled to avoid the automatic completion of your username and password when you type in the relevant fields.
	Passwords should be changed on a regular basis (at least once every 30-60 days).
	Passwords should be memorized and NOT be written down or stored in the computer hard disk, diskettes or other insecure devices.
	Ensure that the browser and application software used is upgraded to support 128-bit encryption or a higher encryption standard.
	Whenever you are logged-on to a secured BCMEA website(s), check that the bottom right corner of the screen shows a secure symbol of the lock.
	If you suspect any unusual account activity or that your password confidentiality has been compromised, please change your password immediately and contact our Support line.
	Before you logon to BCMEA websites, for security purposes, ensure all other Internet sessions, i.e. browser windows, are closed.
	Always remember to log out properly (by clicking on "Log out" instead of simply closing the window with the x on the top right corner of the screen) from your BCMEA session before visiting other websites.
	Remember to close the browser window after you have logged-out of your session.
	Whenever security updates and patches are made available by your computer or browser vendor, always ensure that you download and apply them as they are designed to provide you with protection from known possible security problems.

Use "Supported" Products To Access BCMEA Systems

The BCMEA Development team performs security audits of our applications, operating systems and services on an on-going basis to ensure that all components comply with the highest standards of security and best practices. We do not recommend accessing our systems with "unsupported" products.

Microsoft Internet Explorer© 5.x or higher Microsoft Windows© NT, 98, 2000, ME, XP   Mozilla Firefox© Internet Browser Netscape© Internet Browser Apple Macintosh© Operating Systems Linux Operating Systems

Keep Your Computer Secure

Installing virus detection software on your computer is a good computing practice that protects your information from being corrupted or accessed by unauthorized users. This software needs to be updated often to ensure you have the most current protection available. To further protect yourself from viruses or other unwanted problems, do not open e-mail attachments from unknown or untrustworthy sources. Do not install unlicenced software, or software from an unknown source. Make sure you know anyone who uses your computer and limit unauthorized access.

Logon and Password Feature

To help make accessing your BCMEA website account more secure, we require you to obtain your personal and confidential password to logon to the BCMEA secured website(s). This information is then authenticated by the BCMEA website(s) to verify who you are before providing access to the system.

Should too many failed login attempts be detected, the account will be locked automatically and you may have to contact the password reset telephone line to have the lock cleared. This step is required to protect your account from random password attempts.

Your Password

Your password is the key to your on-line account information. Protect and change your password on a regular basis every 30-60 days is recommended. Create a password that is unique to you and that cannot be easily guessed by someone else. Create a password that contains a combination of both letters and numbers. Do not associate your password with anything personal such as names, birthdates, telephone numbers, or other familiar words. Memorize your password and never write it down, electronically store, or reveal it to anyone.

Note: No one at BCMEA will ever ask you for your password. Never give out personal information to anyone on the telephone or from a website unless you have verified the credibility of the source and/or have initiated the call to a trusted source.

Disable The Autocomplete Feature On Your Browser

Disable the 'AutoComplete' function to prevent others from seeing your logon information each time you use the web site(s). On Internet Explorer for example, the 'AutoComplete' function remembers data you have input including your passwords on frequently used sites. Check the User Guide for your computer setup to get instructions, or go on-line to the manufacturer's website.

Protecting Your Identity On-line

Install commercial-grade firewall software on your computer to help prevent unauthorized individuals or information from entering your computer system. This is especially important on computers that use a broadband connection to access the Internet (Cable modems or DSL). Since your Internet connection is alive when your computer is on, the risk for malicious activity to your computer increases.

Run a current updated anti-virus program on your computer frequently. Anti-virus software can scan your incoming and outgoing e-mail and attachments for computer infections like worms, viruses, Trojan Horses and other malicious code that can affect your computer files and operation.

Keep your software current and apply all security patches for your computer operating system (e.g. Microsoft Windows) to keep security information current.

Be aware that there are phony websites designed to trick consumers and collect personal information. Verify the source of your e-mails and only open e-mail that you expect. Always run anti-virus software before opening e-mail.

"Password protect" your computer to prevent unauthorized individuals from accessing your information.

How Do I Know If I Am Connecting To The BCMEA And Not To Other Parties?

You may check the validity and owner of the encryption certificate. Using the "supported" Internet Explorer browser, double-click the security lock icon at the bottom right of your session window (you may need to enable the status bar if it cannot be seen). In the General tab, the Certificate Information should state who it is issued to (e.g. employers.bcmea.com) and when it is valid for. The certificate should still be within the valid period.

Using The BCMEA Website(s) Via A Public And/Or Shared Computer

Avoid using the BCMEA website(s) at Internet cafes, libraries, and other public sites to avoid your information from being copied, traced, or re-entered after you leave.

If you must use a public computer, please take the following precautions:

Disable the "AutoComplete" on Internet Explorer.

Please remember to log-out of your session and close all browser windows.

Why Do I Need To Accept "Cookies" To Access The BCMEA Website(S)?

A cookie is a text file that resides on your computer. In order to provide a more stable and personalized experience, BCMEA website(s) use two types of cookies as part of the interaction between your browser and the websites:

Persistent Cookies:

A "Persistent Cookie" is used frequently throughout the website(s) to track usage of our latest information, news bulletins and to ensure that users are receiving personalized and up-to-date information. This cookie does not contain any private information.

Per-Session Cookies:

A "Per-Session Cookie" assigns a session id when you log-on and stores it in your PC's temporary memory (RAM). This session ID is used to establish and validate your PC during your session. When you log-off from the website(s), the "Per-session Cookie" is removed. These cookies also do not contain any private information.

If your browser prompts you when a cookie is "served", you must accept it in order to access BCMEA website(s). Since cookies are site-specific, only BCMEA website(s) can access, decode and make use of the information.

Logoff And Close Browser

Always remember to log-off from the website(s) and to close your browser when you have finished visiting secure websites. Please ensure that you use the "Logout" functionality of the websites and not the [x] button on the top right corner of the browser window. This may help prevent others from being able to view your on-line information at a later time. Please contact us immediately if you suspect any unusual account activity.

Test Your Computer For Security Vulnerabilities Regularly

There are several commercial tools currently available on the Web that you can use to test your computer system for security vulnerabilities. For example, if your system is not configured properly, it may be easier for hackers and intruders to break in.

Stay up-to-date with the latest security events and incidents and make sure that you stay current with all security updates/patches and fixes that become available from the vendors.

For further details of how to protect your computer systems please visit the Microsoft security web site.

Terms and Definitions

Anti-virus Software

Commercial-grade anti-virus software should be installed on your home computer and laptop to scan e-mail and files on your computer for potential viruses that may be attached. If a virus is detected, you are notified immediately and the anti-virus software will prevent the e-mail or file from being sent to you before it's opened. You should run your anti-virus software frequently to prevent computer infections like viruses, worms, or Trojan Horses from entering your computer system. Purchase a program that automatically upgrades your virus protection on a regular basis.

Browsers

A browser is a software application that works with the Internet to provide a way to view, find and interact with websites and web pages. As new versions of browsers are developed, users will be able to experience a full multimedia spectrum, including text, graphics, sound, and video.

Cable Modem

Cable modems provide high-speed Internet access using cable television networks. They use either the traditional coaxial cables or newer fiber optic cables for the transmission of data. Cable modems offer continuous connection to the Internet without having to dial into an Internet Service Provider (ISP) each time you wish to connect to the Internet.

Cookies

Cookies are pieces of information stored directly on the computer and provide a more efficient and more personalized experience at a website. The BCMEA website(s) do not store any personal information in the cookies.

Digital Certificates

Like a driver's license or passport, Digital Certificates allow individuals or organizations on the Internet to verify each other's identity to prevent unauthorized access. A Digital Certificate is a randomly generated set of characters that a computer sends to your browser. The browser on your computer stores this information and uses it as a digital stamp to certify the authenticity of the information sent to you and as a means of establishing identity. You may see a Digital Certificate issuer logo at the bottom of a browser page for your reference.

Encryption

When you establish a connection to the BCMEA secured website(s) the information you enter on-line is "encrypted" or transformed into a string of unrecognizable characters before being sent over the Internet, likewise information coming from the BCMEA websites are encoded and decoded by your browser. This helps to keep the information between the BCMEA computer system and your Internet browser private. Your session is in a secured "encrypted" environment when you see "https://" in the web address and/or when you see the locked "padlock" symbol at the bottom right corner of your browser window.

Firewall

Firewall software can be installed on company and home computers as a barrier against hackers and viruses. Firewalls are used to filter potentially destructive information or prevent unauthorized access. This is especially important on computers that use a broadband connection to access the Internet (Cable modems or DSL). Since your Internet connection is on when your computer is on, the risk for malicious activity to your computer increases.

Keystroke Capturing

Keystroke Capturing or "keystroke logging" is a surveillance tool that is used to record the keystrokes of unsuspecting victims in order to determine password and logon information which can be used for fraudulent purposes.

Plug-in

A plug-in is a software module that adds a specific functionality to the web browser. Plug-ins for Internet Explorer allow the browser to display various types of audio and video messages. For example, the popular Adobe Acrobat (PDF) Plug-in is used for viewing files and reports.

Secure Sessions

Your on-line sessions are protected in a "secured" environment which use Secure Socket Layer (SSL) technology to encrypt your personal information before it leaves your computer to help ensure that no one else can read it. You will know that you are on a "secured" page when you see the "https://" before the web address. You will also see a padlock symbol in the lower right hand corner of your browser window. Commonly, a closed padlock indicates that your on-line session is "secured" by encryption to protect your personal information.

Server Authentication

When you logon to the BCMEA website(s) that requires authentication, you usually input a specific username and password to gain access to your personal information. The encrypted information then passes through a rigorous test on BCMEA computer systems to ensure proper authorization before your personal information is displayed.

Security Holes/Bugs

Security holes/bugs are often faults, defects or programming errors exploited by unauthorized users to access computer networks or web servers from the Internet. As these holes or bugs become known, software publishers develop "patches," "fixes" or "updates" users can download that usually fix the problems.

Session Time-outs

For your added on-line security, BCMEA uses a session time-out feature. If your BCMEA Internet session is idle for a given amount of time, it is ended automatically. This helps ensure that your on-line session is in a "secured" environment and that the personal information you enter is protected.

Social Engineering

Social engineering is an identity theft process that relies on human interaction and often involves tricking an unsuspecting individual into providing personal information like bank account details or passwords. Social engineers search dumpsters for valuable information, memorize access codes by looking over someone's shoulder, or take advantage of people's natural inclination to choose passwords that are meaningful to them and can be easily guessed (children's names, addresses, or birthdates). The personal information discovered is then used illegally to apply for credit, purchase goods and services, or gain access to funds.

Spam

Sometimes companies or individuals purchase e-mail address lists to send unsolicited ads for products and services. The unsolicited e-mail is defined as "spam," and it fills up e-mail files and could add additional pop-up windows on your computer screen. You can purchase anti-spam software to filter unwanted e-mail or spam from your e-mail list until you delete it.

SSL

Secure Socket Layer (SSL) protocol provides a high-level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps verify that sensitive information (e.g. credit card numbers, account balances and other financial and personal data) sent over the Internet between your browser and a web server remains confidential during on-line transactions.

Trojan Horse

A Trojan Horse is the name of another type of virus, which is simply a computer program that masks itself as another program. Trojan Horses are usually sent as an e-mail file attachment. For example, it may claim to be a game, but once opened, can cause damage to your computer, from erasing files to changing your desktop. It then sends itself to other people in your address book to propagate itself.

Virus

Often through e-mail, file sharing and downloaded programs, computer viruses are sent as attachments. A virus is a small program that piggybacks onto e-mail and program files. For example, a virus might attach itself to a program or a game. Each time the program is opened, the virus runs and can infect other programs or damage your computer. Some viruses move around through e-mail then replicate by automatically mailing to the victim's entire e-mail address book. Never open an e-mail attachment unless first scanned through anti-virus software.

Worm

A worm is a specialized virus that searches through networks to find security holes to replicate itself from machine to machine. Worms use up computer time, space, and speed when replicating, with a malicious intent to slow or bring down entire web servers and halt Internet use.