Protecting Your Information
At the BCMEA, the security of your personal and private information is of
utmost concern. We are committed to keeping your confidential information as
safe as possible. While the BCMEA utilizes strong internal measures to protect
the security and privacy of your information, there are important steps you
should take to help protect your information when using the BCMEA
THIS SECURITY INFORMATION MAKES RECOMMENDATIONS AND SUGGESTS BEST PRACTICES
WHICH USERS MAY FOLLOW AT THEIR OWN DISCRETION. ALL TERMS OF THE WEBSITE USAGE
POLICY GOVERNING THIS SITE ARE STILL APPLICABLE.
You play a critical role in keeping your personal information protected. Please
review each security section below and become familiar with the measures taken
to protect your on-line information as well as the steps you can take to help
secure your on-line experience.
Strong Encryption Requirements
The BCMEA web systems require that you have 128-bit encryption, the highest
level of encryption generally available today, installed on your browser. When
using this encryption, all data sent to the BCMEA website(s) is scrambled and
then de-coded. We do not transmit personal and/or private data over any
Your BCMEA website(s) session is protected in a "secured" network environment
through Secured Socket Layer (SSL) encryption. SSL technology is used within
your session to encrypt your personal information before it leaves your
computer to help ensure no one else can read it. Depending on your browser
setting, a pop-up window will appear to notify you that you will be entering a
secured page. You will know when you are on a secured BCMEA page when you see
the "https://" before the web address. A padlock symbol in the lower right hand
corner of your browser window will also be present. This padlock indicates
that your BCMEA on-line session is in a "secured" environment.
Protecting Our Internal Systems
The BCMEA protects the security of your personal information at all
times. We have taken reasonable measures to protect our internal computer
systems from unauthorized access. To protect our systems from public Internet
traffic, firewalls are used. Firewalls are a combination of computer hardware
and software that separate the Internet from the BCMEA's internal web servers
and computer systems. Firewalls prevent unauthorized Internet traffic from
accessing our web servers and internal systems, thereby protecting your
information and transactions.
Limiting Unauthorized Access To Your On-Line Session
The BCMEA web systems use "timed log-outs" on all of our websites. This means
that on-line sessions are terminated after 20 minutes of inactivity. Once the
BCMEA website has ended your session, you will be required to re-enter your
username and password. "Timed Log-Outs" protect you against unauthorized
Intrusion Detection Systems
The BCMEA websites employ state-of-the-art network based IDS (Intrusion
Detection Systems) to secure the integrity of our network by ensuring that
unauthorized traffic cannot pass though our systems undetected.
What Can You Do To Protect Your Information?
As an Internet website user, you play an important role in protecting your
personal and private information. In addition to a myriad of website
technologies we use for secure exchange of personal data, you play a
significant role in configuring your own computer to maximize its security
environment. The following is a checklist to ensure that your system conforms
to known "security best practices".
||Two pieces of key information must
remain confidential to you - your username and password. Passwords must be kept
confidential at all times and not be disclosed to anyone. BCMEA staff and
related personnel will NEVER ask for your passwords.
||The auto-complete function on your
browser should be disabled to avoid the automatic completion of your username
and password when you type in the relevant fields.
||Passwords should be changed on a
regular basis (at least once every 30-60 days).
||Passwords should be memorized and NOT
be written down or stored in the computer hard disk, diskettes or other
||Ensure that the browser and
application software used is upgraded to support 128-bit encryption or a higher
Whenever you are logged-on to a secured BCMEA website(s), check that the bottom
right corner of the screen shows a secure symbol of the lock.
||If you suspect any unusual account
activity or that your password confidentiality has been compromised, please
change your password immediately and contact our Support line.
||Before you logon to BCMEA websites,
for security purposes, ensure all other Internet sessions, i.e. browser
windows, are closed.
||Always remember to log out properly
(by clicking on "Log out" instead of simply closing the window with the x on
the top right corner of the screen) from your BCMEA session before visiting
||Remember to close the browser window
after you have logged-out of your session.
||Whenever security updates and patches
are made available by your computer or browser vendor, always ensure that you
download and apply them as they are designed to provide you with protection
from known possible security problems.
Use "Supported" Products To Access BCMEA Systems
The BCMEA Development team performs security audits of our applications,
operating systems and services on an on-going basis to ensure that all
components comply with the highest standards of security and best practices. We
do not recommend accessing our systems with "unsupported" products.
|"Supported" Products are:
||Examples of "Unsupported" Products are:
||Microsoft Internet Explorer© 5.x or higher
||Microsoft Windows© NT, 98, 2000, ME, XP
||Mozilla Firefox© Internet Browser
||Netscape© Internet Browser
||Apple Macintosh© Operating Systems
||Linux Operating Systems
Keep Your Computer Secure
Installing virus detection software on your computer is a good computing
practice that protects your information from being corrupted or accessed by
unauthorized users. This software needs to be updated often to ensure you have
the most current protection available. To further protect yourself from viruses
or other unwanted problems, do not open e-mail attachments from unknown or
untrustworthy sources. Do not install unlicenced software, or software from an
unknown source. Make sure you know anyone who uses your computer and limit
Logon and Password Feature
To help make accessing your BCMEA website account more secure, we require you
to obtain your personal and confidential password to logon to the BCMEA secured
website(s). This information is then authenticated by the BCMEA website(s) to
verify who you are before providing access to the system.
Should too many failed login attempts be detected, the account will be locked
automatically and you may have to contact the password reset telephone line to
have the lock cleared. This step is required to protect your account from
random password attempts.
Your password is the key to your on-line account information. Protect and
change your password on a regular basis every 30-60 days is recommended.
Create a password that is unique to you and that cannot be easily guessed by
someone else. Create a password that contains a combination of both letters and
numbers. Do not associate your password with anything personal such as names,
birthdates, telephone numbers, or other familiar words. Memorize your password
and never write it down, electronically store, or reveal it to anyone.
Note: No one at BCMEA will ever ask you for your password. Never give out
personal information to anyone on the telephone or from a website unless you
have verified the credibility of the source and/or have initiated the call to a
Disable The Autocomplete Feature On Your Browser
Disable the 'AutoComplete' function to prevent others from seeing your logon
information each time you use the web site(s). On Internet Explorer for
example, the 'AutoComplete' function remembers data you have input including
your passwords on frequently used sites. Check the User Guide for your computer
setup to get instructions, or go on-line to the manufacturer's website.
Instructions on disabling the
"AutoComplete" on Internet Explorer.
Protecting Your Identity On-line
Install commercial-grade firewall software on your computer to help prevent
unauthorized individuals or information from entering your computer system.
This is especially important on computers that use a broadband connection to
access the Internet (Cable modems or DSL). Since your Internet connection is
alive when your computer is on, the risk for malicious activity to your
Run a current updated anti-virus program on your computer frequently.
Anti-virus software can scan your incoming and outgoing e-mail and attachments
for computer infections like worms, viruses, Trojan Horses and other malicious
code that can affect your computer files and operation.
Keep your software current and apply all security patches for your computer
operating system (e.g. Microsoft Windows) to keep security information current.
Be aware that there are phony websites designed to trick consumers and collect
personal information. Verify the source of your e-mails and only open e-mail
that you expect. Always run anti-virus software before opening e-mail.
"Password protect" your computer to prevent unauthorized individuals from
accessing your information.
How Do I Know If I Am Connecting To The BCMEA And Not To Other Parties?
You may check the validity and owner of the encryption certificate. Using the
"supported" Internet Explorer browser, double-click the security lock icon
at the bottom right of your session window (you may need to enable the status
bar if it cannot be seen). In the General tab, the Certificate Information
should state who it is issued to (e.g. employers.bcmea.com) and when it is
valid for. The certificate should still be within the valid period.
Using The BCMEA Website(s) Via A Public And/Or Shared Computer
Avoid using the BCMEA website(s) at Internet cafes, libraries, and other public
sites to avoid your information from being copied, traced, or re-entered after
If you must use a public computer, please take the following precautions:
Disable the "AutoComplete" on Internet
Please remember to log-out of your session and close all browser windows.
Why Do I Need To Accept "Cookies" To Access The BCMEA Website(S)?
A cookie is a text file that resides on your computer. In order to provide a
more stable and personalized experience, BCMEA website(s) use two types of
cookies as part of the interaction between your browser and the websites:
A "Persistent Cookie" is used frequently throughout the website(s) to track
usage of our latest information, news bulletins and to ensure that users are
receiving personalized and up-to-date information. This cookie does not contain
any private information.
A "Per-Session Cookie" assigns a session id when you log-on and stores it in
your PC's temporary memory (RAM). This session ID is used to establish and
validate your PC during your session. When you log-off from the website(s), the
"Per-session Cookie" is removed. These cookies also do not contain any private
If your browser prompts you when a cookie is "served", you must accept it in
order to access BCMEA website(s). Since cookies are site-specific, only BCMEA
website(s) can access, decode and make use of the information.
Logoff And Close Browser
Always remember to log-off from the website(s) and to close your browser when
you have finished visiting secure websites. Please ensure that you use the
"Logout" functionality of the websites and not the [x] button on the top right
corner of the browser window. This may help prevent others from being able to
view your on-line information at a later time. Please contact us immediately if
you suspect any unusual account activity.
Test Your Computer For Security Vulnerabilities Regularly
There are several commercial tools currently available on the Web that you can
use to test your computer system for security vulnerabilities. For example, if
your system is not configured properly, it may be easier for hackers and
intruders to break in.
Stay up-to-date with the latest security events and incidents and make sure
that you stay current with all security updates/patches and fixes that become
available from the vendors.
For further details of how to protect your computer systems please visit the
Microsoft security web site.
Terms and Definitions
Commercial-grade anti-virus software should be installed on your home computer
and laptop to scan e-mail and files on your computer for potential viruses that
may be attached. If a virus is detected, you are notified immediately and the
anti-virus software will prevent the e-mail or file from being sent to you
before it's opened. You should run your anti-virus software frequently to
prevent computer infections like viruses, worms, or Trojan Horses from entering
your computer system. Purchase a program that automatically upgrades your virus
protection on a regular basis.
A browser is a software application that works with the Internet to provide a
way to view, find and interact with websites and web pages. As new versions of
browsers are developed, users will be able to experience a full multimedia
spectrum, including text, graphics, sound, and video.
Cable modems provide high-speed Internet access using cable television
networks. They use either the traditional coaxial cables or newer fiber optic
cables for the transmission of data. Cable modems offer continuous connection
to the Internet without having to dial into an Internet Service Provider (ISP)
each time you wish to connect to the Internet.
Cookies are pieces of information stored directly on the computer and provide a
more efficient and more personalized experience at a website. The BCMEA
website(s) do not store any personal information in the cookies.
Like a driver's license or passport, Digital Certificates allow individuals or
organizations on the Internet to verify each other's identity to prevent
unauthorized access. A Digital Certificate is a randomly generated set of
characters that a computer sends to your browser. The browser on your computer
stores this information and uses it as a digital stamp to certify the
authenticity of the information sent to you and as a means of establishing
identity. You may see a Digital Certificate issuer logo at the bottom of a
browser page for your reference.
When you establish a connection to the BCMEA secured website(s) the information
you enter on-line is "encrypted" or transformed into a string of unrecognizable
characters before being sent over the Internet, likewise information coming
from the BCMEA websites are encoded and decoded by your browser. This helps to
keep the information between the BCMEA computer system and your Internet
browser private. Your session is in a secured "encrypted" environment when you
see "https://" in the web address and/or when you see the locked "padlock"
symbol at the bottom right corner of your browser window.
Firewall software can be installed on company and home computers as a barrier
against hackers and viruses. Firewalls are used to filter potentially
destructive information or prevent unauthorized access. This is especially
important on computers that use a broadband connection to access the Internet
(Cable modems or DSL). Since your Internet connection is on when your computer
is on, the risk for malicious activity to your computer increases.
Keystroke Capturing or "keystroke logging" is a surveillance tool that
is used to record the keystrokes of unsuspecting victims in order to
determine password and logon information which can be used for fraudulent
A plug-in is a software module that adds a specific functionality to the web
browser. Plug-ins for Internet Explorer allow the browser to display various
types of audio and video messages. For example, the popular Adobe Acrobat
(PDF) Plug-in is used for viewing files and reports.
Your on-line sessions are protected in a "secured" environment which use Secure
Socket Layer (SSL) technology to encrypt your personal information before it
leaves your computer to help ensure that no one else can read it. You will know
that you are on a "secured" page when you see the "https://" before the web
address. You will also see a padlock symbol in the lower right hand corner of
your browser window. Commonly, a closed padlock indicates that your on-line
session is "secured" by encryption to protect your personal information.
When you logon to the BCMEA website(s) that requires authentication, you
usually input a specific username and password to gain access to your personal
information. The encrypted information then passes through a rigorous test on
BCMEA computer systems to ensure proper authorization before your personal
information is displayed.
Security holes/bugs are often faults, defects or programming errors exploited
by unauthorized users to access computer networks or web servers from the
Internet. As these holes or bugs become known, software publishers develop
"patches," "fixes" or "updates" users can download that usually fix the
For your added on-line security, BCMEA uses a session time-out feature. If your
BCMEA Internet session is idle for a given amount of time, it is ended
automatically. This helps ensure that your on-line session is in a "secured"
environment and that the personal information you enter is protected.
Social engineering is an identity theft process that relies on human
interaction and often involves tricking an unsuspecting individual into
providing personal information like bank account details or passwords. Social
engineers search dumpsters for valuable information, memorize access codes by
looking over someone's shoulder, or take advantage of people's natural
inclination to choose passwords that are meaningful to them and can be easily
guessed (children's names, addresses, or birthdates). The personal information
discovered is then used illegally to apply for credit, purchase goods and
services, or gain access to funds.
Sometimes companies or individuals purchase e-mail address lists to send
unsolicited ads for products and services. The unsolicited e-mail is defined as
"spam," and it fills up e-mail files and could add additional pop-up windows on
your computer screen. You can purchase anti-spam software to filter unwanted
e-mail or spam from your e-mail list until you delete it.
Secure Socket Layer (SSL) protocol provides a high-level of security for
Internet communications. SSL provides an encrypted communications session
between your web browser and a web server. SSL helps verify that sensitive
information (e.g. credit card numbers, account balances and other financial and
personal data) sent over the Internet between your browser and a web server
remains confidential during on-line transactions.
A Trojan Horse is the name of another type of virus, which is simply a computer
program that masks itself as another program. Trojan Horses are usually sent as
an e-mail file attachment. For example, it may claim to be a game, but once
opened, can cause damage to your computer, from erasing files to changing your
desktop. It then sends itself to other people in your address book to propagate
Often through e-mail, file sharing and downloaded programs, computer viruses
are sent as attachments. A virus is a small program that piggybacks onto e-mail
and program files. For example, a virus might attach itself to a program or a
game. Each time the program is opened, the virus runs and can infect other
programs or damage your computer. Some viruses move around through e-mail then
replicate by automatically mailing to the victim's entire e-mail address book.
Never open an e-mail attachment unless first scanned through anti-virus
A worm is a specialized virus that searches through networks to find security
holes to replicate itself from machine to machine. Worms use up computer time,
space, and speed when replicating, with a malicious intent to slow or bring
down entire web servers and halt Internet use.
Adobe© and Acrobat© are registered trademarks, and Acrobat
Reader is a trademark, of Adobe Systems Incorporated. Macintosh© is a
registered trademark of Apple Computer, Inc. Microsoft© and Windows© are
registered trademarks of Microsoft Corporation. Firefox is a trademark of the
Mozilla Foundation. Netscape© and Mozilla© are registered trademarks of
Netscape Communications Corporation. Norton AntiVirus© is a registered
trademark of Symantec Corporation. All other trademarks and service marks are
the property of their respective owners.
Copyright © 2005 British Columbia Maritime Employers Association. All rights