Rainmaker Privacy Policy and Internet Security
Protecting Your Privacy on the Internet
Protecting your privacy and the confidentiality of your personal information has always been fundamental within RAINMAKER whether we do business with you through the Internet, over the phone or in our offices.
More and more of you are using the Internet to do business with us. This site contains the information you need to feel confident dealing with RAINMAKER over the Internet. Working together, we can safely use the Internet to do business.
Overview – RAINMAKER, Inc. Commitment To Protect Your Information
Information security is a fundamental policy within RAINMAKER. All employees of RAINMAKER are aware of the procedures that must be taken to safeguard customer information. And to us, protecting the confidentiality of your information is more than a procedure - it's part of our jobs. It is specified in our employment agreements and regularly confirmed in writing.
Our Information Systems Security Group
Specific responsibility for ensuring that we have thorough security standards to protect our systems and your information against unauthorized access and use rests with our special Information Systems Security group. This group keeps up-to-date with ever-evolving security issues, tools and methodologies. They consult with all areas of RAINMAKER to ensure that appropriate security controls are built into RAINMAKER's procedures, systems and software.
Your Role In Safeguarding Your Information
Our security standards are high. We test every electronic product to ensure that it meets our criteria. However, the software that you run on your own PC and the Internet itself can impact the "secure environment" necessary for Internet transactions with RAINMAKER. You also play an important role in maintaining the security of your information while using the Internet. You should ensure that you are familiar and comfortable with the security level of your browser and watch for security alerts affecting the software on your PC or the browser you are using.
BROWSERS/ENCRYPTION/FIREWALLS
What is a browser and what does it do?
A browser is what enables you to visit Web sites and view Web pages on your computer screen. Just as a word processor is the software you use to write letters and papers with your computer, a browser is the software you use to surf the Web.
Once on a site, your browser translates HTML programming instructions sent over the Internet into the web pages you are accustomed to seeing. Some browsers are proprietary to an ISP (Internet Service Provider); others are not (Microsoft Internet Explorer).
What makes one browser more secure than another?
Browsers offer varying degrees of security, particularly in regard to encryption:
- Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
- Some browsers offer more secure forms of encryption than other browsers do.
- Even the same version of a browser can come with different levels of encryption.
What is encryption?
When trading or viewing your account information online the information is encrypted. Once you have successfully logged on to our Veo services the information sent and retrieved is encrypted.
Encryption is the process of converting information into a more secure format for transmission. In other words, the plain text is converted to scrambled code while being transmitted, and then decrypted back to plain text at the receiving end of the transmission.
It is comparable to writing a letter, converting it to code, putting it in an envelope and mailing it with the recipient descrambling the code.
Currently, there are 2 levels of encryption generally available in web browsers: 40-bit encryption, and 128-bit encryption. Most commonly available browsers use 40-bit encryption. However, the 128-bit browser offers the highest level of encryption generally available in North America today and provides the best protection when transmitting confidential data over the Internet.
What's the difference between 128-bit and 40-bit encryption?
The difference between these two types of encryption is one of capability. 128-bit encryption is exponentially more powerful than 40-bit encryption.
Think of it this way:
- 40-bit encryption means there are 240 possible keys that could fit into the lock that holds your account information. That means there are many billions (a 1 followed by 12 zeroes) of possible keys.
- 128-bit encryption, means there are 2128 possible keys, or 288 (a three followed by 26 zeroes) times as many key combinations than there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.
How can you determine what level of encryption your browser supports?
Microsoft Internet Explorer
For Microsoft Internet Explorer, click on 'File', then 'Properties', then select the 'Security' tab. From there scroll down to 'Security Strength'. If you are not sure, we encourage you to download and register the most current version of this software. See address below. Be sure to specify the 128-bit version from the list of available software that can be downloaded.
Microsoft displays the icon on the lower right corner of the browser. For a secure environment, Microsoft Internet Explorer (any version) uses a closed padlock; there is no icon for an unsecured environment. Microsoft Internet Explorer does not distinguish between 40-bit and 128-bit encryption on the browser screen.
Although 128-bit encrypting browsers are available for download under certain circumstances, the availability and means of doing so are changing daily. We encourage you to check with your browser provider in respect to the current status.
Follow these steps to take full advantage of Microsoft Internet Explorer's built-in security features.
Make sure that your browser's safety level is set to "High". This selection ensures that Internet Explorer will only download signed or certified code to your computer. Select "View" from the menu bar on top of your browser and then select "Options". When the "Options" screen opens, you will see a series of tabs at the top, select the "Security" tab. Then, select the "Safety Level" button near the bottom of that screen. The screen that opens will allow you to set your security level to high.
You can take advantage of the features that alert you when an ActiveX control, which is a type of program which can be downloaded from the Internet, is about to be downloaded onto your computer. It's a good idea to find out about the publisher or Web site by clicking on the information provided on the security certificates presented before you download an ActiveX program. When presented with certificates from unknown Web sites or publishers, exercise caution.
Most certificates give you the option to turn off future certification notices. Do not select this option if you wish to carefully monitor the source of the programs, which you download onto your computer. You have several other options on the "Security" tab that allow you to choose what types of software can be downloaded onto and run on your computer. If you are particularly concerned about safety, you can choose to:
Not allow the downloading of ActiveX content Disable ActiveX controls and plug-ins Not run ActiveX scripts Disable Java programs To make any of these selections, uncheck the boxes at the bottom of the "Security" tab within the "Options" menu of your Internet Explorer browser.
What is a firewall and what does it do?
An Internet Firewall is made up of a combination of hardware and software which is designed to securely separate the Internet from internal computer systems and databases. At RAINMAKER, data coming from customer computers via the Internet flows through a series of safety checkpoints on its way to our internal systems. Data is encrypted between the customer and internal systems to protect it from unauthorized disclosure or modification.
FAQ'S ON INTERNET SECURITY
What does security on the Internet mean?
Security on the Internet means that transmissions sent from one source to another maintain their confidentiality and integrity.
- Confidentiality means that unauthorized users cannot read any transmissions sent from one party to another.
- Integrity means that messages are not altered during transmission.
What steps has RAINMAKER taken to ensure the privacy and security of your information on its Web Site?
RAINMAKER top priority is to protect the confidentiality and integrity of its customers' information. RAINMAKER has ensured that the appropriate safeguards have been implemented each step of the way. The safeguards include:
1. Encryption - all applications and other communications requesting confidential information must be set up in a "secure environment" on our site, transmitted to us securely through the use of encryption and maintained in a secure format upon receipt by us until distribution to the appropriate business area.
2. Firewalls - RAINMAKER has in place an Internet firewall designed to securely separate the Internet from RAINMAKER's internal computer systems and databases. Data coming from customer computers via the Internet flows through a series of safety checkpoints on its way to our internal systems so that only authorized messages and transactions enter our computer systems.
3. Monitoring- RAINMAKER monitors all internal systems to ensure that there has been no security attack or attempted break-in. We also arrange for regular independent security checks on our computer systems to ensure our high standards are being complied with.
What can you do to protect your accounts and personal information using RAINMAKER Web Site?
You also play a role in maintaining the security of your information. Encrypting your data is the best way to ensure your privacy is protected while using the Internet. Become familiar with the level of encryption of your browser and upgrade for greater protection. Here are some additional things you can do:
Use the built-in security features of your browser. Choosing certain security settings and options will help protect your accounts and personal information.
- Protect your password by choosing one that is difficult to guess. Avoid words that may be found in the dictionary, as these are easy to guess.
- Change your password regularly.
- Do not share your password with anyone.
- Never write your password down or store it in your computer where it is automatically replayed. If someone walked up to your PC and replayed your logon sequence including a stored password, then they can connect as if they were you. Always key in your password yourself for each logon to RAINMAKER.
Remember to logoff when you have finished with your transmissions.
Can other people view your personal information when you're using the web?
Yes and no. If you have encrypted your data, then it cannot be viewed while it is being transmitted. However, your browser will store information in memory (cache) after it has been sent.
Some sites that you visit after RAINMAKER may search this memory and obtain information that you haven't intended to provide. To protect yourself from this, clear the cache after visiting a secure site.
How do you clear your cache?
Since the process required to clear the cache differs from one browser to another, please refer to your browser for details.
Does RAINMAKER support beta versions of browsers?
Not officially, we don't formally test them.
PROTECTING YOUR PRIVACY ON THE INTERNET
RAINMAKER Privacy Code
RAINMAKER Privacy Code informs you of our commitment to and policy on privacy. It tells you the ways we ensure that your privacy and the confidentiality of your information are protected. To review the full text of our privacy code click here.
Protecting Your Privacy On The Internet
- There are things you can do to protect your privacy over the Internet.
- Your password is key!
- Choose an effective password - don't pick your birthday, SSN or another number or word that could be easily guessed.
- Protect your password. It is your access to your Internet account.
- Do not reveal it to anyone.
Be familiar with the encryption level of your browser and what it means in terms of your privacy protection. If you want greater protection, upgrade your browser (e.g. 40-bit to 128-bit).
Clear the cache of your browser after secure sites. Browsers generally cache, or locally store, images of pages have downloaded to enhance performance. By clearing your cache after visiting secure sites, you ensure no one else can view any confidential information you may have transmitted. Please refer to your browser for information on clearing your cache.
Effective Password Management Practices
Access Control And Passwords
One of the easier and most effective access control methods is the use of passwords. Although passwords are a convenient way of protecting system access, users often defeat the security measures by carelessness or improper use. It is therefore necessary for all system users to strengthen passwords and ensure their confidentiality at all times.
Weak Passwords
Most users tend to select a password that is easily recallable so they will not forget it. Often a user selects a password based on things like:
- Personal or family details, possessions, interests, or relationships
- Dictionary words
- Dictionary words spelled backwards
- First names, last names, street names, city names
- Names of sports teams
- Valid car license numbers
- Room numbers, social security numbers, or telephone numbers
Although this seems harmless, such passwords are inherently weak because they can be anticipated and easily guessed by an impostor. Someone trying to guess your password will try your name, date of birth, nickname and those of your spouse and children. A more enterprising impostor, on the other hand, may gather a substantial collection of candidates from dictionaries and mailing lists and search them for your password. At 1 millisecond per possible password choice, it takes less than 4 minutes to search a 250,000 word commercial dictionary. If someone did that to your password, would they get through?
Improving Passwords
A password offers no protection to any system or data if it can be guessed easily. Ideally, passwords should be easy to remember by the user but hard to guess correctly by anyone else. By applying the suggested password selection procedure listed below and ensuring password confidentiality, the strength of a user's chosen password is considerably improved.
Password Selection Procedure
Choose a string of alphabetic characters that is easy to remember using one of the following techniques.
1. Type a common word, but shift your hands up or down one or two rows on the keyboard. For example shifting down one row on the keyboard changes "FRIDAY" to "VFKCH."
2. Move one letter in the alphabet for each character, "FRIDAY" become "GSJEBZ."
3. String words together to form one word, like "OMYGOSH."
4. Use synonyms/antonyms for syllables like "SNOWMILK" for "ICE CREAM."
5. Use phonetics ("CHRIS" becomes "KRIS") or reversal ("MIKE" becomes "EKIM").
6. Create an acronym from an expression. For example, take the first letter of a common expression, such as "This fancy stuff works!" to form the acronym "THFWO."
Choose a string of at least 1 or more numbers that is easy to remember and insert it somewhere in the password.
Using some rule that you create, combine the string of alphabetic characters with the string of numbers to create an alphanumeric string. This alphanumeric string should be at least 5 characters long. Using this procedure, one might select, say "WCYD" and "129." A possible resulting password could be 1W2CY9D, which is much less obvious than either of the easily remembered sequences. Password Confidentiality Although the Password Selection Procedure will make it more difficult for someone to obtain your password without your knowledge, you must also do the following to make sure your passwords stay confidential:
- DO NOT SHARE YOUR PASSWORD WITH ANYONE
- CHANGE YOUR PASSWORD REGULARLY Change your passwords at least once per month, or more frequently for highly sensitive data, to make it harder for someone to gain unauthorized access.
- USE A UNIQUE PASSWORD FOR EACH SYSTEM Always use a different password for each system you access.
- IF WRITING IT DOWN, SECURE IT It is strongly recommended that you NOT write down your password. However, if you really must record your password, it should be done in a form recognizable only to you and kept in a secure place. Even in an obscured form, the written record provides clues that someone could use to "break" your password.
- DO NOT STORE YOUR PASSWORD ON THE COMPUTER
Passwords should not generally be stored in the computer. Function keys should not be programmed with your password to complete a logon procedure. Remember, handle your password like you would the key to your house. It is what stands between an intruder and your data. You wouldn't give a burglar the key to your house, would you?
|