(for all services provided by Omigaman Limited)Firefox (Mozilla), Opera (Opera), Chrome (Google) and Explorer (Microsoft) Please note that you must enable JavaScript and Pop-ups for the gepo application domain before continuing to use your gepo solution. If either of them has been disabled on your computer, some functions of your gepo solution will not work properly. To enable Javascript and Pop-ups, you must refer to the instructions from your browser provider.Example 1: Enabling JavaScript in Mozilla’s Firefox:• start Firefox and select 'Tools', ' Options' from the menu, • click on the ‘Content’ tab, then click the globe icon to select the Internet zone, • make sure that the ‘Enable JavaScript’ check-box is ticked, • click on the ‘Advanced’ button opposite, to open the ‘Advanced JavaScript Settings’ box, make sure that the ‘Move or resize existing windows’ AND the ‘Disable or replace context menus’ is ticked, • click 'OK' to close the ‘Advanced JavaScript Settings' box, • and click 'OK' to close the ‘Options' box, • close and restart your Firefox window for any changes to take effect. Example 2: Enabling JavaScript in Microsoft’s Internet Explorer:• start Internet Explorer and select 'Tools', ' Internet Options' from the menu, • click on the 'Security' tab, then click the globe icon to select the Internet zone, • click on the 'Custom level' button to inspect the option ‘Settings’, • scroll down to the 'Scripting' section and ensure that 'Active scripting' is enabled (i.e. its 'Enable' radio button is selected), • click 'OK' to close the 'Security Settings' dialogue. If you see a warning dialogue 'Are you sure you want to change the security settings for this zone?' click on the 'Yes' button, • click 'OK' to close the 'Internet Options' box, • close and restart your Internet Explorer window for any changes to take effect. For Your SecurityOne of the highest priorities is to ensure your privacy and peace of mind by employing some of the most advanced online security measures in the industry. After successfully logging into your gepo solution, we will protect your every step with the highest encryption technology, which encodes all data transmitted between your computer and your secure servers. These servers are hosted in firewall protected data-centres and managed by qualified/professional engineers around the clock. Furthermore, the gepo system will monitor and log all activity using your unique IP address identity – this information can assist us in combating unauthorised access. What to do if you suspect an intrusionIf you notice anything that looks out of the ordinary or think that someone, other than you, has accessed your account, contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html Top four security recommendationsThe best security measures are those that support your privacy, and ensure that your corporate data is safe from prying eyes, without getting in your way. You can also help by being aware of these key security issues:1.Use the gepo service safely 2.Protect your computer 3.Understand the gepo system security 4.Be aware of common frauds 1) Use the gepo service safelyAs part of the gepo service, we take steps to make sure our web services are safe and secure, and it’s important that you do the same. To help you, here are the precautions you should take while accessing your system online. Keep Login and Passwords information safe by:• not writing down or storing your Login and Password information on your computer,• not giving anyone else access to your Login and Password information. We will never contact you to ask you for this information – if you get an email or a phone call asking for this information, a fraudster is at work, • changing your Password immediately if you think that someone else knows it – you can do this by logging on and using the ‘Change Password’ option in the ‘Preferences’ menu. Make sure your password is secure by:• choosing a ‘strong’ 6 to 15 character password and changing it regularly. Use a mix of letters and numbers (like c4t or d0g), that you can remember without writing down.• Avoid using words that may be easy for others to guess, such as the name of a family member or favourite pet, • combine memorable words to increase the complexity of the password (like citytunnel or boringhusband). Be careful where you log on• We strongly advise you not to use your gepo service on publicly accessible computers, in places such as Internet cafes, as they are not always secure.• Never choose or change your gepo password on a computer in a public place. • If you have to use your gepo service in a public place, don’t leave the computer unattended while you are logged on, and take care that no-one is watching what you type. Finally, logout and close all browser windows before leaving. Check your accounts regularly• Be sure to access your account regularly to check the date and time stamp of your last login – this is a good way of spotting any suspicious accesses. If you do notice anything that looks out of the ordinary, please contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.htmlCheck whether the web page is secure by:• checking the first few characters of the web address in your address bar has changed from the usual ‘http’ to ‘https’ – the ‘s’ stands for secure and it means that encryption is in force,• looking for a small padlock icon (in the locked position) in a corner of your browser window – if you hover over the padlock (or click on it), it should indicate that 128-bit encryption is in force. Check the site certificate• Sites that are serious about security always show a valid site certificate. Double-click on the padlock icon to see the Certificate information.• the correct domain name must be recorded as the owner and the certificate must be verified by an authorising body (we often use ‘Equifax Secure Inc.’ For our server certificates). • If any of the information shown is wrong or suspect, you may have arrived at a fraudulent site so contact your company’s Administrator immediately. Your Administrator will then reset ALL passwords to ALL accounts and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html Always log off• Finally, always click ‘Logout’ when you’ve finished using your gepo system wherever you are, and always close all of your browser windows. This will prevent others from gaining access to your account online.If you suspect that your gepo system has been accessed online by someone other than yourself, contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html 2) Protect your ComputerThe Omigaman gepo service is designed to help you to protect your company data. We have listed some of the most important things you can do to keep your computer and your company data safe at all times. Keep your software up to date• Occasionally publishers discover vulnerabilities in their products and issue ‘patches’ to protect against any security threats. It’s important that you regularly visit the website of the company which produces your operating system (e.g. Windows XP or Vista) and browser (e.g. Internet Explorer or Firefox) to check for any patches or updates they may have issued.• If you’re using Microsoft software, you can do this by visiting their website: http://www.microsoft.com/security. Or, if you are a Mac user, you can visit: http://www.apple.com/uk/support. Protect against viruses• Use anti-virus software and ensure that it’s kept up-to-date – this should protect your computer against the latest viruses. Popular anti-virus products include: McAfee Virus Scan, Norton Anti-Virus, or Sophos Anti-Virus. Type any of these names into a search engine and go to their websites for further information.• Never download software if you’re unsure of the source – this includes websites which prompt you to click ‘Yes’ or ‘OK’ to run a programme or install a browser plug-in. • Be wary of unexpected or suspicious-looking emails from unknown sources. Emails are a common way to spread harmful codes or to trick you into revealing your gepo login information. While we may email you from time to time, we will never ask for your Login or personal details. If you suspect you’ve received a fraudulent email claiming to be from us, please forward it to your company’s Administrator immediately. Your Administrator will then contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html • Use up-to-date anti-spyware software to protect against programmes that fraudsters can use to collect information about your Internet usage. Popular anti-spyware software such as AdAware or Spybot’s Search and Destroy can help to protect your computer. Use a firewall• You can get further protection against harmful codes by using firewall hardware or software that prevents unauthorised access to your computer when you’re on the Internet. Popular firewall software includes: McAfee, Symantec, and Zone Labs. Type any of these names into a search engine and go to their websites for further information.3) Understand the gepo system securityAs part of Omigaman’s gepo service, we’re committed to making your system access as safe as possible. Here are the ways that we protect your security. Multiple security field entryTo access the gepo service, each user must first enter the correct ‘Application’ name before being prompted for a private Login and Password. Not only will the ‘Application’ name act as the first barrier to unauthorised entry, it will also take the user to a ‘secure’ login page with 128-bit encryption. This precaution will ensure that your Login and Password are coded before leaving your computer.Email verificationWhen a new user is added to the system, a verification email is issued to identify the user and confirm access for the first time. If the user passes this initial security check, he/she will be asked to enter a new password to ensure that even we cannot possibly know your private security details as the information is encrypted. Never share your Password or other Login information with anyone – you’ll compromise your security.Look for the padlockWhen you log on to our gepo service you’re always in a ‘secure session’ – this is shown by the padlock symbol in a corner of your web browser. It means that your company data will be coded before it leaves your computer using state-of-the-art encryption. Most browsers today utilise an encryption method called Secure Sockets Layer (SSL). SSL is software-based security protocol that encodes data before it is transmitted over the Internet. The basic SSL encryption version for browsers is 40-bit but we always use the superior 128-bit encryption, which provides a much higher level of security, as it is more than 300 x 1024 more secure than 40-bit encryption. All major commercial browsers support the required higher level (128-bit SSL) of encryption to ensure the privacy of your information.Audit log and IP fingerprintAll access to the gepo service (even failed attempts at logging in) are recorded on the system’s audit logs and can be associated to the relevant user and location. Furthermore, by recording the unique IP address of each gepo session, we can identify the user’s Internet Service Provider and the actual computer used, anywhere in the world.Check the timeEvery time you log on, the system will display the time and date you last logged on to the gepo service. Check that the time and date shown match the last time you logged on. If they don’t, someone else may have accessed your accounts online. Check your accounts carefully and if you notice anything suspicious, contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.htmlAutomatic log offIf after logging on to the gepo service, you don’t use it for 60 minutes (albeit, this variable can be changed by your company’s Administrator), you will automatically be logged off. This security measure ensures that if you have left your computer or have forgotten to log off, there’s much less chance of anyone else accessing your account. To eliminate this risk completely, please make sure you never leave your computer unattended while logged on, and always log off when you’ve finished using the gepo service.Temporary denial of accessAs a safety measure, if there are a number of incorrect attempts to log on to the gepo system we will disable your access to the service. This protects you against fraudsters trying to guess your details. Furthermore, if there is an attack on the hosted server (i.e. Denial of Service attack), the data-centre’s firewall will block all access to the server in order to protect your data.To reactivate your access, contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html 4) Be aware of common fraudsAccessing your gepo through the Internet is a great way to manage your business, but you need to be on your guard against Internet fraudsters. We’ve listed some of the most common fraudulent activities to look out for: Email ‘Phishing’ scamsBe wary of fraudulent emails asking you to confirm information such as Passwords. These are not genuine emails. If you receive such an email, please do not click on any link or provide any private information. While we may send you emails from time to time, we will never send emails asking for your personal information. The aim of many email scams is to lead you to websites that may look like the gepo site but are in fact ‘spoof’ sites. If you suspect you’ve received a fraudulent email, please delete it from your system after forwarding it to us for investigation via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html This information will be used to help reduce online fraud.Email ‘Trojan’ scamsTrojans are emails that look innocent, but may contain links or attachments that can install harmful programmes on to your computer when you click on them. These programmes are designed to do things like ‘keystroke logging’, which could enable fraudsters to get a hold of your personal information while you are using the Internet. If you receive an email from an unknown source, or an email that contains unknown attachments or links, do not open the attachments or click on the links. Instead, delete all suspicious emails. While we may email you from time to time, we will never send you emails with unknown attachments, or ask you for your gepo login information. If you notice anything that looks out of the ordinary or think that someone other than you has accessed your account, contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html‘Spoof’ websites scamFraudsters can create authentic looking websites, often called 'spoof websites’. Their purpose is to encourage users to enter personal details such as passwords and memorable information. This information will then be re-used to access your gepo account.Virus ‘hoax’ emailsSome fraudsters send hoax email warnings about viruses, designed to cause concern and disrupt businesses. Such warnings may be genuine, so don't take them lightly – but always check the story out by visiting an anti-virus site before alerting friends and colleagues.Other common scams that are not related to your gepo service are:• Email scams claiming to offer you additional income; Sometimes a fraudster may ask you to receive funds into your account on the understanding that you will then transfer the funds into another account in the UK or overseas. In return, they offer you a tempting commission – this is a scam. You will not receive payment and you could unwittingly become involved in criminal activities.• Email scams that claim you have won a lottery prize; A fraudster may email you to say that you’ve won a substantial amount of money in a lottery draw. If you reply, the fraudster then asks you for your bank account details and other personal information to transfer the funds to you – occasionally they may also ask you to pay a handling fee. Unfortunately these scenarios are not genuine and you will lose any money you pay, plus your personal information can also be used in other frauds. • Advance fee or '419 Fraud'; These are letters and emails offering the recipient a generous reward for helping to transfer a large amount of money, usually in US • Dollars. They claim these funds are from sources such as corporate profits, accumulated bribes, unspent Government funds and unclaimed money from a deceased person. The fraudsters are hoping you’ll reveal your banking details. The transactions typically ask you to pay an advance fee, tax or bribe to complete the deal – but you will lose any money you pay. If you notice anything that looks out of the ordinary or think that someone other than you has accessed your account, please contact your company’s Administrator immediately. Your Administrator will then reset the password to your account and contact us immediately via your gepo secure messaging system or through one of the options listed on our website: http://www.omigaman.com/contact-us.html |