SECURITY POLICY

Information security is one of our highest priorities.  We use state-of-the-art software and other technologies to prevent unauthorized users from accessing our systems, especially those accessible from the Internet.

A.            Definitions

                (1)          Encryption: A method of scrambling information while it moves from one source to another to prevent others from reading it.

                (2)          Secure Browser: An Internet browser that has SSL encryption version 3.0 or higher to conduct secure financial transactions over the Internet.

                (3)          Secure Socket Layer (SSL): A form of encryption that protects information being transmitted over the Internet to prevent tampering while it's in transit.

                (4)          Secure Transaction: A transaction that is protected from outside tampering.

                (5)          Firewall: Firewalls are used to shield our network from the Internet.

                (6)          Cookies: A "cookie" is a small text file placed on your hard drive by our web page server to identify returning users and their preferences.  Cookies are commonly used on websites and do not harm your system.

                (7)          Security Token: An external tool to authenticate individual access in addition to any other IDs and Passwords.  The most common of such tools is the RSA SecurID KeyFOB. 

                (8)          Phishing: Identity thieves send bogus e-mails, pretending to be an actual company, in order to trick users into divulging personal or financial information.  Those e-mails mimic company logos, language and may even be exact copies of actual company website pages.  It is important that users are aware of these e-mail scams and safeguard their financial accounts.  GTreasury will never ask for your user ID and password in an e-mail.  If you receive an e-mail asking for such confidential information, do not respond to the e-mail, forward it to cashmgmt@GTreasury.com for reporting purposes, and delete the e-mail to avoid future confusion.

B.            Access; Security. Upon requesting access to the Website, a user will be prompted to enter a network access ID and password, and successful entry will lead to the Website login page.  At this point, the user will be prompted to enter a business ID, user ID and password in order to access the Website main menu.  Following are descriptions of some of the layers of technology we employ to help ensure the confidentiality of your transactions:

                (1)          Browser Encryption.  We require the use of a 128-bit secure browser to login to your account and perform transactions.  Netscape Navigator®, Netscape Communicator®, and Microsoft® Internet Explorer are all secure browsers.  If you are not using one of these browsers, or if your browser does not meet our security requirements of , you will need to upgrade to a suitable browser.  Remember that once you've downloaded the proper browser, you must install it on your computer.  Follow the browser manufacturer's instructions that appear on your screen.

(2)          SSL.  Secure browsers employ secure sockets layer ("SSL"), a protocol designed by Netscape Communications Corporation to provide secure communications on the Internet.

(3)          IDs and Password.  Once a secure browser connection is established, you will still need to provide a business ID, username, and a password in order to enter the application area of the Website.  The following precautions should be taken:

                                (a)          Never reveal your password to anyone.  Never write it down where anyone can find it or figure out what it is.  Change your password often, and be sure that you do not use obvious words or numbers in a series.  Try using birthdays combined with pet names, or sports teams combined with a birthday, for example.

                                (b)          Never access the Website from a computer that an untrusted individual may have access to. 

                                (c)           Treat your online username and password with at least as much care as you would for your automated teller machine  or credit card personal identification number.

                                (d)          You should make sure that no one is watching as you enter your password. 

                                (e)          Run a reliable antivirus and software to remove spy-ware.  Take standard precautions to keep your computer free from viruses and spy-ware.  The latter may be able to record your keystrokes and transmit them to another computer that would then have access to the Website, "spoofing" your own access.  

                                (f)           One of the most effective steps you can take to ensure the security of your business accounts is to update your password frequently.  We're making it easier for you to take this simple, but important step, by asking you to update your password every 60 days.  When your password expires, we'll prompt you to choose a new one, and remind you that new  passwords:

                                                (i)            Must be different than your last five passwords.

                                                (ii)           Cannot use the same letters consecutively.

                                                (iii)          Cannot match your Social Security Number.

                                                (iv)         Must be 7 to 16 characters long.

                (4)          Log Out. 

                                (a)          Use our log out feature if you are going to be away from your computer for an extended period of time.  Logout will end your session, and you will have to re-submit your username and password before entering the Website again.  We strongly recommend that you shut down your browser when your work is completed to prevent others from using your access.

                                (b)          After a period of inactivity, your current session on the Website will automatically time-out.  To restart your session, you will have to re-enter your username and password at the log in screen.

                (c)           Restart your browser after using the Internet in order to erase copies of information stored in a working area in your computer (known as the cache).  As a result, this information will not be at risk of being viewed by others who use your computer.

C.                            Optional RSA SecurID Token Access.   GTreasury recommends use of the RSA SecurID to provide another level of access security to safeguard confidential information and secure the initiation and approval of fund transfers and other sensitive transactions. GTreasury recommends the use of RSA SecurID KeyFOB, a lightweight and water resistant token that displays a randomly generated access code that changes every 60 seconds.  The KeyFOB provides a two-factor authentication: the user logs in by entering a PIN , followed by the current code displayed on the SecurID token.  A SecurID token typically lasts up to two years before it runs out of battery power and needs to be replaced with a new one.