Security best practices

To be truly effective, any actions Questrade takes to ensure the security of your account must be made along with actions you take to protect your account.

Below are some important ways to help keep your account information secure.

Protect your computer

A new computer is pre-configured with factory settings. Running your computer with these defaults leaves you open to security breaches.

Note: with all security measures, whether software or your operating system, the manufacturer will issue regular notices of updates or patches. Register with each manufacturer to ensure you receive the notices, and install new versions promptly.

Here are some ways to help safeguard your personal information and keep your computer safe

1. Anti-virus software: your computer can become infected with a virus in various ways, from email attachments, content downloaded from a website, or through infected media (DVDs, USB drives, etc.). Anti-virus software helps prevent your computer from becoming infected and your files from being corrupted or lost. It also can detect existing viruses and clean your computer so that they do not spread. Always use up-to-date anti-virus software that is capable of scanning files and email messages. Most anti-virus programs include an auto-update feature that enables the program to download profiles/signatures of new viruses so that it can check for them as soon as they are discovered. Register your new anti-virus software immediately, and sign up for automatic notification of product updates to ensure your computer is protected.
2. Anti-malware/Anti-spyware software: malicious software attacks are increasing at a staggering rate. Malware generally refers to any program that intentionally harms your computer and is typically installed without your consent. Malware can access your computer if you do something as harmless as clicking on an ad, browsing a website, or even downloading a document containing malware. In some cases, malware actually poses as anti-malware software. Your best defence is to keep your browser, operating system, and applications up to date, and to consistently run updated anti-malware software. Spyware is a particularly nasty type of malware, and is designed to essentially “spy” on you by tracking and collecting your personal information. The information collected often includes your user IDs, passwords, name, and address.
3. Firewall: is designed to filter the information coming through the Internet into your computer, permitting communication only with sources you know and trust. It helps prevent unauthorized access, protecting your home network and family from potential hackers. If you do not have a firewall installed, any personal information stored on your computer or distributed using the web may be accessed by an attacker for as long as your computer is connected to the Internet. Many computers have firewalls built into their operating systems. Ensure you turn off any default firewall before installing a new one. Also, do not run two firewalls simultaneously. Most modems or routers installed by your ISP have firewall capabilities. Where possible, you should use them. For more details, contact your Internet service provider. Restrict traffic that travels through your firewall by only granting access to those programs and/or traffic that you are familiar with. If you do not share files or documents with other computers on your network, disable the file sharing feature. Doing so will prevent others from being able to download or view your files or documents.
4. Browsers: Many browsers include filters that can block phishing sites. The newest editions of Microsoft Edge, Mozilla's Firefox, and Google’s Chrome all include this feature. Filters are an important tool, especially when used in conjunction with other anti-piracy tools. Sign up for automatic notification and any security software updates, if available, and download them as soon as you can. Always use a web browser that supports 128-bit encryption when accessing secure websites. This ensures that your data is transmitted confidentially over the Internet.
5. Wireless: Wireless routers are very convenient. They can also leave your computer vulnerable to malicious hacking. Ensure you change the default password for your router, whether internal, external or wireless. On your network, enable the wireless encryption and disable the SSID (service set identifier). Precise details for encrypting and hiding identifiers are different for every device. Refer to the manufacturer's guidelines for specific details.

Safe online practices

With your computer environment secured, the next step is to ensure you protect your online interactions – any point at which you divulge personal details with online businesses.

1. Keep your password and user ID private; do not share them with anyone.
2. Ensure the phone number, and email in your Questrade profile are up to date for 2-step verification purposes, and consider setting up a mobile authenticator.
3. Change your password regularly: at least once every 180 days (6 months). Your password should be at least 16 characters long and a mix of uppercase and lowercase letters, numbers, and symbols, such as a question mark or ampersand.
4. Do not store your financial information (such as account numbers and login information) with personal finance sites like Quicken.com. If you do share your Questrade login information, your security may be at a greater risk.
5. For any activity that requires you to enter personal information, use your own computer or a machine you can verify on a private password-protected connection. The security level on public computers, whether at a library, an Internet café, or a hotel lobby, cannot be accurately tested or verified as virus and spyware free. If you need to log on to your account using a computer that is not your own, be sure to empty your cache and browser history after you log off.
6. Access your account ONLY from a secure web page using encryption. A secure website address starts with https rather than http. Also look for the closed padlock icon beside the address bar. It appears when the site is verifiably authentic and represents an SSL (Secure Sockets Layer) certificate. Important note: there have been instances of fraudulent use of the SSL icon within the body of an email. See phishing for more information.
7. Always log off and close your browser after every online session and shut down your computer when not in use.
8. Empty your cache or browser history. This is particularly important if you are not on your own machine.
9. Pharming sites can be very difficult to distinguish from authentic sites. If you are unsure as to a site's authenticity, right-click on your mouse and then scroll down to properties. Open properties and click on the certificates button. If the site does not have a certificate, it is not secure, therefore any information you enter on it is vulnerable. Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent web sites without their knowledge or consent.
10. Know who you are dealing with. Questrade will never send you an email asking you to provide personal or confidential information. If you receive a suspicious-looking email, chat or call us immediately at 1.888.783.7866

Safe offline practices

Any physical documents that contain personal information should also be safeguarded and monitored. There are numerous steps you should take.

The following are particularly important for dealings with financial institutions such as Questrade.

1. Review your statements carefully and be proactive. Make sure any transactions shown are transactions you made.
2. Always keep your mailing and email addresses current. Advise Questrade immediately if you change your contact information.
3. Use a shredder to destroy documents that contain personal information. This includes account statements, unsolicited mail addressed to you such as pre-authorized credit cards, receipts that you no longer need that include a credit or debit card number.