- Data breaches are an everyday reality in today’s online world
- Having a strong password isn’t enough
- Multiple layers of authentication can keep your information more secure
Once upon a time, all you needed to do to keep your online information secure was to set a strong password and avoid clicking links from suspicious-looking emails. Stories about data breaches cropped up from time to time, but not every week. The likelihood of your personal and financial account information being compromised or, worse, you becoming a victim of identity theft seemed remote—something that might happen to other people, but not you.
Times have changed. Securing your personal data is more important than ever—especially as the number of data breaches that have occurred during 2019 continues to rise:
- Since the beginning of this year, over 100 major data security incidents have been reported in North America, including two in Canada: Desjardins Group credit union, where personal information was compromised for 2.7 million individuals and 173,000 businesses, and Freedom Mobile, where a data breach exposed the personal records of 1.5 million customers. Recently, DoorDash revealed that 4.9 million users in Canada and the United States had their data stolen during a breach in May.
- From 2013 to today, the number of data records lost or stolen worldwide totals 14,717,618,286—that’s over 6 million lost or stolen every day. And these numbers are rising: the total number of data records breached in the first half of 2018 was 3,353,172,708—a 72% increase over the same period in 2017.
- One in three people who experience a data breach will become a victim of identity theft—meaning someone will use that person’s personal information to take over their account or to open new accounts in that person’s name
With these numbers, it can be hard to feel comfortable about the security of your online information. But there’s good news. Steps are being taken to deal with data protection at a governmental level. For example, in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs how companies collect, use, and disclose their customers’ personal information for business. And recently, the Digital Privacy Act was enacted to impose new obligations on companies to inform individuals if their personal information has been lost, stolen, or inappropriately accessed, placing them at risk of harm.
While companies are establishing policies to safeguard customer data, protection of your online information is a shared responsibility—it’s important for you to take an active role. Below are some examples of tools Questrade provides that you can set up to control access to your account and personal information, as well as tools to monitor your account activity.
Layered authentication for accessing your online information
Layered, or multi-factor authentication (MFA), is the modern approach—ensuring no one but you, or people authorized by you, can access your online accounts. MFA uses a combination of credentials:
What you know (your password)
What you have (your phone)
Who you are (your fingerprint or face)
On their own, each of these credentials is not completely effective for authenticating users. But when combined, they can be very secure.
There was a time when setting up a strong password ensured no one could access your online account. But now, in an era where one person could have over 100 different logins, using the same password for every login carries enormous risk. User-created passwords are still a standard login credential, so it’s important to follow these best practices when you create one:
- Make your password complex—“easy to remember, hard to guess.” The current recommendations are at least 16 characters long and a mix of uppercase and lowercase letters, numbers, and symbols.
- Do not reuse passwords. Create a different complex password for each of the online sites you access
- Change each of your passwords at least once every 180 days (6 months).
Maintaining your passwords may seem like a tall order. However, user-created passwords are the most easily accessed by a hacker and therefore most vulnerable to a data breach. So it’s worth taking some extra time to make your passwords as bullet-proof as possible. A password manager app for storing and managing your passwords can help with this, but do your research to make sure the app itself is fully secure.
2-step verification (2SV)
2SV is an extra layer of security you can set up to use, along with your other credentials, when you log in to your account. With 2SV, a time-sensitive verification code is sent to you, usually as SMS text to your mobile phone. You enter this code, along with your user ID and password, to access your account. Learn how easy it is to set up 2SV for your Questrade account.
If you have 2SV enabled and there’s an unauthorized attempt to log in to your account, 2SV will block the attempt. You’ll receive a message with the verification code, your first clue that there may have been an attempted security breach of your account. This is helpful, because the sooner you’re alerted to suspicious activity with your account, the sooner you can contact Questrade to investigate the incident.
Biometric ID (fingerprint, touch, or face ID)
This is an added layer to safeguard your information—a unique characteristic such as your fingerprint, eye patterns, or facial features you use to identify yourself when you log in to a computer or secured site. If you have biometric ID set up on your mobile device, you can also set this up on the Questrade app so you can log in to your account using your fingerprint or other biometric data. Learn how to set this up.
When it comes to security breaches, time is of the essence to report a possible breach. So it’s important to regularly review your account activity, monthly statements, and trade confirmations. Familiarize yourself with this information so that you can pick up quickly on any unusual transactions or amounts.
Automated alerts are a great way to stay on top of your account. At Questrade, you receive email alerts to let you know when your account has been logged into from a different device, location, or browser. Learn more about last login alerts.
If you have a Questrade trading account, you can set up trade confirmation alerts, so that you can view all orders that are initiated from your account. Learn more.
If you do suspect there has been unauthorized activity in your account, change your password immediately and contact Questrade. Learn more about reporting a suspicious activity or breach. It’s also a good idea to review our Online Security Guarantee which explains our policy, processes, and shared responsibilities if an unauthorized transaction were to occur.
Online security may be the last thing you want to think about, but data breaches do happen and they can affect many. Recognize that reality, and then take the steps you need to protect and monitor your personal and financial data.
Note: we initially released this blog in March for Fraud Prevention Month and have since updated it for re-release to coincide with Cyber Security Awareness Month this month.
If you enjoyed this post, please consider sharing it on Facebook or Twitter!
The information in this blog is for information purposes only and should not be used or construed as financial or investment advice by any individual. Information obtained from third parties is believed to be reliable, but no representations or warranty, expressed or implied is made by Questrade, Inc., its affiliates or any other person to its accuracy.