Adopt best practices online
Do not share your password or username with anyone. And, don’t store your financial information (such as investment account numbers and login information) with personal finance sites like Quicken.com. If you do share your Questrade login information, your security may be at a greater risk. Keep your personal identification questions and responses private and secure.
Change your password and your personal identification question and response, at minimum, every 30 - 60 days.
Avoid accessing your account in public locations, such as Internet cafes or libraries.
Never input personal information on an online form or application that does not display "https://" before the website address or have a “padlock” symbol in the lower right hand corner of the webpage. Commonly, these security symbols indicate that the site is secured by encryption technology and the information you enter is protected.
Always log off and close your browser after every online banking session and shut down your computer when not in use.
Protecting your computer
A new computer is pre-configured with factory settings. Running your computer with these defaults leaves you open to security breaches. Note: with all security measures, whether software or your operating system, the manufacturer will issue regular notices of updates or patches. Register with each manufacturer to ensure you receive the notices, and install new versions promptly.
Here are some ways to help safeguard your personal information and keep your computer safe
- Anti-virus software
Your computer can become infected with a virus in various ways, such as email attachments, content download from a website, or through infected media (DVDs, USB drives, etc.). Anti-virus software helps prevent your computer from becoming infected and your files from being corrupted or lost. It also can detect existing viruses and clean your computer so that they do not spread.
- Always use up-to-date anti-virus software that is capable of scanning files and email messages. Most anti-virus programs include an auto-update feature that enables the program to download profiles/signatures of new viruses so that it can check for them as soon as they are discovered.
- Register your new anti-virus software immediately, and sign up for automatic notification of product updates to ensure your computer is protected.
Malicious software attacks are increasing at a staggering rate. Malware generally refers to any program that intentionally harms your computer and is typically installed without your consent. Malware can access your computer if you do something as harmless as clicking on an ad, going to a website, or even unknowingly downloading a document. In some cases, malware actually poses as anti-malware software. Your best defence is to keep your browser, operating system, and applications up to date, and to consistently run updated anti-malware software.
Spyware is a particularly nasty type of malware, and is designed to essentially “spy” on you by tracking and collecting your personal information. The information collected often includes your user IDs, passwords, name, and address.
A firewall filters the information coming through the Internet connection into your computer, permitting communication only with sources you know and trust. It helps prevent unauthorized access, protecting your home network and family from potential hackers. If you do not have a firewall installed, any personal information stored on your computer or distributed using the web may be accessed by an attacker for as long as your computer is connected to the Internet.
Many computers have firewalls built into their operating systems. Ensure you turn off any default firewall before installing a new one. Also, do not run two firewalls simultaneously.
Most modems or routers installed by your ISP have firewall capabilities. Where possible, you should use them. For more details, contact your Internet service provider.
Restrict traffic that travels through your firewall by only granting access to those programs and/or traffic that you are familiar with.
If you do not share files or documents with other computers on your network, disable the file sharing feature. Doing so will prevent others from being able to download or view your files or documents.
Many browsers include filters that can block phishing sites. The newest editions of Microsoft's Internet Explorer, Mozilla's Firefox, and Google’s Chrome all include this feature. Filters are an important tool, especially when used in conjunction with other anti-piracy tools.
Sign up for automatic notification and any security software updates, if available, and download them as soon as you can.
Always use a web browser that supports 128-bit encryption when accessing secure websites. This ensures that your data is transmitted confidentially over the Internet.
Wireless routers are very convenient. They can also leave your computer vulnerable to malicious hacking. Ensure you change the default password for your router, whether internal, external or wireless. On your network, enable the wireless encryption and disable the SSID (service set identifier). Precise details for encrypting and hiding identifiers are different for every device. Refer to the manufacturer's guidelines for specific details.
Safe online practices
With your computer environment secured, the next step is to ensure you protect your online interactions – any point at which you divulge personal details with online businesses.
- For any activity that requires you to input personal information, use your own computer or a machine you can verify. The security level on public computers, whether at a library, an Internet café, or a hotel lobby, cannot be accurately tested or verified as virus and spyware free.
- Access your brokerage account ONLY from a secure web page using encryption. A secure website address starts with https rather than http. Also look for the closed padlock icon beside the address bar. It appears when the site is verifiably authentic and represents an SSL (Secure Sockets Layer) certificate. Important note: there have been instances of fraudulent use of the SSL icon within the body of an email. See phishing for more information.
- Empty your cache or browser history. This is particularly important if you are not on your own machine.
- Pharming sites can be very difficult to distinguish from authentic sites. If you are unsure as to a site's authenticity, right-click on your mouse and then scroll down to properties. Open properties and click on the certificates button. If the site does not have a certificate, it is not secure, therefore any information you enter on it is vulnerable. Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent web sites without their knowledge or consent.
- Change your password frequently and assign a unique password to every online interaction. Ideally, change your password every month to 6 weeks. Your password should be a minimum of 8 characters. A strong password will be a combination of upper and lowercase, and will also include numbers and symbols, such as a question mark or ampersand.
- Know who you are dealing with. Questrade WILL NEVER send you an email asking you to provide personal / confidential information. If you receive a suspicious-looking email, report it directly to firstname.lastname@example.org. Never send account info online in response to emails (re: phishing and pharming).
Safe offline practices
Any physical documents that contain personal information should also be safeguarded and monitored. There are numerous steps you should take. The following are particularly important for dealings with financial institutions such as Questrade.
- Review your statements carefully and be proactive. Make sure any transactions shown are transactions you made.
- Always keep your mailing and email addresses current. Advise Questrade immediately if you change your contact information.
- Use a shredder to destroy documents that contain personal information. This includes account statements, unsolicited mail addressed to you such as pre-authorized credit cards, receipts that you no longer need that include a credit or debit card number.
Can I store my Questrade login information and account numbers on personal finance sites like Quicken.com?
Personal finance sites collect your financial information (such as investment account numbers and login information) from different places and display it in one location for easier viewing.
Do not store your financial information on these types of sites. We are not affiliated with these services so your security may be at a greater risk.
Log in to Questrade to view and track your investments safely.
How to report an information security incident
Keeping your information secure is a joint effort. We have policies and procedures in place to ensure our technology is safe and secure.
You also have a responsibility to maintain secure online practices. For example, if you access your trading account from a public wifi or public computer, you may unknowingly invite intruders to see your information. If your computer has been compromised or you have been a victim of phishing, intruders may also have access to your information.
If you are concerned that your personal information has been accessed without your permission, email us immediately at email@example.com or call 1.888.783.7866.
When you contact us, have the following information handy:
- Your name
- Account number
- The answers to your account security questions
- The date of the incident
- The details about your personal information being shared without your permission
We’ll investigate and report back to you.