The protection of your information is our top priority. Here is an outline of the measures we take to make sure data you store in ePACT remains secure.
Secure Storage in Canada
ePACT is hosted and backed up in highly secure data centres in Canada only (no data is ever hosted internationally). ePACT also makes every effort to host users’ information outside their direct home area/ province in order to support information availability during a natural disaster that may impact their home town.
Secure Socket Layer (SSL) Encryption
When you log in to ePACT using your user ID and password, our web servers connect via a secure socket layer (SSL) connection. That means that information you send is conveyed privately, preventing other computers from seeing anything you enter in the ePACT system.
SSL provides 128-bit encrypted security so that personal information sent over the Internet remains confidential.
To protect our users, accounts on ePACT are private – they can only be accessed using a unique user ID and password. Users are required to create their own password, which should be kept strictly confidential. As an added security measure, ePACT requires all passwords to be at least 8 characters in length, and contain at least one number (0-9) or one special character (e.g. @,#,$,!).
We also use a dedicated managed firewall to block unauthorized access by individuals or networks to our information servers.
Computer Anti-Virus Protection
We are continuously updating our anti-virus protection. This ensures we maintain the latest in anti-virus software to detect and prevent viruses from entering our computer network systems.
We actively monitor ePACT to enhance your security and to protect your information. To ensure the greatest security, ePACT may suspend a user’s ID and password temporarily if we suspect unauthorized use of your account. This is a security measure to protect family accounts from hacking attempts (e.g. multiple attempts at logging into an account with an incorrect User ID or password), or prevention of the use of web crawlers or screen scrapers.
In the event that ePACT suspects there is a security issue, your account will be temporarily suspended and you will immediately be notified by email. If there is no issue (e.g. you forgot your password and attempted to login repeatedly, locking your account), our team will re-establish your access. If there is a problem (e.g. an unauthorized person accessed your password), ePACT will support you in creating a new, more secure password (e.g. your previous password was easy to guess) or close your account.
Help protect your information
Make sure to do your part to help protect your ePACT information, including:
- Carefully select your password and never share it with anyone;
- Use up-to-date anti-virus/anti-spyware and firewall software for your personal computer at home or at work, this includes updating operating system security updates (e.g. Microsoft Windows or MacOS X);
- Ensure that your information and your selections of the individuals with whom you want to share information is correct and up to date;
- Alert us immediately if you suspect someone has guessed your password, accessed your account without authority, or you have received an email from a company claiming to be ePACT and asking you to send them your ID and password.
Because you can access your ePACT account anytime, anywhere through the Internet, be careful when travelling or using a public terminal. Here are some tips when accessing ePACT on a public computer:
- Always use a trusted computer whenever possible (e.g. ask your library, internet cafe, or friend/family whether the computer has up to date security software and if a firewall is used);
- Never leave the computer unattended or stay logged into ePACT if you are away from the computer;
- Always ensure you log out once you are finished using your ePACT account, and close the browser window. Also consider clearing the browser’s cache.
To protect your information even further, ePACT will close your session after a period of 30 minutes of inactivity. This will ensure no one can access your account if you choose to leave your computer. You can simply log back in once you return to your terminal. Always ensure you log off your ePACT account anytime you finish using the system.
Phishing & Email Fraud
Phishing is a type of email fraud where an individual or organization contacts users of a system (e.g. online banking, credit card users) and attempts to get personal information, such as account numbers, user names and passwords from the user. Generally, those conducting email fraud present themselves as the owner of the system, as another legitimate business (e.g. credit bureau, security support agency) or government organization that ‘requires’ access to your information for a specific reason. ePACT will never ask for your password. Please report any instance of an individual or organization asking you to provide them with access to your ePACT account or information at anytime.