Security
Your Account
Families own their ePACT account. We will never share your information with an organization or individual without your consent, nor will we ever sell or use your data for marketing or promotional purposes.
Your Connections
You control who you connect and share your information with. No organization or individual can link to your account without your authorization, and you can disconnect your link at anytime.
Fully Encrypted
ePACT uses the highest level of encryption so your data is always protected. We conduct security audits and continually update our software and security measures to address any new potential threats.
Secure & Redundant
Data is stored, hosted and backed up in secure Microsoft Azure facilities across the US and Canada.
Here are some of the many ways that we protect your ePACT account and information. Please also visit the Privacy page for our policy and practices in maintaining the privacy of your information.
- Encryption
- Authentication
- Firewalls
- Computer Anti-Virus Protection
- Monitoring
- Help protect your information
- Session timeout
- Phishing & email fraud
Encryption
When you log in to ePACT using your user ID and password, our web servers connect via an HTTPS (TLS) connection. That means that information you send is conveyed privately, preventing other computers from seeing anything you enter in the ePACT system. TLS provides up to 256-bit encrypted security so that personal information sent over the Internet remains confidential.
Authentication
To protect our users, accounts on ePACT are private – they can only be accessed using a unique user ID and password. Users are required to create their own password, which should be kept strictly confidential. As an added security measure, ePACT requires all passwords to be at least 10 characters in length, and contain at least one number (0-9) or one special character (e.g. @,#,$,!).
Firewalls
We utilize a combination of Azure security offerings to employ “defense-in-depth” network security.
Computer Anti-Virus Protection
We are continuously updating our anti-virus protection. This ensures we maintain the latest in anti-virus software to detect and prevent viruses from entering our computer network systems.
Monitoring
We actively monitor ePACT to enhance your security and to protect your information. To ensure the greatest security, ePACT may suspend a user’s ID and password temporarily if we suspect unauthorized use of your account. This is a security measure to protect family accounts from hacking attempts (e.g. multiple attempts at logging into an account with an incorrect User ID or password), or prevention of the use of web crawlers or screen scrapers.
In the event that ePACT suspects there is a security issue, your account will be temporarily suspended and you will immediately be notified by email. If there is no issue (e.g. you forgot your password and attempted to login repeatedly, locking your account), our team will re-establish your access. If there is a problem (e.g. an unauthorized person accessed your password), ePACT will support you in creating a new, more secure password (e.g. your previous password was easy to guess) or close your account.
Help protect your information
Make sure to do your part to help protect your ePACT information, including:
- Carefully select your password and never share it with anyone;
- Use up-to-date anti-virus/anti-spyware and firewall software for your personal computer at home or at work, this includes updating operating system security updates (e.g. Microsoft Windows or MacOS X);
- Ensure that your information and your selections of the individuals with whom you want to share information is correct and up to date;
- Alert us immediately if you suspect someone has guessed your password, accessed your account without authority, or you have received an email from a company claiming to be ePACT and asking you to send them your ID and password.
Because you can access your ePACT account anytime, anywhere through the Internet, be careful when travelling or using a public terminal. Here are some tips when accessing ePACT on a public computer:
- Always use a trusted computer whenever possible (e.g. ask your library, internet cafe, or friend/family whether the computer has up to date security software and if a firewall is used);
- Never leave the computer unattended or stay logged into ePACT if you are away from the computer;
- Always ensure you log out once you are finished using your ePACT account, and close the browser window. Also consider clearing the browser’s cache.
Session timeout
To protect your information even further, ePACT will close your session after a period of 30 minutes of inactivity. This will ensure no one can access your account if you choose to leave your computer. You can simply log back in once you return to your terminal. Always ensure you log off your ePACT account anytime you finish using the system.
Phishing & email fraud
Phishing is a type of email fraud where an individual or organization contacts users of a system (e.g. online banking, credit card users) and attempts to get personal information, such as account numbers, user names and passwords from the user. Generally, those conducting email fraud present themselves as the owner of the system, as another legitimate business (e.g. credit bureau, security support agency) or government organization that ‘requires’ access to your information for a specific reason. ePACT will never ask for your password. Please report any instance of an individual or organization asking you to provide them with access to your ePACT account or information at anytime.