Security - DFSIN - SFL

Security

At Desjardins Financial Security Independent Network, SFL Wealth Management, Desjardins Financial Security Investments Inc. and SFL Investments, we understand how important it is to protect the information you exchange with us online. Security and privacy are two of our highest priorities. That's why we put such efforts into ensuring the information you send us remains confidential. All of our employees must adhere to the strict standards defined in our privacy policy, which you are encouraged to read. Please also take a few moments to read about the steps we have taken to make your online activities safer and learn what you can do to protect yourself on the internet:

• Privacy policy
  - Management and protection of personal information policy
  - How we collect, use and disclose information
  - Share your opinion and concerns with us
• For a secure website experience
• Saving personal information and how to protect yourself
• Phishing
• Telephone solicitation

For a secure website experience

Desjardins Financial Security Independent Network, SFL Wealth Management, Desjardins Financial Security Investments Inc. and SFL Investments recognize the importance of maintaining security and guarding against the piracy of the information you exchange with us over the Internet.

Security and privacy are among our highest priorities. We have devoted a great deal of effort to ensuring that our online security measures keep your information strictly confidential. All our employees must adhere to the strict confidentiality standards outlined in confidentiality statement, which we invite you to consult.

Please take a few moments to read about the steps we have taken to make your online activities safe.

Why Is This Site So Secure

Browser versions

Our sites have been optimized to support the following browsers, all of which use recognized security protocols that are aumatically activated when you log in.

Windows PC

• Microsoft Internet Explorer: Version 6.0 and +
• Firefox: Version 1.5 and +

Mac

• Safari: Version 1.3.9 and +

What is a secure section?

The secure sections of our website use the SSL protocol. When confidential information such as your name, address or password is sent over the internet, the SSL protocol is used to make sure the information stays confidential and isn't altered in any way during transmission. Because the information is encrypted, it can't be read as it travels between your browser and our site. Firewalls are another security feature we offer. Information being sent over the Internet passes through a number of safety checkpoints between your computer and our systems. This prevents unauthorized access to our systems. To benefit from the security offered by the SSL protocol, you need to use a 128-bit encryption browser, such as Internet Explorer versions 4.01 and up (for PCs) and 4.5 and up (for Macs). Please note that the Representative's virtual office (Webi) doesn't support Macs.

Cookies

Cookies are blocks of text placed in a file on your computer's hard drive when you visit a website. While a code in the cookie file enables the site to label you as a particular user, it doesn't identify you by name or address. Your privacy and security are not compromised when you accept a cookie from our website.

Saving personal information and how to protect yourself

Our website allows you to save information so you can stop when you want and pick up from where you left off. But to get the most out of this feature while protecting your privacy and security, you should follow a few simple precautions.

• Saving personal information
• Logging off
• Passwords: the first word in security
• Effective password management
• Secure page certificate
• Your browser's encryption level and security settings

Saving personal information

You shouldn't give your Desjardins Financial Security password to anyone. Only you should know what your password is, and you should change it regularly.

Your password must be from 8-10 characters long and contain at least one letter and one number.

If you forget your password, you can check the password reminder you selected when you chose your Desjardins Financial Security password. For additional security, access to the password reminder is hidden behind one piece of personal information. If, after getting the reminder, you still can't remember your password, please contact us. We'll reset your personal file so you can enter a new password.

After five failed attempts to log on with an incorrect password, the system will automatically block access to your Personal File. To unblock it, please contact us.We'll reset your personal file so you can enter a new password.

Logging off

After you've finished your session, you should log off so no one can access your file. If you're going to be away from your computer, especially if you don't expect to time out, you should log off by closing your browser window.

If you forget to log off, the system will automatically log you out after a certain time has elapsed with no activity.

Passwords: the first word in security

Your password isn't something to be taken lightly. As harmless as it may seem, a weak password can easily be guessed by an impostor. By following a few simple rules, you can create passwords that will ensure your online privacy and security.

- Always include at least one letter and one number. Including special characters (e.g. @, ?, &, etc.) makes it even more secure.

- Avoid re-using recent passwords. 

- Don't choose obvious passwords, and avoid creating a password based on:

• names
• nicknames
• children's names
• birthdays, anniversaries
• family information
• telephone numbers
• possessions
• interests
• dictionary words
• dictionary words spelled backwards
• street and city names
• names of sport teams and local attractions
• license plate numbers

High-tech impostors can get a substantial amount of information from dictionaries, mailing lists and social networking web sites and use it to guess your password.

To choose a strong password, try:

• Spelling phonetically ("cat" becomes "kat")
• Substituting letters for numbers or special characters and alternating upper case and lower case letters (e.g., "mypiano" becomes "M4P1@n0")
• Using acronyms, including ones you make up (e.g., "Good things come to those who wait" becomes "GTCTTWW")
• Using common words changed by moving one letter over or shifting rows on the keyboard (e.g.: "claude" becomes "clbuee" by moving the 3rd and 5th letters one to the right; "qwerty" becomes "qsefth" by selecting the 2nd, 4th and 6th letters from the lower row on the keyboard)

Effective password management

• Use a new password every time you register for a new service
• Don't share your password with anyone
• Don't store passwords on your computer
• Change your password regularly
• If you write your password down, keep it in a safe place

Secure page certificate

During sessions in our site's secure sections, you can verify that you are actually dealing with Desjardins Financial Security (and not with an unsolicited third party) by checking the secure page certificate:

Microsoft Internet Explorer (PC users) :

• Select Properties from the File menu and click on the Certificates button

If you're using a Mac or a browser other than Internet Explorer, check your browser's help menu for how to display a secure page certificate.

Your browser's encryption level and security settings

Your browser security settings are another line of defence. Browsers allow you to receive alerts or notifications if:

• The site you're about to visit has an invalid security certificate
• You're about to send information over an open or unsecured connection

Browser security signals

There are two ways for your browser to show you that a web page uses security measures for data transfer:

• The URL identifying the page will always begin with "https://" instead of the regular "http://"
• A security symbol will indicate that the website is operating in a mode that supports secure transmissions – a closed lock icon will appear in the bottom right-hand corner of your Microsoft Internet Explorer browser screen (PC users)

To check your browser's encryption level:

• Microsoft Internet Explorer 4.01 and higher:
  - Select About Internet Explorer from the ? menu to display the cipher strength that your browser supports (PC users)
  ​- Select Internet Explorer Help from the Help menu and then Security to display the cipher strength offered by your browser or consult the information displayed in the status bar in the lower left-hand corner (Mac* users)

*Macs are not supported by the Representatives' virtual office (Webi).

Phishing

Phishing is a ploy that scam artists use when they send mass emails or text messages that look like they’re from a financial institution or legitimate company.

The emails and text messages are used by ill-intentioned people to steal your personal information or install malicious software on your computer, prompting you to click links or open attachments.

This kind of attack can cause serious damage: you could lose your data and the thieves could steal your personal information to commit further fraud.

Protect yourself by being vigilant and recognizing phishing attempts. A phishing email can take many forms but one common feature is that it’s always unsolicited.

1 simple thing you can do to avoid getting scammed

Before clicking anything, check the information:

1. Were you expecting the email or text message?
2. Pay attention to the type of situation that would try to incite a reaction from you:
   ​Urgency: The goal is to try to get you to do something quickly, without thinking about it first by stressing some kind of urgency.
   Profit: The goal is to get you to believe you received some unsolicited benefit or financial gain. Scam artists use profit to try to get you to reveal personal information.
   ​Problem: The goal is to alert you to a problem in your account, prompting you to reveal personal information in order to solve the issue.
3. Check that the sender’s email address is familiar and legitimate, particularly the part after the @. Is it a personal or company address?
4. Move your cursor over the link (but don’t click) to check that the address is legitimate and belongs to the company that sent it (watch for similar addresses).
5. Assess the email’s relevance and plausibility. Be aware! Ask yourself if you’ve really entered that contest. Are you expecting a parcel? Is the procedure normal? Is it too good to be true?
6. Never provide confidential information that can be used to authenticate your identity by email (e.g., social insurance number, credit card number, birthdate, password, etc.).
7. Curb your curiosity and be wary of recognized logos and visual identities that are easily copied and can look like a real email or website.

Be aware

For information on phishing and how to protect yourself, visit www.desjardins.com/phishing

Received or replied to a fraudulent email?

Pease report it to 1 866 335-0338 or email phishing@desjardins.com

Telephone solicitation

​On September 30, 2008, the Canadian Radio-television and Telecommunications Commission (CRTC) established the National Do Not Call List (National DNCL). Canadian consumers who want to receive fewer telemarketing calls can add their names to this list.

American citizens: please note that we do not conduct any telephone solicitation activities in the United States.

We've put everything in place to meet the CRTC's requirements. We also keep our own internal do not call list to respect our clients' choice not to receive calls, as we always have.

Here are a few answers to frequently asked questions about:

• the National Do Not Call List
• Desjardins Financial Security's internal do not call list