Security Policy

Last updated on:  August 25, 2016

Beacon FSA Inc. as Financial Services Agent to Beacon Trust and a member of the Beacon Trust Group, appreciates your interest in the use of the beacontrust.ca website.

Please read this policy carefully.  It describes how Beacon FSA Inc. (“BFSA”) and https://beacontrust.ca (the “Website”) safeguards your personal data. It also provides you with suggestions and requirements regarding the use of the Beacon Trust login to the secure site.

When we refer to “BFSA”, “we”, “our” or “us”, it encompasses all affiliates within the Beacon Trust Group (the “Group“).  If we make reference to sharing information within the Group, it means disclosure by one member of the group to some or all of the others.  Please see the BFSA Privacy Notice for specific definitions of Beacon FSA affiliates.

Security of your personal information

  • Your personal information is kept in secure data centres in Canada that use up-to-date security techniques and processes.  Physical access is controlled.  We guard against external threats through the use of up-to-date technologies such as firewalls, anti-virus, spam and similar technologies. We have our network proactively monitored for capacity, unauthorized penetration and similar threats on a periodic basis.
  • Transactional data is backed-up constantly throughout the day.

Management of sessions

  • The access to Beacon Trust reports is protected by a unique username and password. You should safeguard your password and not make it available to other people or leave it in a place where it can be a retrieved or compromised.
  • We use SSL to encrypt your entire session on the beaconstrust.ca website including the public pages.
  • If your session becomes inactive for more than 10 minutes, we will terminate your session and you will be required to sign in and again to continue your session.
  • Never leave your computer unattended when you are logged in.
  • Always log out by clicking on the “Log out” button.  Close your web browser and the clear the cache.  This is particularity important if you are using a public computer.

Third Party Network Administrator

Through a Third Party Network Administrator, the security of our website goes through the following steps to ensure the security of our website and your personal information.

  • Before entering the Third Party Network, all traffic is filtered through 3 “blacklists”.  Specifically, the SpamHaus DROP list (https://www.spamhaus.org/drop/), the OpenBL base list (https://www.openbl.org/lists/base.txt), and the DShield Recommended Drop list.  These lists are gathered by these 3 organizations on a live basis from all over the world.  The lists consist of internet hosts (IP’s) that have been found to generate malicious connections.  This usually comes from hack attempts or other malicious traffic.  The Third Party Network Administrator updates these lists every evening.
  • The Third Party Network Administrator has their own configuration.  They have allocated some “trap” IP addresses that are not currently in use on their network.  If there are any attempted connections to these IP’s, the originator is added to a list and filtered out before entering our network.  Potential culprits are removed from this filter after 14 days.
  • Only specific traffic is allowed to their hosting platform (ie. web, email, etc.).  Any extraneous traffic could be malicious, and is immediately filtered.
  • Their cPanel-based hosting platform is automatically updated on a regular basis.  Both the Operating System and the cPanel components are updated with the latest security and critical fixes on a nightly basis.  This ensures that the platform has the smallest possible hacking footprint.
  • They also use a prevention mechanism to counteract a brute force attack that locks out any IP address that is attempting to log into the site multiple times within a short period of time with incorrect credentials.
  • In addition to the prevention mechanism, they run a third-party application that provides an extra layer within cPanel that catches additional login attempts that prevention mechanism does not.  It also monitors application usage on the server and alerts on anything out of the ordinary/outside the baseline.  These are then investigated as required.
  • They do site-level backups twice per week.  These are kept for a month.  In the event data is lost or otherwise inaccessible, they are able to restore sites on an as-needed basis.
  • Finally, they replicate the entire hosting platform to another server within their datacenter.  In the event of hardware failure, we are able to fail over to a second server in relatively short order.

Browsers

  • The beacontrust.ca website is compatible with all leading browsers, including Internet Explorer, Firefox, Safari and Chrome.  We will monitor market developments and will ensure that this remains the case, within a reasonable time of new developments.
  • Your browser will need 128 bit encryption to be able to access the beacontrust.ca website.

Spoofing and phishing

  • BFSA will never contact you by email to ask for username and password information.  Do not respond to any such emails.
  • If you are suspicious of the URL or the site does not resemble the beacontrust.ca website, log off immediately and report the incident to info@BeaconFSA.com

Cookies

  • The Website uses session cookies to manage your interactive session. A cookie is an identification tag that our server gives to your Web browser when you enter the beacontrust.ca website. We use that identification tag to maintain the state of your transaction as you move from one page to another.

Account review

Please select a password for your account that is unique, a combination of letters, numbers and symbols, and isn’t predictable or easy to guess.

If you notice unauthorized use of your password to the beacontrust.ca website, please contact info@BeaconFSA.com immediately to investigate.