Security at The Co-operators

The Co-operators is committed to protecting your personal information. We take the security and confidentiality of your information very seriously. We use the latest security technology to keep your information secure and confidential. Your security is our priority. Discover how we protect you from fraud, and how you can protect yourself.

1.0 How we protect your information

Use of cookies, web analytical tools, and similar technologies - The Co-operators group of companies use cookies (small text files placed on your device) and similar technologies to provide our websites and online services and help collect data. Cookies allow us, among other things, to store your preferences and settings; enable you to sign in; provide interest-based advertising; combat fraud; and analyze how our websites and online services are performing. We also use web beacons to help deliver cookies and gather usage and performance data. Our websites may include web beacons and cookies from third-party service providers.

Web analytics provide non-personally identifiable statistical information about how visitors interact with our website and applications. The Co-operators uses a variety of web analytics tools on websites and applications. We also use Google reCaptcha v3 in order to secure our website and to help prevent fraud.

The Co-operators has enabled Google Analytics (which includes the following features: Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting). We may use information collected through Google Analytics in conjunction with other data we have collected about you.

You have a variety of tools to control cookies, web beacons, web analytics tools and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons. Your browser and other choices may impact your experiences with our products. To opt out of Google Analytics for Display Advertising and customize Google Display Network ads, please use the Ads Settings. To view the currently available, opt-outs for the web, please visit Google Analytics Opt-out Browser Add-on. For more information, read Google’s Privacy Policy.

You can also opt out of a third-party vendor's use of cookies.

1.1 Data encryption and message integrity

Your communications and transactions are secure and confidential when you successfully sign into our secure websites with an email access and passphrase. The Co-operators uses firewalls, website encryption and cookies to prevent unauthorized access to our internal systems. Our Internet firewalls are designed to securely separate the Internet from our internal computer systems and databases. There are a series of safety checkpoints on the way to our internal systems so that only authorized messages and transactions can enter our computer systems. We use Transport Layer Security (TLS) to communicate securely with websites by encrypting the information as it passes across the Internet, ensuring client’s information is kept confidential.

1.2 Authentication of your identity

We have safeguards in place to protect the security, privacy, and integrity of your information. We carry out around-the-clock monitoring to maintain the quality of our systems and proactively help identify unusual account activity, protecting your personal information and identity. We will only grant access to your account after you enter the proper email ID and passphrase. When you successfully sign into our secure website, a secure connection will be established using Transport Layer Security (TLS), which helps keep your information safe.

1.3 Passphrase protection

To access The Co-operators secure website, you will need proof of your identity in the form of your email ID and passphrase. You will only be granted access if the information entered is correct. To better protect yourself, only you should know your passphrase.

1.4 Session timeout

To further protect your information, your online session will end after a period of inactivity. If you want to continue accessing your account(s), you will have to sign in again. You should always sign out when you are done and, if using a computer that is not your own, you should clear your browser's cache and close the browser window.

1.5 When you communicate with us

We advocate secure and safe communication practices when interacting with our client. Whether you communicate with us through telephone, email or online, here is what you can expect:

The Co-operators may:

  • contact you, explain the purpose, and ask for your consent if we require your personal information for any other reason.
  • confirm your identity by asking a set of questions with responses that you previously supplied to us.
  • require additional information or verification before accepting a transaction, to ensure it is really you that is making the request.
  • ask you to pay an amount you owe through any of The Co-operators payment options.
  • keep your personal information only if needed to satisfy the purposes for which it was collected or as required or allowed by law.

The Co-operators will never:

  • demand immediate payment by Interac e-transfer, bitcoin, prepaid credit cards or gift cards.
  • use aggressive language or threaten you with arrest or sending the police.
  • leave voicemails that are threatening or give personal or financial information.
  • require that you provide personal, financial, or confidential information in email communications. This applies whether you contact us, or we contact you.

You can read an outline of purposes for which we may collect, use, or disclose your personal information.

The Co-operators reserves the right to restrict or cancel access to our site without providing notice. We will do this when we have reason to believe your data may be at risk.

2.0 Protect your information

We take strong measures to protect the security and privacy of your information. But there are several things you can do that as well will help protect your private information when you are using the Internet.

2.0.1 Protect your identity

Identity theft, or the theft of personal information, can be the starting point to a range of crimes. Often a cybercriminal only needs a small amount of information to start building their new identity and committing fraud.

Here is what you can do to reduce your chance of being affected by identity theft:

  • Don’t provide your personal information unless you need to.
  • Don't respond to unsolicited requests for personal or account information.
  • Don't include your social insurance number or driver's licence number on sensitive documents, unless you understand the purpose and consent to it.
  • Monitor your online financial accounts for any suspicious transactions.
  • Shred any documents that contain your personal information before throwing them away.
  • Always lock your smartphone.
  • Have a strong and unique passphrase for all your accounts and devices.

2.0.2 Protect your passphrase

Using a strong passphrase (a longer more complex password) helps you to protect your identity. Always keep your passphrases confidential to prevent unauthorized use. Passphrases best practices include:

  • Change your passphrase regularly.
  • Choose unique passphrases that you can remember so that you do not have to write them down, but ones that are difficult for others to guess.
  • Do not use personal or identifying information as your passphrase, for example, date of birth, name, or social insurance number / social security number.
  • Use a strong passphrase that has at least eight characters with a combination of uppercase and lowercase letters, numbers, and special characters (for example, 1L@VEsummerTim3!).
  • Do not share your passphrase with anyone.
  • Do not use the same passphrase twice.
  • Do not save passphrases on your computer, on the Internet or on any software.

2.0.3 Protect your computer and mobile devices

We take strong measures to protect the security and privacy of your information. But there are several things you can do to help protect your personal information when you are using the Internet.

  • Install anti-virus software and a personal firewall. Be sure to schedule periodic system scans to run automatically.
  • Keep all your software up to date, including your operating system, browser, etc. Regardless of what operating system you use (Windows, Mac, etc.) you should keep it up to date. It is helpful to configure your operating system to automatically install new updates as they are issued by the manufacturer. To learn more, visit your manufacturer’s support site: for example, Microsoft support or Apple support.
  • Download and install software or mobile applications only from reputable websites or providers. Avoid installing software received as email attachments from unknown sources.
  • Secure your home wireless network and any connected devices by changing the default administration ID and passphrase (using a strong passphrase!) Change your wireless network name and, most important, enable WPA2 encryption.
  • Use a spam filter, such as the filter offered by your email provider.
  • Never respond to spam emails, as this only confirms that your email address is valid.
  • Do not open links in emails from unknown or unverified sources, as you could download malware. Enter the link web address into your browser instead.
  • Be careful about using public Wi-Fi networks where you could potentially expose sensitive information. Be aware of your surroundings when using a computer or mobile device in a public place.

2.0.4 Data encryption

For your security, we recommend that you use the latest browser version with all the applicable security patches installed.

2.0.5 Anti-virus software

Stay secure by using a legally licensed operating system and browser. Keep them current by downloading the latest software and security updates. Anti-virus and anti-spyware software are designed to seek out viruses and malicious programs running on your computer and remove them. Always use the most up-to-date versions.

2.0.6 Personal firewall

When your computer is connected to the Internet, it is vulnerable to attack. Although this is a problem for all types of Internet connections, DSL and cable modem connections are more vulnerable because they offer an "always-on" capability. You can help protect your computer from attack by using a personal firewall. Personal firewalls can be software, hardware, or both, and create a barrier to attacks.

2.0.7 Download mobile application from authorized providers

You should only download mobile applications only from an authorized provider. The Co-operators applications are available only from authorized providers, such as Google Play Store, or Apple’s App Store. Don’t trust software obtained from other sources.

2.0.8 Contact us

The Co-operators is a group of Canadian companies focusing on insurance and a range of wealth management products and investment services. The Co-operators group of companies includes:

  • Co-operators General Insurance Company
  • Co-operators Life Insurance Company
  • COSECO Insurance Company
  • CUMIS General Insurance Company
  • CUMIS Life Insurance Company
  • Federated Agencies Limited
  • HB Group Insurance Management Ltd.

Contact your Co-operators representative directly, or you may contact our security and compliance departments. Include the name of the company you deal with in your correspondence:

The Co-operators Enterprise Information Security Department
informationsecurity@cooperators.ca

The Co-operators Enterprise Compliance Department
privacy@cooperators.ca

3.0 Fraud

Fraud comes in many different forms. Some of the most common ways fraudsters try to get access to your personal information is through suspicious emails, texts, or online activity. This page outlines the major types of online, email and text fraud and how you can protect yourself from it.

Phishing is a type of fraud where fraudsters try to gain access to your banking information through fake emails and texts. These emails or texts claim to be from The Co-operators and will often ask you to share your passphrase or any other personal information that they could use to steal your identity or gain access to your information. Phishing attacks are common, and learning the red flags are important to protect your financial information.

If you suspect a phishing email, there are seven things to look for:

  1. Do you recognize the sender's company or email address?
  2. Did you expect the email?  Does the request seem strange?
  3. Are you named in the salutation?  This may not always prove that the email is legitimate, because your name may be in your email address.
  4. Are there any grammar or spelling errors?
  5. Are the writing style, tone, and words different from the usual emails you receive from the same sender?
  6. Are there any suspicious links or attachments? Check the link in the email by hovering over it with your mouse pointer; the target address will appear. Before you click, make sure you recognize the link.
  7. Does the sender include their signature name or contact information? Most legitimate companies will include name, department, or contact information in their signatures.  Also be cautious with links in message signatures.

If you think you may have been a victim of fraud (email fraud, text message fraud, identity fraud, phishing, spyware), send an email to our security team.

3.1 Online fraud alerts

How can you identify online fraud?

Read emails and texts carefully - When you read phishing emails closely, you can usually spot the scam before falling victim to it. Read your emails carefully and watch out for these red flags:

  • impersonal or generic greetings
  • spelling mistakes
  • grammatical errors

Check the links in emails by hovering before you open them - When you receive an email with a hyperlink, avoid opening the link right away. Instead, hover over the link text to see the actual address that the linked text points to. That way, you can see if the link leads to the site indicated.

On an Android or Apple mobile device, check links by holding your finger or stylus on the link text. When the link appears in a bubble shape, then lift your finger or stylus off the link. You’ll see a menu with prompts such as:

  • A display of the full link address
  • Open or Open in Browsers
  • Add to Reading List
  • Copy, Copy Link Address, or Copy URL
  • Share or Share Link

Do not respond to companies or people you do not know - If you receive unsolicited emails, texts or phone calls from companies or people you do not know, it’s best not to respond. Even if an email appears to come from a company you have interacted with before, be cautious if:

  • the “From” address looks suspicious
  • it comes from a person you have not emailed before
  • the email greeting is generic, like “Hello customer”

Don't open attachments or links from unknown sources - Attachments from people you do not know can contain viruses or malware that can compromise your computer and access your personal information. Don’t open a link or fill out a form within an email that asks you to:

  • verify your account
  • reset your passphrase
  • provide confidential information

Don't feel pressured to reply to an urgent request - Generally, the greater the sense of urgency, the greater the chance it’s a scam.

Remember, The Co-operators will never contact you through an unsolicited phone call or email to ask for personal information or account details.