MAG Retraite Québec October 2022 Issue

Preventing security incidents

Retraite Québec is making the prevention of security incidents a priority. It provides its staff and the public with the tools they need to fight this scourge.

What is a security incident?

A security incident occurs when an individual or entity attempts to gain unauthorized access to one of the infrastructures of an organization, thereby endangering the personal and confidential information that the organization has a duty to protect. Phishing is one of the most common safety incidents.

Phishing

Definition: Unsolicited fraudulent communication (e.g. an email, text message or telephone call) aimed at obtaining personal information (credit cards, Social Insurance Number (SIN), etc.) from victims.

These messages may also allow cybercriminals to install malware on your device to facilitate unauthorized access to information that is then sold on the black market. They can also use or modify banking information or interfere with the proper functioning of an organization.

Some advice from our specialist

Lisette van Lier, Information security awareness and training advisor at Retraite Québec, explains how to better prevent a security incident.

We know that the main risk in information security within an organization is related to the human factor. What is Retraite Québec doing to reduce this risk?

To strengthen its security culture, Retraite Québec has developed an awareness and training program for its staff. All employees are therefore equipped to ensure the protection of the citizens' personal and confidential information.

For example, security incidents and phishing simulations are organized regularly to allow staff members to acquire the knowledge, expertise and good reflexes to prevent these types of incidents.

What signs can alert citizens of a phishing risk?

Citizens should be wary of emails, text messages and telephone calls that:

  • are unexpected or unsolicited
  • are sent by an unknown person
  • give a sense of urgency
  • are not intended for them personally
  • contain language mistakes.
Example of an email to be wary of
Window that opens when clicking on Access
Example of a text message to be wary of

What are the best practices to adopt to avoid phishing?

First, verify the sender's address in the e-mail or text message and, if any doubt arises, avoid opening the attachment or clicking on the link in the message. Also, do not provide personal information, such as a credit card number, in response to requests received by e-mail, text message or telephone.

Communications from Retraite Québec never provide detailed information about a person's file or links to online services. To access your file online, you must always go directly to My Account on Retraite Québec's website.

Please note that, during telephone conversations, members of our staff validate your identity, but they never ask you to provide personal information over the telephone. If in doubt, ask the person who contacts you to give you their phone number so that you can call them back. Then, check the How to reach us section on our website to make sure the number is the same as Retraite Québec's number. If it is not the same, use one of the telephone numbers listed in the How to reach us section of our website and verify with us to see whether the call you received was indeed from Retraite Québec.

For more information, consult our Privacy Policy.

Top of page