Did you know….?
- Some email accounts, (typically free accounts or those as part of a wider service like gmail, Hotmail even Bigpond, Optus etc), are routinely and systematically scrutinised and analysed for what you are doing and what you are sending and who to.
- Email bounces via of a number of servers and through various services between leaving you and reaching the recipient. This creates numerous points of vulnerability.
- Points of weakness are the sender’s device, the network, (i.e., the internet provider), the servers and the recipient’s device.
- Not all email clients are equal. Some are more secure than others.
- Webmail is the least secure – but you can take precautions like using strong passwords, enabling two factor authentication and enabling notifications for new sign-in locations or devices
Important Security Issues
- You should never have a Tax File Number (TFN) written in the body of an email
- You should never have a TFN written in an attachment within an email unless it is encrypted (password protected)
- If you are using a webmail based email address, look at upgrading and getting your own domain name with a secure provider – it is more professional and costs very little to activate an email address. You don’t need an active website in order to have your own email address. At the very least, make sure you have enabled the highest possible security available for that service.
- Consider using encryption software for sensitive documents or information being sent by email
In effect, there is no security of identity-sensitive information like a TFN in an email, and any one of the people with access to your or the recipient’s devices, email servers or intercepting emails could obtain the TFN that you have sent.
This opens up a can of worms for the sending of Income Tax Return by email (it contains the TFN), and for sending the end of year payment summaries directly from the software.
It is not limited to TFNs. The sending of any information that could be used to compromise someone’s identity, including credit card details, bank account details and other private information are all questionable.
Recommendations
- Use a password manager application like 1Password or Last Pass. This not only securely manages all your passwords but can generate very strong passwords randomly.
- Always use strong passwords
- Regularly change passwords
- Regularly check settings and preferences to make sure you are still using the optimum security setting available for your email application
- Always update your operating system, software and applications when prompted
- Enable two factor authentication on anything you can
- Back up everything