Open your email account and search for ‘driver licence’. Then search for ‘passport’, ‘Medicare’, and ‘payslip’. Now think about your email account password; do you use the same password for other accounts? When did you last change it? The sensitive personal information contained in your inbox is at risk if your password is used across other accounts.
That risk is higher still if you are like the 90 percent of Google users who in 2018 did not make use of a simple additional security check, known as multi-factor authentication, to protect their accounts.
Here’s how to take small steps for big security gains.
Scams Awareness Week: five ways in five days to free and easy cyber security
Start by making your email password unique, then switch on multi-factor authentication. After that, delete your attachments.
Your email password needs to be unique, so change it if you have reused the same one anywhere else.
The best way to do this is through a password manager. These can help you change all your passwords to long and unique combinations that you can set and forget. All you need to remember is your one master password which is the key to your password vault.
Another option is to use phrases for your passwords (also known as a passphrase). A sentence that means something to you, not taken from a book or movie, is a great choice. You’ll remember it since it is a phrase, rather than a random combination of letters and symbols, and it’ll be harder for an attacker to guess or crack. You still can’t reuse passphrases across accounts, though, so a password manager would again come in handy here.
Next, deadbolt your email account with multi-factor authentication. It is supported by most major email providers and can be usually found under your account settings within the security or privacy tab.
This security control, which requires an extra code usually when you first log in, is simple and makes hacking your email account extremely difficult. It also means an attacker will not be able to access your account if they steal your password.
Find and delete any attachments that contain your driver licence, passport, and other highly sensitive personal information you would most like to keep out of hackers’ hands.
Most email services allow you to check a box to return search results with attachments, or you may be able to search the phrase ‘hasattachment:yes’ along with any keywords like ‘driver licence’.
Your account is unlikely to be compromised when protected with both a unique password and multi-factor authentication, but there are phishing attacks that can steal both.
By deleting searchable records of your personal information in your email, you’re minimising the potential damage should it be breached.
You, like me, may choose to store a copy of your personal information (like your driver licence, passport, and Medicare info) in one easy to access location. You can do this whilst also ensuring it is secure.
I store mine within Google Drive inside of an encrypted archive file – most commonly known as a zip file – using an entirely unique password. I use the 7zip extension with powerful AES encryption, both which are set as default options within the free open source 7zip software.
This control means hackers who breach my Google account will be unable to find a copy of my sensitive documents within my thousands of emails. They will also be unable to open the archive containing my personal information because the password is different from any they have stolen.
If you need more regular digital access to things like your driver license, try an app.
Tap of an app
I have not carried a wallet since 2017. My phone is my wallet, allowing me to pay and provide proof of identity.
So making fast and easy access to my driver licence is essential. I store a second copy of my driver licence and Medicare card, two items I often need in a pinch, in the Sync.com cloud service.
This is a secure so-called ‘zero knowledge’ service which is protected with multi-factor authentication. This combination makes compromising my data very difficult, yet access convenient through an app on both Android and iOS.
Many identity providers are starting to offer identity services digitally. Apps like Australia Post’s Digital ID, Services Australia’s Express Plus Medicare mobile app, or if you’re in NSW or South Australia, your state government’s digital driver license apps, make it easy to access your identity documents quickly, backed by the government’s security chops.
Scams Awareness Week runs from August 17 – 21. Make sure to check out our Cyber Security Hub for the latest info on staying safe from threats. Also see the ACCC’s ScamWatch podcast series on identity theft by the team at the ABC’s The Chaser.