Attending to security of information in the e-Tax Board/e-Customs is primarily the task of the Estonian Tax and Customs Board but there are some things the Board cannot take care of. The following is an overview of the measures how the customers, upon using the e-Tax Board/e-Customs, can minimize potential risks and avoid dangers of the internet environment. Communication in e-Tax Board/e-Customs will be secure when you are careful and attentive yourself.
Connection between your computer and the e-Tax Board/e-Customs is secured by eavesdropping-proof SSL (Secure Sockets Layer) protocol. Connection between the e-Tax Board/e-Customs server and a customer's browser will be created as secure as feasible by the browser in the customer's computer.
Reduction of potential risks and recommendations on use of e-Tax Board/e-Customs
- Do not log in the e-Tax Board/e-Customs in a public computer if you are not quite sure that it secure. If you are in a public place, always make sure that nobody can watch your monitor and/or operations or find out your passwords.
- Upon entry in e-Tax Board/e-Customs always check that you are on the right webpage. It can be done as follows:
- Connection must be encrypted, i.e. an internet address must begin with: https:// and the browser must show that this is a safe connection (usually, upon secure session a lock appears on the address strip or lower status band of the window);
- If you click the browser lock icon, the certificate opened will display the right webpage address, the certificate must be issued by the Certification Centre Ltd. Such check will avoid the situation when a potential malevolent attacker could deceive you so that the communication between you and the e-Tax Board/e-Customs would go through the attacker's computer.
- Always exit the e-Tax Board/e-Customs by clicking the button "Exit" on the right upper corner of the e-Tax Board/e-Customs webpage and only thereafter always close all the browser windows. Do it if you leave the computer just for a moment so that nobody would be able to access your personal data in e-Tax Board/e-Customs.
- If you log in the e-Tax Board/e-Customs through a bank, you must find out the security and privacy requirements of the given bank.
Follow technical requirements
We recommend to use the latest browser version for access to the e-Tax Board/e-Customs. Make sure that all security updates of an operating system have been installed. When you log in the e-Tax Board/e-Customs with an ID card, a smartcard reader capable of reading your ID card must be connected with the computer.
You can find technical instructions for use of an ID card here.
Protect your personal security elements
In the e-Tax Board/e-Customs a user shall be identified by means of security elements and that is why it is extremely important that they are kept in secret.
If you use passwords for logging in
- Keep your user name and password only to yourself. Memorise your password, do not write it anywhere.
- Select a password that is complicated to figure out. Phone numbers, names of the persons and other things associated with you is a bad choice for a password. A good password is without any logics. Mix numbers, letters and punctuation marks for a password.
- Change your password immediately, if you think that somebody has found it out. You can change your password in e-Tax Board/e-Customs, or if you log in through a bank, change the password in the bank through which you visit the e-Tax Board/e-Customs.
- Never disclose your password to your family, acquaintances, colleagues, officials – nobody may know it.
- Do not use the same password for several times. Do not use analogous passwords, like "my password1", "my password2".
- Do not enter your password, if you have reasons to suspect that any other person is watching you entering it.
- A password for access to the e-Tax Board/e-Customs can be used only for logging in the e-Tax Board/e-Customs; do not use this password anywhere else.
Personal ID card
- Never give your ID card to any other person. If anybody happens to misuse your ID card, it is you who will be responsible.
- Keep your PIN codes of your ID card out of sight of other people. Never write any PIN on the card. Keep the card and codes separately. Memorise the codes and destroy an envelope with PINs.
- Whenever possible, change your PINs immediately after receipt of the card.
- For easier memorising do not change your identification PIN and digital signature PIN so that they would be similar.
- Do not leave your ID card in the smartcard reader of the computer after you have finished work in secure environment.
- If your ID card and codes get lost or stolen, you must notify the Certification Centre Ltd immediately through the hlpline phone number 1777.
General recommendations for daily protection of your computer
There is all sort of malware circulating in the internet, like viruses, worms, spyware, etc. All these "baddies" are trying to control your computer in order to find out your passwords, misuse your computer, or attack other computers, etc. If your computer is protected against malware, use of the e-Tax Board/e-Customs will be more secure as well.
- Make sure that there are no viruses or spyware in your computer. In view of this, use anti-virus software and special programs designed for eliminating spyware (spying programmes).
- If possible, protect your computer with a firewall.
- Make sure that your online computer is protected with passwords.
- Update the operating system and browser on regular basis. This way you will ensure quick removal of security errors occurring now or then.
- Set your browsers in the manner that they would not save encrypted pages or your passwords.
- Make sure that security devices of the web browser are operational.
If you are not able to carry out the aforementioned measures for securing the computer or suspect that there may be spyware or viruses in your computer, consult an IT expert.