NSW Email Design System

Cyber security

Email is a common target for cyber attacks, making it a critical focus for information security. NSW Government agencies must ensure all email communications are secure, accessible, and compliant with legal and privacy obligations. These protections prevent data breaches, minimise risks such as phishing and spoofing, and help maintain public trust in government systems.

Follow the NSW Cyber Security Policy

Government emails must comply with the NSW Cyber Security Policy. This includes:

following agency-specific procedures
using appropriate safeguards
maintaining accountability for information security.

Use authorised platforms

Send all emails—transactional, informational and marketing—through approved government systems or trusted third-party providers that meet security standards.

Avoid personal email accounts and unapproved platforms, as they can expose sensitive data and reduce accountability.

Protect personal information

Keep personal and sensitive information to a minimum in emails. When required, use classification labels for content that is:

sensitive
confidential
protected.

Handle data according to privacy, data protection and records management laws.

Ensure trust and authenticity

Work with your IT and security teams to implement email protections, including:

DMARC (Domain-based Message Authentication, Reporting & Conformance)
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail).

These safeguards help prevent spoofing, reduce phishing risks and support public trust.

Avoid unsafe tools and practices

Do not:

include unverified links or third-party tracking pixels
use unapproved email tools
embed active scripts or macros in attachments.

Only link to trusted sources such as official NSW Government websites.

Maintain email hygiene

Ensure emails are free from:

malicious content
unsafe attachments
suspicious links.

Use accessible formatting and content that works with security scanning tools. All emails—incoming and outgoing—are automatically scanned.

Understand your responsibilities

All staff must:

protect sensitive and personal information
follow agency access controls and protocols
report suspected cyber threats immediately
complete mandatory cyber security training
stay informed about emerging risks.

Where to find more information

For guidance, refer to:

the NSW Cyber Security Policy
your agency's cyber security, privacy and records management procedures
your cyber security team or IT service desk.

Sources

NSW Government. (n.d.). Cyber Security Policy. (accessed on 13 June 2025).

Cyber security

Follow the NSW Cyber Security Policy

Government emails must comply with the NSW Cyber Security Policy. This includes:

following agency-specific procedures
using appropriate safeguards
maintaining accountability for information security.

Use authorised platforms

Send all emails—transactional, informational and marketing—through approved government systems or trusted third-party providers that meet security standards.

Avoid personal email accounts and unapproved platforms, as they can expose sensitive data and reduce accountability.

Protect personal information

Keep personal and sensitive information to a minimum in emails. When required, use classification labels for content that is:

sensitive
confidential
protected.

Handle data according to privacy, data protection and records management laws.

Ensure trust and authenticity

Work with your IT and security teams to implement email protections, including:

DMARC (Domain-based Message Authentication, Reporting & Conformance)
SPF (Sender Policy Framework)
DKIM (DomainKeys Identified Mail).

These safeguards help prevent spoofing, reduce phishing risks and support public trust.

Avoid unsafe tools and practices

Do not:

include unverified links or third-party tracking pixels
use unapproved email tools
embed active scripts or macros in attachments.

Only link to trusted sources such as official NSW Government websites.

Maintain email hygiene

Ensure emails are free from:

malicious content
unsafe attachments
suspicious links.

Use accessible formatting and content that works with security scanning tools. All emails—incoming and outgoing—are automatically scanned.

Understand your responsibilities

All staff must:

protect sensitive and personal information
follow agency access controls and protocols
report suspected cyber threats immediately
complete mandatory cyber security training
stay informed about emerging risks.

Where to find more information

For guidance, refer to:

the NSW Cyber Security Policy
your agency's cyber security, privacy and records management procedures
your cyber security team or IT service desk.

Sources

NSW Government. (n.d.). Cyber Security Policy. (accessed on 13 June 2025).

Command Palette

Command Palette

Cyber security

Follow the NSW Cyber Security Policy

Use authorised platforms

Protect personal information

Ensure trust and authenticity

Avoid unsafe tools and practices

Maintain email hygiene

Understand your responsibilities

Where to find more information

Sources

Cyber security

Follow the NSW Cyber Security Policy

Use authorised platforms

Protect personal information

Ensure trust and authenticity

Avoid unsafe tools and practices

Maintain email hygiene

Understand your responsibilities

Where to find more information

Sources