Cybersecurity Center
General Security Tips
Update and Patch Your Devices
Ensuring your devices are updated and patched is extremely important and is a simple step to help you stay safe online.
Software updates not only improve how your device runs – they also fix or remove bugs, patch security vulnerabilities that are exploitable by hackers, and add new and improved features.
By regularly updating and patching your devices, you can help keep your personal information safe and out of the wrong hands.
Protect Your PII
Personally Identifiable Information (PII) refers to any information that can be used to identify, locate, or contact an individual. This includes, but is not limited to – your name, Social Security number, date of birth, address and phone number.
It is important to be mindful of where you might use, or share, your PII. Be careful not to include any identifying information in your passwords, PIN numbers or passcodes.
We also recommend considering what you post online as social media is a huge source for cybercriminals to gain your private information. Look over the privacy settings of your social media accounts and enable multi-factor authentication when possible.
To learn more about how to protect, store, and use your PII, read the Department of Homeland Security’s factsheet
Ransomware is an ever-evolving form of malware designed to take your files hostage (encryption), rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for releasing files (decryption). Here are some important tips that will help protect your files:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the targets of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Back up data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when using devices that connect to the Internet.
Learn more about how to protect yourself from Ransomware
Stay Safe While at Home and On-the-Go
With the COVID-19 pandemic still a significant part of our daily lives, it is imperative to implement both personal and device safety measures while at home.
Resist using public WiFi to access personal accounts, make purchases, or sign into banking, credit or other applications where personal data is present.
Cybercriminals have the potential to intercept information being transmitted (aka “Man-in-the-Middle”) over unencrypted network connections and can use their findings in a wide variety of cyberattacks.
By reading the New York State Division of Consumer Protection’s Safety Tips for Today’s Home
Online and Mobile Security
Multi-Factor Authentication
Having strong, complex passwords (more than 15 characters long) is always a good idea and makes it harder for hackers to crack. But yet, sometimes they do get a hold of your password by way of a data leak or breach that exposes user accounts and passwords.
Today, it is necessary to add more security measures to protect information. Multi-Factor Authentication (MFA) uses more than one piece of information to access your data: your password AND something you have (token, code generator) or something you are (fingerprint, retinal scan).
The Cybersecurity and Infrastructure Security Agency (CISA) recommends using multi-factor authentication whenever it is available.
Click Here to learn more.
Be Aware of Email Scams
Phishing refers to a type of social engineering attack, in which a cybercriminal sends deceptive emails in an attempt to infect a user’s device with malware and/or obtain personal information, such as credit card numbers, login credentials, and other sensitive material.
These messages often use verbiage that creates a sense of urgency, so that the user is more likely to panic and act quickly on the fraudster’s requests.
Phishing emails are frequently centered around current events, like the COVID-19 pandemic; or sent at specific times of year, such as tax season.
Always be cautious when opening attached files as they can potentially have malicious programs embedded in them just waiting to be run by an unsuspecting user.
It is important to always think before you click, especially if the sender appears suspicious or if you were not expecting the email. Practice hovering your mouse over hyperlinks to see where they are really taking you.
To learn more about how to spot a social engineering attack and how to avoid them, visit the United States Cybersecurity and Infrastructure Security Agency (CISA) website and review their tips on Avoiding Social Engineering and Phishing Attacks.
Don’t Answer That Call
Voice phishing, or Vishing, is a social engineering scheme, that aims to gather personal and confidential information using verbal scams.
Like phishing, vishing calls may evoke a sense of panic, and attackers will attempt to persuade their victims to provide sensitive, personal material over the phone.
Cybercriminals may even leverage programs that can create bogus phone numbers using local area codes and numbers, or ones that resemble a reputable organization’s business number.
If you suspect that you might have received (or are on) a vishing call, it is always best to hang up and verify legitimacy by calling an official, public phone number of the company in question.
You may also wish to register for the Federal Trade Commission’s National Do Not Call Registry which will greatly reduce the telemarketing calls your number receives, and help you spot a possible vishing attack.
Identity Theft Best Practices and Resources
Monitor Your Accounts and Credit Report
Identity theft is the deliberate and intentional use of another person’s identity, usually for financial gain. Luckily there are ways to mitigate your risk of becoming a victim of this crime.
Regularly monitoring your financial account statements, as well as keeping track of activity on your credit report, are good ways of being proactive and can help you stop identity theft before it’s too late.
Setting up alerts on your bank account is simple and will help you spot suspicious activity like invalid logins, transactions, or fraudulent online charges.
Credit monitoring is easy to setup and tracks activity at all three major credit bureaus – Equifax, Experian, and TransUnion. This service will alert you when it detects newly opened loans or accounts, unexpected changes to your credit limits, a change in personal information on your credit file, and more.
Learn more about identity monitoring services and Identity Theft Protection Services by visiting the United States Federal Trade Commission’s website.
Report Suspicious Account Activity
Do you think you’ve been a victim of fraud? Don’t worry, we’re here to help.
If you suspect fraudulent activity on your account, please contact your local branch manager or representative.
Setting up alerts on your bank account is simple and will help you spot suspicious activity like invalid logins, transactions, or fraudulent online charges.
You may wish to file a formal complaint or report a scam or consumer issue directly with the Federal Trade Commission (FTC): FTC Complaint Assistant
You can also report stolen identities and finances to the FBI’s Internet Crime Complaint Center (IC3): Complaint Referral Form