Cybersecurity Center

General Security Tips

Update and Patch Your Devices

Ensuring your devices are updated and patched is extremely important and is a simple step to help you stay safe online.

Software updates not only improve how your device runs – they also fix or remove bugs, patch security vulnerabilities that are exploitable by hackers, and add new and improved features.

By regularly updating and patching your devices, you can help keep your personal information safe and out of the wrong hands.

Protect Your PII

Personally Identifiable Information (PII) refers to any information that can be used to identify, locate, or contact an individual. This includes, but is not limited to – your name, Social Security number, date of birth, address and phone number.

It is important to be mindful of where you might use, or share, your PII. Be careful not to include any identifying information in your passwords, PIN numbers or passcodes.

We also recommend considering what you post online as social media is a huge source for cybercriminals to gain your private information. Look over the privacy settings of your social media accounts and enable multi-factor authentication when possible.

How To Safeguard Personally Identifiable Information

To learn more about how to protect, store, and use your PII, read the Department of Homeland Security’s factsheet

Learn More
Understanding Ransomware

Ransomware is an ever-evolving form of malware designed to take your files hostage (encryption), rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for releasing files (decryption). Here are some important tips that will help protect your files:

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the targets of most attacks.
  • Never click on links or open attachments in unsolicited emails.
  • Back up data on a regular basis. Keep it on a separate device and store it offline.
  • Follow safe practices when using devices that connect to the Internet.

Learn more about how to protect yourself from Ransomware

Learn More

Stay Safe While at Home and On-the-Go

With the COVID-19 pandemic still a significant part of our daily lives, it is imperative to implement both personal and device safety measures while at home.

Resist using public WiFi to access personal accounts, make purchases, or sign into banking, credit or other applications where personal data is present.

Cybercriminals have the potential to intercept information being transmitted (aka “Man-in-the-Middle”) over unencrypted network connections and can use their findings in a wide variety of cyberattacks.

Learn more on how to safeguard your home and information

By reading the New York State Division of Consumer Protection’s Safety Tips for Today’s Home

Learn More

Online and Mobile Security

Enhance Your Password Security

Strong passwords are essential in practicing online security and protecting your information. Strong passwords are those that include uppercase and lowercase letters, numbers, special characters, and are at least twelve to fifteen characters in length.

Remember to never write down, share, or store your passwords overtly. Instead, use a secure password manager to organize and keep track of your passwords.

It is important to update your passwords frequently, setup multi-factor authentication and enable biometric login when available.

Avoid the “Remember Me” and “Allow Autofill” options when logging into online or mobile accounts, as these settings store your credentials on the device or browser in use.

Building a Digital Defense with Passwords

The United States Federal Bureau of Investigation (FBI) recommends using lengthy passphrases as passwords. To read more about creating a strong passphrase, check out the FBI’s article on Building a Digital Defense with Passwords.

Learn More

Be Aware of Email Scams

Phishing refers to a type of social engineering attack, in which a cybercriminal sends deceptive emails in an attempt to infect a user’s device with malware and/or obtain personal information, such as credit card numbers, login credentials, and other sensitive material.

These messages often use verbiage that creates a sense of urgency, so that the user is more likely to panic and act quickly on the fraudster’s requests.

Phishing emails are frequently centered around current events, like the COVID-19 pandemic; or sent at specific times of year, such as tax season.

Always be cautious when opening attached files as they can potentially have malicious programs embedded in them just waiting to be run by an unsuspecting user.

It is important to always think before you click, especially if the sender appears suspicious or if you were not expecting the email. Practice hovering your mouse over hyperlinks to see where they are really taking you.

How To Spot A Social Engineering Attack And How To Avoid Them

To learn more about how to spot a social engineering attack and how to avoid them, visit the United States Cybersecurity and Infrastructure Security Agency (CISA) website and review their tips on Avoiding Social Engineering and Phishing Attacks.

Learn More

Don’t Answer That Call

Voice phishing, or Vishing, is a social engineering scheme, that aims to gather personal and confidential information using verbal scams.

Like phishing, vishing calls may evoke a sense of panic, and attackers will attempt to persuade their victims to provide sensitive, personal material over the phone.

Cybercriminals may even leverage programs that can create bogus phone numbers using local area codes and numbers, or ones that resemble a reputable organization’s business number.

If you suspect that you might have received (or are on) a vishing call, it is always best to hang up and verify legitimacy by calling an official, public phone number of the company in question.

Federal Trade Commission’s National Do Not Call Registry

You may also wish to register for the Federal Trade Commission’s National Do Not Call Registry which will greatly reduce the telemarketing calls your number receives, and help you spot a possible vishing attack.

Learn More

Identity Theft Best Practices and Resources

Monitor Your Accounts and Credit Report

Identity theft is the deliberate and intentional use of another person’s identity, usually for financial gain. Luckily there are ways to mitigate your risk of becoming a victim of this crime.

Regularly monitoring your financial account statements, as well as keeping track of activity on your credit report, are good ways of being proactive and can help you stop identity theft before it’s too late.

Setting up alerts on your bank account is simple and will help you spot suspicious activity like invalid logins, transactions, or fraudulent online charges.

Credit monitoring is easy to setup and tracks activity at all three major credit bureaus – Equifax, Experian, and TransUnion. This service will alert you when it detects newly opened loans or accounts, unexpected changes to your credit limits, a change in personal information on your credit file, and more.

visiting the United States Federal Trade Commission’s website

Learn more about identity monitoring services and Identity Theft Protection Services by visiting the United States Federal Trade Commission’s website.

Learn More

Report Suspicious Account Activity

Do you think you’ve been a victim of fraud? Don’t worry, we’re here to help.

If you suspect fraudulent activity on your account, please contact your local branch manager or representative.

Setting up alerts on your bank account is simple and will help you spot suspicious activity like invalid logins, transactions, or fraudulent online charges.

Federal Trade Commission (FTC)

You may wish to file a formal complaint or report a scam or consumer issue directly with the Federal Trade Commission (FTC): FTC Complaint Assistant

Learn More
FBI’s Internet Crime Complaint Center (IC3)

You can also report stolen identities and finances to the FBI’s Internet Crime Complaint Center (IC3): Complaint Referral Form

Learn More

Online Education
Center

FTC Cyber Basics
ID Theft for Business
ID Theft for Consumers