General Security Tips
Update and Patch Your Devices
- Ensuring your devices are updated and patched is extremely important and is a simple step to help you stay safe online.
- Software updates not only improve how your device runs – they also fix or remove bugs, patch security vulnerabilities that are exploitable by hackers, and add new and improved features.
- By regularly updating and patching your devices, you can help keep your personal information safe and out of the wrong hands.
Protect Your PII
- Personally Identifiable Information (PII) refers to any information that can be used to identify, locate, or contact an individual. This includes, but is not limited to – your name, Social Security number, date of birth, address and phone number.
- It is important to be mindful of where you might use, or share, your PII. Be careful not to include any identifying information in your passwords, PIN numbers or passcodes.
- We also recommend considering what you post online as social media is a huge source for cybercriminals to gain your private information. Look over the privacy settings of your social media accounts and enable multi-factor authentication when possible.
- To learn more about how to protect, store, and use your PII, read the Department of Homeland Security’s factsheet on How to Safeguard Personally Identifiable Information.
Stay Safe While at Home and On-the-Go
- With the COVID-19 pandemic still a significant part of our daily lives, it is imperative to implement both personal and device safety measures while at home.
- Resist using public WiFi to access personal accounts, make purchases, or sign into banking, credit or other applications where personal data is present.
- Cybercriminals have the potential to intercept information being transmitted (aka “Man-in-the-Middle”) over unencrypted network connections and can use their findings in a wide variety of cyberattacks.
- Learn more on how to safeguard your home and information by reading the New York State Division of Consumer Protection’s Safety Tips for Today’s Home.
Online and Mobile Security
Enhance Your Password Security
- Strong passwords are essential in practicing online security and protecting your information. Strong passwords are those that include uppercase and lowercase letters, numbers, special characters, and are at least twelve to fifteen characters in length.
- The United States Federal Bureau of Investigation (FBI) recommends using lengthy passphrases as passwords. To read more about creating a strong passphrase, check out the FBI’s article on Building a Digital Defense with Passwords.
- Remember to never write down, share, or store your passwords overtly. Instead, use a secure password manager to organize and keep track of your passwords.
- It is important to update your passwords frequently, setup multi-factor authentication and enable biometric login when available.
- Avoid the “Remember Me” and “Allow Autofill” options when logging into online or mobile accounts, as these settings store your credentials on the device or browser in use.
Be Aware of Email Scams
- Phishing refers to a type of social engineering attack, in which a cybercriminal sends deceptive emails in an attempt to infect a user’s device with malware and/or obtain personal information, such as credit card numbers, login credentials, and other sensitive material.
- These messages often use verbiage that creates a sense of urgency, so that the user is more likely to panic and act quickly on the fraudster’s requests.
- Phishing emails are frequently centered around current events, like the COVID-19 pandemic; or sent at specific times of year, such as tax season.
- Always be cautious when opening attached files as they can potentially have malicious programs embedded in them just waiting to be run by an unsuspecting user.
- It is important to always think before you click, especially if the sender appears suspicious or if you were not expecting the email. Practice hovering your mouse over hyperlinks to see where they are really taking you.
- To learn more about how to spot a social engineering attack and how to avoid them, visit the United States Cybersecurity and Infrastructure Security Agency (CISA) website and review their tips on Avoiding Social Engineering and Phishing Attacks.
Don’t Answer That Call
- Voice phishing, or Vishing, is a social engineering scheme, that aims to gather personal and confidential information using verbal scams.
- Like phishing, vishing calls may evoke a sense of panic, and attackers will attempt to persuade their victims to provide sensitive, personal material over the phone.
- Cybercriminals may even leverage programs that can create bogus phone numbers using local area codes and numbers, or ones that resemble a reputable organization’s business number.
- If you suspect that you might have received (or are on) a vishing call, it is always best to hang up and verify legitimacy by calling an official, public phone number of the company in question.
- You may also wish to register for the Federal Trade Commission’s National Do Not Call Registry which will greatly reduce the telemarketing calls your number receives, and help you spot a possible vishing attack.
Identity Theft Best Practices and Resources
Monitor Your Accounts and Credit Report
- Identity theft is the deliberate and intentional use of another person’s identity, usually for financial gain. Luckily there are ways to mitigate your risk of becoming a victim of this crime.
- Regularly monitoring your financial account statements, as well as keeping track of activity on your credit report, are good ways of being proactive and can help you stop identity theft before it’s too late.
- Setting up alerts on your bank account is simple and will help you spot suspicious activity like invalid logins, transactions, or fraudulent online charges.
- Credit monitoring is easy to setup and tracks activity at all three major credit bureaus – Equifax, Experian, and TransUnion. This service will alert you when it detects newly opened loans or accounts, unexpected changes to your credit limits, a change in personal information on your credit file, and more.
- Learn more about identity monitoring services and Identity Theft Protection Services by visiting the United States Federal Trade Commission’s website.
Report Suspicious Account Activity
- Do you think you’ve been a victim of fraud? Don’t worry, we’re here to help.
- If you suspect fraudulent activity on your account, please contact your local branch manager or representative.
- You may wish to file a formal complaint or report a scam or consumer issue directly with the Federal Trade Commission (FTC): FTC Complaint Assistant
- You can also report stolen identities and finances to the FBI’s Internet Crime Complaint Center (IC3): Complaint Referral Form