Cybersecurity Tips for New Yorkers

Americans must be extra vigilant against cyber attacks right now. Sen. Kirsten Gillibrand is working at the federal level to prepare state and local governments and to get them the resources they need to protect critical infrastructure. But New Yorkers and New York businesses could also potentially be targets. Here are a few tips on cyber safety and security so you can protect yourselves, your companies, and your personal information.

First, make sure you’re using a strong password. Something like “password” or “12345” isn’t strong enough. Use a mix of letters and numbers, use both uppercase and lowercase letters, and use special characters like (!@#$%) if the system allows it. Once you pick a strong password, it can be tempting to reuse it, but that actually puts you at greater risk. If your password to one account is leaked or stolen, cyber attackers could gain access to every other account where you’ve used that password.

Next, turn on two-factor authentication. This security feature requires you to enter a login code that is either sent in a text message or generated by an app on your phone. So even if your password is leaked or stolen, cyber attackers won’t be able to log in to your account.

Finally, make sure you secure ALL of your accounts – even your social media accounts! Hacked social media accounts are frequently used to send spam, scam your friends and family, and spread disinformation for foreign governments.

For more information on how to choose a strong password and set up two-factor authentication, go to the privacy settings of your online accounts, or review these resources from the Cybersecurity and Infrastructure Security Agency:

• Choosing a Strong Password
• Two-Factor Authentication

It may be annoying to have to stop what you’re doing so your computer or phone can update, but it’s essential that you do. Those updates often conain critical security updates that protect you from new security threats.

So as soon as that pop-up notification appears, download the latest updates for your phones, computers, apps and programs. 

Most cyber attackers aren’t going to break into your accounts — they’re going to try to trick you into letting them in. Those tricks often come in the form of emails or direct messages over social media that appear to come from businesses telling you that you need to click on a link to update your personal information or collect a prize. They may also make demands or threats.

Remember that you don’t have to respond! Cyber attackers will often try to make their messages appear urgent (such as by threatening that your social media account will be deleted if you do not click a link within the next hour) to pressure you into making a mistake. Take the time to check where the message is coming from and if the email or account looks legitimate. If you have doubts, you can always reach out to the company the message appears to be from to confirm whether it is real.

If you think your account information has been stolen, update your password as soon as you can and notify the organization your account is with. Continue to monitor your account for suspicious or unusual activity.

For more tips, advice, and cyber hygiene resources, check out the Cybersecurity and Infrastructure Security Agency.