The New York State Office of Information and Technology Services and the Division of Consumer Protection today reminded consumers and businesses to protect their online privacy and information from unscrupulous scammers. New Yorkers should follow several key privacy and data security tips shared as part of an effort to raise awareness in recognition of National Data Privacy Day on Sunday, January 28.
"Data Privacy Day serves as an important reminder about how we can keep our data safe from cyber criminals with tips we can follow all year long," said New York State Chief Information Officer Robert H. Samson. "While New York State is a leader in keeping New York's critical infrastructure secure, thanks in large part to Governor Cuomo's leadership, taking appropriate steps to safeguard personal information to minimize risk and avoid becoming a victim is the responsibility of all New Yorkers."
"It is incumbent upon all New Yorkers to conduct online security checks for all their accounts," said New York State Secretary of State Rossana Rosado. "Data Privacy Day is a great opportunity to remind consumers of critical steps to safeguard their information. Consumers must be vigilant in their daily interactions both on and offline to best prevent breaches that can wreak havoc on people's lives."
New York ranked fourth highest in the nation for the number of internet crimes reported with more than $106 million in losses to consumers, according to the FBI's 2016 Internet Crime Report. The Division of Consumer Protection received 1,260 breach notifications, affecting almost 2 million New Yorkers.
Last year, the credit reporting agency Equifax experienced a cyberattack that led to the release of personal private data of nearly 150 million consumers nationwide. In the wake of the unprecedented breach, Governor Cuomo announced significant actions to protect impacted consumers.
To keep personal information and data safe, the following tips are recommended:
- Be Wary of Unsolicited Emails and Calls Asking for Personal Information -- Never share personal information, such as your Social Security number, in response to an unsolicited email or telephone call. If the email or call claims to be from a company you do business with, call them first to confirm the contact is legitimate.
- Secure your Mobile Devices -- Apply software updates that patch known vulnerabilities as soon as they become available. Use security features built into your device such as a passcode, and programs that encrypt data and remotely wipe contents if the device gets lost or stolen.
- Be Careful with Wi-Fi Hotspots -- Public wireless hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public Wi-Fi, and avoid logging into sensitive accounts.
- Be Cautious about the Information you Share on Social Media -- Avoid posting your birthdate, telephone number, home address, or images that identify your job or hobbies. This information may often reveal answers to security questions used to reset passwords, making you a possible target of scammers looking to access your accounts and secured information.
- Use Strong Passwords -- Create unique passwords for all your accounts. Use 10-12 characters in a combination of letters (upper and lower case), numbers and symbols. Individuals should regularly change their passwords as well.
- Change your security questions -- Don't use the same security questions on multiple accounts. Be careful to select security questions for which only you know the answer. Make sure the answers cannot be guessed or found by searching social media or the internet.
- Turn on Two-Step Verification to access accounts -- To enhance the security of your account, require your password and an extra security code to verify your identity whenever you sign-in to your accounts, where available.
- Beware of phishing -- Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender. And be wary of calls or texts asking for your personal information.
- Use Automatic updates and back-up data -- Make sure automatic updates are turned on for your software and that you back up all information.
- Monitor your financial accounts -- Review your bank, credit card, and account statements billing statements carefully to check for suspicious activity. Report any suspicious charges immediately to the responsible financial institution.
- Check your credit report and consider placing a Security Freeze -- If you identify inaccurate, suspicious or unusual activity on your consumer credit report notify the reporting consumer credit reporting agency and the respective financial entity immediately. New Yorkers may also want to consider placing a Security Freeze on their credit reports.
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
- Equifax: 1-800-525-6285
- Keep records -- Keep all notes and records about the security breach in the event fraudulent activity arises later.
Acting Commissioner of Taxation and Finance Nonie Manion said, "Unscrupulous people are using stolen information to file tax returns claiming refunds they're not entitled to. They're trying to steal this money from honest citizens. All New Yorkers should remain vigilant and secure their private information to help prevent it from falling into the wrong hands. The Tax Department offers a number of secure resources to manage your taxes online at www.tax.ny.gov and to report tax fraud, scams, and identity theft."
Financial Services Superintendent Maria T. Vullo said, "As our landmark cybersecurity regulation demonstrates, New York leads the nation in protecting the sensitive data of consumers and the stability of the financial services industry. And we are continuing our nation-leading efforts in ensuring that credit reporting agencies protect consumer data as well. Today we take the opportunity remind consumers how critically important it is to take all necessary precautions to defend against cyber criminals."
Division of Homeland Security and Emergency Services Commissioner Roger L. Parrino, Sr. said, "By following some simple, common-sense steps you can help protect yourself and family from cybercrimes. If you have been the victim of a cybercrime, alert law enforcement, no matter how minor."
New York State Chief Information Security Officer Deborah Snyder said, "The Internet makes it easier than ever to share data and files. However, many people don't recognize the potential privacy risks of their online activities. National Data Privacy Day brings awareness to the importance of protecting personal information."
For more helpful cyber tips, and additional online safety resources, including real-time advisories, visit the New York State Office of Information Technology Services website at https://its.ny.gov/eiso.
For more information on security breaches and avoiding identity theft visit the Division of Consumer Protection website at http://www.dos.ny.gov/consumerprotection/security_breach/. Consumers may also contact the Division's Consumer Assistance Helpline at (800) 697-1220. You can also follow the Division of Consumer Protection on social media on Twitter (@NYSConsumer) and Facebook ( www.facebook.com/nysconsumer).
The Office of Information Technology Services (ITS) provides statewide IT strategic direction, IT policy and centralized IT services to the state and its governmental entities. ITS provides IT enterprise services to support the missions of state agencies by operating four mainframe data centers 24 hours a day, 365 days a year, including more than 90,000 telecom users, 50 statewide mission-critical applications, a secure network of over 1,600 miles of fiber, including IT operations, telecommunications, Internet and Intranet services, enterprise email systems and support, IT training, networking, data storage and processing. In addition, the agency has a world renowned project management practice, operates a first class technology academy for NY government entities and e-learning program for groups, operates a 24/7 customer care center, develops and supports web applications and assists with application development.