New York Governor Kathy Hochul released data privacy guidelines on how citizens can protect themselves and their personal information.
In recognition of Data Privacy Week, the State Office of Information Technology Services has teamed with other state agencies to promote techniques for protecting private data including raising awareness of phishing schemes, using strong passwords and exhibiting greater caution with information shared on social media.
Governor Hochul also announced an expansion of state investments in cybersecurity initiatives in her State of the State address, which will further secure and protect New York's critical infrastructure.
New York advised its citizens to keep their sensitive personal information private and secure by:
Being wary of unsolicited emails and telephone calls asking for personal information. Never share personal information, such as a Social Security number, in response to an unsolicited email or telephone call. If the email or call claims to be from a business associate, call it first to confirm the contact is legitimate.
Keeping devices updated. Enable automatic updates for devices and applications, including mobile devices. Use security features built into the device, such as a passcode, and programs that encrypt data and remotely eliminate contents if the device is lost or stolen.
Being careful with Wi-Fi hotspots. Public wireless hotspots may not be secure and can potentially allow others to monitor online activity, especially if it is unencrypted — ensure website connection is secure, and for extra protection use a virtual private network.
Limiting personal data collected by mobile apps. Limit any data collected to the minimum required, such as by limiting location services to "only when using the app" and not allowing personal information such as email to be shared with third parties. Consider the app's privacy policies before downloading.
Being cautious about the information shared on social media. Avoid posting birthdates, telephone numbers, home addresses, or images that identify employment or hobbies. This information may often reveal answers to security questions used to reset passwords and can be utilized by scammers looking to access accounts and personal information.
Using strong passwords. Create different complex passwords for every account. Consider passphrases made of up multiple short words which are easy to remember but difficult for a computer to guess, like "Correct-Horse-Battery-Staple!". Consider using a password manager which can help generate and securely store passwords.
Using hard to guess security question answers. Select security questions with answers that cannot be guessed or found by searching social media or the internet.
Using multifactor authentication to access accounts. A password and another factor, such as a code from an app on a phone, make it much harder for an account to be hacked.
Being aware of phishing schemes. Don't click on links, download files, or open attachments in emails from unknown senders. Open attachments only when they are expected and the contents are known.