Newsday has been reporting since September on the massive ransomware breach that continues to negatively impact county operations. We asked EC Rep and Associate Professor of Cybersecurity & Engineering Andrew Stone to share his top ten points of advice to help members keep their data safe.

On September 8, Suffolk County’s computer systems were compromised and infected with ransomware.

The county responded by shutting down all of their IT systems, basically pulling the plug on every computer, server and network component they control.

Following the attack, the county has been slowly restoring their IT services. They were also informed by the attackers that county records were stolen and would be released if the ransom is not paid.

Fortunately, the college’s computer environment is separate from the county and was not a part of this compromise. Unfortunately, the county’s data includes information about our members. While we don’t yet know if any of our member data was compromised as part of this attack, most of you have had personal data compromised in other data breaches.

There are things you can do to minimize the impact of personal data being compromised whether it’s a known breach or even a breach that hasn’t been publicly disclosed.

1. Change your passwords: Even if a compromise doesn’t include any of your passwords, it can still make you a target. Start with your personal email because that can sometimes be used to reset other passwords. Then move on to banks, credit cards and other high value passwords. Making these passwords harder to compromise can really help protect your most important accounts.
   
   
2. Don’t reuse passwords: While you’re changing passwords, make sure you use different passwords for each account. If you use the same password in multiple places, a single breach could compromise everything. The best way to use different passwords is by using a password manager. Lastpass, Onepassword and Apple Keychain are examples of password managers that can generate highly secure and separate passwords for each of your accounts. With a client installed on your devices, you can then automatically fill each password which makes the use of separate passwords easier.
   
   
3. Enable two-factor authentication: Especially on your most important accounts like email and financial, add a second factor for authentication. This will require that you have a trusted device when logging in to the account. Depending on the implementation you may be able trust a known device, so you don’t even need to use the second factor code regularly.
   
   As part of this process, you should produce emergency recovery or one time use passwords in case your phone is lost or stolen. These can be printed and stored in a secure location. Google Authenticator is one of many options that are better and more secure that text or email codes.
   
   
4. Freeze your credit report: The three major credit reporting agencies are required by federal law to freeze your credit report for free. This can be done for your account and for your children under age 16. This will restrict access to your credit report. Since checking credit reports is the first step in opening a new credit account, this can stop identity theft. This will also prevent you from getting a new loan, but you can unfreeze your credit at any time.
   
   
5. Monitor your bank accounts: Simply watching your money can go a long way toward stopping fraud early. This can be from identity theft or the increasingly difficult to spot skimmers that grab ATM card information, including from bank branded ATMs.
   
   
6. Be extra vigilant talking to anyone on the phone: I have had personal experience with a family member thinking she was talking to a credit card company while she was actually talking to a scammer. Your information being out there makes targeted scams more likely to sound realistic.
   
   Caller ID is easily faked so even if a number and name you recognize shows up on your phone, it could be a scam. If you are unsure about who you’re talking to, call back on a number that you have in your possession. If you call back a number they provide, they can claim to be Vandelay Industries, your bank or anything that furthers their scam.  
   
   
7. Don’t ever click on a link in an email that brings you to a login page: A phishing email can look surprisingly accurate, and a phishing web site can include everything the real web page displays. If you receive an email from a bank, your retirement account or even the college, you should type in the organization’s webpage rather than clicking on the link in the email.
   
   
8. Patch your systems: It can be tempting to avoid patches that don’t provide any new features. By the time a security patch is released for a system, the vulnerability is generally known and can be exploited to do damage. That damage could be stealing your own data or installing ransomware on your system.
   
   
9. Install software and applications from trusted sources: We all recognize that phones and tablets are just as powerful as laptop and desktop computers. By only installing apps via the Google Play store or the Apple App Store, you a minimizing the risk from these apps. You should never install an application or run a .exe or .dmg file from an email. The safest way to install this software is to go to the company’s webpage and download the software from that page.
   
   
10. Back up important data: If you are ever hit with ransomware, having a backup of your data will turn a potentially devastating loss of some of the most important data that you possess into a minor inconvenience. Your pictures, in-process manuscripts, financial history, etc., can be safely and easily backed up to reputable online services. Backblaze and Carbonite are two of many options that are reasonably priced and will protect your data from much more than ransomware. Just think about what you would lose if a device was lost or damaged beyond repair.

These tips offer a few basics that can help minimize the damage from an inevitable compromise in the future. What happened with the county computer systems is an unfortunately common occurrence so, regardless of the outcome, we have to ensure we can protect ourselves.