city_hall

Official websites use .boston.gov

A .boston.gov website belongs to an official government organization in the City of Boston.

lock

Secure .gov websites use HTTPS

A lock or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Last updated:

Cybersecurity tips from the City of Boston

We have some tips to keep you safe while you're using the Internet and your digital devices.

  • Still have questions? Contact:

On the go

Security for your mobile device

Your phones, laptops, and tablets have tons of information about you on them that needs to be protected.

  1. Lock your device.

     Use a robust password, passcode, swipe, or PIN function and do not share it with anyone — or set up touch or face identification — so that only you can get access.

  2. Keep all your software up-to-date.

    The operating system and apps you use often release new updates that guard against the latest malware, viruses, and other threats. Make sure you always have the most recent versions of the operating system or the app.

  3. Delete things you don’t use.

     Delete all the apps and software that you do not need anymore or no longer use. Also, remove or disable any account which you may not be using.

Using public Wi-Fi
  1. Remember that public Wi-Fi is never secure and can’t always be trusted. Use public Wi-Fi with caution. Don’t log into anything sensitive (like financial services or email) while using it.
  2. Be secure by getting a VPN (virtual private network) login to use when you are out and about. Another secure connection option is using a personal mobile hotspot.
  3. Do not save your login credentials on an untrusted device as they could be misused.

At home

Securing your wireless network
  • Change the name of your network from the manufacturer’s default to something personal to you. Also, reset the password from the pre-set one to something complex. Remember to use a long and strong password.
  • Look at your network’s security settings and switch to WPA3, if that’s an option. If not, use WPA2 or WPA. Both of these are more secure than WEP. Also, if there is an option for “Remote Management” turn that one off.
  • If you can, set up a guest login for your network. Then if someone is visiting your home, you can share only the guest password with them, not your password.
  • Make sure you check periodically for any updates to your router’s software, so you have the latest version. You should also consider setting up a firewall.
Anti-Virus
  • There are free security scans available from well-known companies. Use them to check out your systems. While there is a cost involved, buying antivirus software is a good way to protect your computer (or mobile device). You can prevent viruses and other types of cyber attacks.
  • If you are using a Windows computer, never turn off Windows Defender as it disables the security of the system, making the device vulnerable to security attacks.
  • Make sure you set up all your security software to automatically update. That way, when a new virus or hack is spotted, you’ll get the fix to keep you safe.

 

Applying patches and updates
  • Make sure you apply updates for your operating system, web browsers, and software (especially security software) whenever they’re available.
  • Go into the settings for your computer operating system and web browser to make sure they update automatically. Having auto-updates lets you know you're protected against the latest threats from malware and viruses.
IoT (Internet of Things)

As more and more things become computerized (watches, appliances, cars, toys), it’s important to apply smart security thinking. Reports show that about 38.5 billion things were connected to the Internet every day in 2020. By 2030, more than 50 billion things will be on the internet.

Internet of Things tips
  1. First rule? Don’t connect if you don’t need to. Just because your fridge or bed can be connected to the Internet doesn’t mean you have to do that. If you do not see a benefit, don’t connect.
  2. Change the password right away on every device from the manufacturer’s default. The same password rules apply for things — use a strong password and make it unique. If you can, set the software to check for updates about every three months. You can also set a reminder and check for updates yourself.
  3. Connect your things through your guest Wi-Fi network (if you have one). This separates them from the home network where your important data is stored.

For parents

There are different options for parents to use to be proactive in keeping their kids safe online:

  • Filtering and blocking: restrict access to specific sites, words, or images
  • Block outgoing content: prevents children from sharing personal info
  • Time limitation: set time limits for how long or when during a day kids can get online
  • Monitoring: record which sites are visited and get alerts for specific sites

The federal government also has some tips for parents.

Cyberbullying

There is a range of behavior that falls under the term cyberbullying. This includes online posts that are embarrassing, online threats or harassment, and stalking through emails, texts, or social networks. All ages can be involved, but teens are the most common victims.

 

There are ways to protect your kids:

  • Limit where they post any personal information. This will limit their exposure to bullies.

  • Don’t escalate a bullying situation. An easy solution is to terminate the account and start a new one the bully doesn’t have access to.
  • Document cyberbullying with an electronic version and a paper printout.
  • If you feel your children are being harassed or threatened, report the cyberbully to the authorities. That can be either the school or the police.

The Cyberbullying Resource Center has lots more information.

Personal security

Passwords
  • Use hard-to-guess and long (16-18 characters minimum) passwords.
  • Include uppercase and lowercase letters, numbers, and special characters (like “&”, “$”, and “*”). Never use names, dates, or phone numbers since those things can be found on the Internet.
  • Never use the same password in more than one place. That way, if your password for one site gets stolen, none of your other logins are in danger.
  • Consider using a password manager. It’s a good way to keep lots of unique, strong passwords without having to remember all of them. We put some options in our “tools” section on our home page.
Protecting Personal Data

Your computer and mobile devices have tons of important information on them. Make sure you protect them with strong passwords. Having a good backup routine is critical as well. There are three steps to backing up your data:

  1. Make copies of your data. Most computers have a built-in backup option (Apple support; Windows support).
  2. Store the copies using either hardware or software options. Hardware options include an external hard drive, flash drive, or a DVD/CD. Software options are online services that keep your data in the cloud. (There is usually a monthly storage fee for the service).
  3. Keep the back up someplace safe. It’s a good idea to put it in a location that isn’t your home, like a relative’s house or your workplace. That way, if something happens to your home, it’s still available.
Avoiding Phishing

What is Phishing?

Phishing is when cybercriminals send an email or use a website to try to get you to provide personal or financial details. Sometimes they have you click a link and put malware onto your device.

 

Ways to avoid a phish:

  • Don’t respond to emails that don’t look legit. Follow up with the company directly instead of clicking the link.
  • Check for spelling or grammar mistakes in the email. Phishing hackers also try to use a sense of urgency to get you to act — don’t fall for it.
  • Look at the URL (the website address). Does it start with https://? You want to make sure you see the S for secure! Is there something that isn’t spelled right, or extra info? For example, if it says boston.gov.pl ...that’s the wrong address.
  • Phishing calls: Hang up or end the call. Be aware that area codes can be misleading. If your Caller ID displays a local area code, this does not guarantee that the caller is local. Do not respond to the caller’s requests.
Two-step verification for social media

Two-step verification is sometimes also called “login verification,” “multi-factor authentication,” or “two-factor authentication.” It’s a great way to protect your social media accounts. Through two-step verification, you set up a second factor as part of your login process.

Some options include getting a code sent in a text to your phone or push notifications in an app. Using two-step adds an extra layer of security and stops anyone who might have stolen your password.

Social media tools

Most social media tools provide this service, so it’s a great idea to set it up. Learn more about FacebookSnapchat, Twitter, and other two-step options.

If You’re Hacked

Signs that you may have been hacked include:

  • your family and friends ask you why you sent an email that you never did
  • you see posts on your social networks that you didn’t make (especially asking people to click a link), or
  • you lose a mobile device.
  • you receive an update or mail from a website or an application that the account has been accessed from a location that is unknown to you.
Take these steps to regain control:
  1. Let everyone know. Tell your contacts to be on the lookout for suspicious emails or posts from you. And tell them to delete those emails and posts right away. Also, tell them to report the account.
  2. Reset your password for the account that was hacked and all your other key accounts (like your email and online banking). Remember to follow the password rules (long, strong, and unique).
  3. If you think a device has been infected, update your security software and then run a full scan.
  4. If you cannot get into an account, contact that service provider right away and follow the steps they give you to recover your account.
  5. If you are getting phishing calls you can report it on the consumer complaint website.

You can take the same steps when a company lets you know it had a security breach. Better safe than sorry! Worried you're a victim of identity theft? Report it right away.

  • Still have questions? Contact:
Back to top