Cybersecurity tips from the City of Boston
We have some tips to keep you safe while you're using the Internet and your digital devices.
2020 summer fellowships
We're now accepting applications for our 2020 summer fellowship program! The deadline to apply is February 1.
October recognized as Cyber Security Awareness Month
On the go
Your phones, laptops, and tablets have tons of information about you on them that needs to be protected.
- Lock your device. Use the password, passcode, swipe, or PIN function — or set up touch identification — so that only you can get access.
- Keep all your software up-to-date. The operating system and apps you use put out new releases that guard against the latest malware, viruses and other threats. Make sure you always have the most recent versions.
- Delete things you don’t use. Delete all the apps and software that you do not need any more or no longer use.
Remember that public Wi-Fi is never secure and can’t always be trusted. Use public Wi-Fi with caution. Don’t log into anything sensitive (like financial services or email) while using it.
Be secure by getting a VPN (virtual private network) login to use when you are out and about. Another secure connection option is using a personal mobile hotspot.
Change the name of your network from the manufacturer’s default to something personal to you. Also, reset the password from the pre-set one to something complex. Remember to use a long and strong password.
Look at your network’s security settings and switch to WPA2, if that’s an option. If not, use WPA. Both of these are more secure than WEP. Also, if there is an option for “Remote Management” turn that one off.
If you can, set up a guest login for your network. Then if someone is visiting your home, you can share only the guest password with them, not your password.
Make sure you check periodically for any updates to your router’s software, so you have the latest version. You should also consider setting up a firewall.
There are free security scans available from well-known companies. Use them to check out your systems. While there is a cost involved, buying anti-virus software is a good way to protect your computer (or mobile device). You can prevent viruses and other types of cyber attacks.
Make sure you set up all your security software to automatically update. That way, when a new virus or hack is spotted, you’ll get the fix to keep you safe.Applying patches and updates
Make sure you apply updates for your operating system, web browsers. and software (especially security software) whenever they’re available.
Go into the settings for your computer operating system and web browser to make sure they update automatically. Having auto-updates lets you know you're protected against the latest threats from malware and viruses.
As more and more things become computerized (watches, appliances, cars, toys), it’s important to apply smart security thinking. Reports show that about five million things were connected to the Internet every day in 2016. By 2020, more than 20 billion things will be on the internet.
- First rule? Don’t connect if you don’t need to. Just because your fridge or bed can be connected to the Internet doesn’t mean you have to do that. If you do not see a benefit, don’t connect.
- Change the password right away on every device from the manufacturer’s default. The same password rules apply for things — use a strong password and make it unique.
- If you can, set the software to check for updates about every three months. You can also set a reminder and check for updates yourself.
- Connect your things through your guest Wi-Fi network (if you have one). This separates them from the home network where your important data is stored.
There are different options for parents to use to be proactive in keeping their kids safe online:
- Filtering and blocking: restrict access to specific sites, words, or images
- Block outgoing content: prevents children from sharing personal info
- Time limitation: set time limits for how long or when during a day kids can get online
- Monitoring: record which sites are visited and get alerts for specific sites
The federal government also has some tips for parents.
There is a range of behavior that falls under the term cyberbullying. This includes online posts that are embarrassing, online threats or harassment, and stalking done through emails, texts, or social networks. All ages can be involved, but teens are the most common victims.
There are ways to protect your kids:
- Limit where they post any personal information. This will limit their exposure to bullies.
- Don’t escalate a bullying situation. An easy solution is to terminate the account and start a new one the bully doesn’t have access to.
- Document cyberbullying with an electronic version and a paper printout.
- If you feel your children are being harassed or threatened, report the cyberbully to the authorities. That can be either the school or police.
The Cyberbullying Resource Center has lots more information.
Use hard to guess and long (8-10 characters minimum) passwords.
Include uppercase and lowercase letters, numbers, and special characters (like “&”, “$”, and “*”). Never use names, dates, or phone numbers since those things can be found on the Internet.
Never use the same password in more than one place. That way, if your password for one site gets stolen, none of your other logins are in danger.
Consider using a password manager. It’s a good way to keep lots of unique, strong passwords without having to remember all of them. We put some options in our “tools” section below.
Your computer and mobile devices have tons of important information on them. Make sure you protect them with strong passwords. Having a good backup routine is critical as well. There are three steps to backing up your data:
- Make copies of your data. Most computers have a built-in backup option (Apple support; Windows support).
- Store the copies using either hardware or software options. Hardware options include an external hard drive, flash drive, or a DVD/CD. Software options are online services that keep your data in the cloud. There is usually a monthly storage fee for the service).
- Keep the back up someplace safe. It’s a good idea to put it in a location that isn’t your home, like a relative’s house or your workplace. That way, if something happens to your home, it’s still available.
Phishing is when cybercriminals send an email or use a website to try to get you to provide personal or financial details. Sometimes they have you click a link and put malware onto your device. But there’s ways to avoid a phish:
- Don’t respond to emails that don’t look legit. Follow up with the company directly instead of clicking the link.
- Check for spelling or grammar mistakes in the email. Phishing hackers also try to use a sense of urgency to get you to act — don’t fall for it.
- Look at the URL (the website address). Does it start with https://? You want to make sure you see the S for secure! Is there something that isn’t spelled right, or extra info? For example, if it says boston.gov.pl ...that’s the wrong address.
Two-step verification is sometimes also called “login verification,” “multi-factor authentication,” or “two-factor authentication.” It’s a great way to protect your social media accounts. Through two-step verification, you set up a second factor as part of your login process.
Some options include getting a code sent in a text to your phone or getting a push notifications in an app. Using two-step adds an extra layer of security and stops anyone who might have stolen your password.
Signs that you may have been hacked include:
- your family and friends ask you why you sent an email that you never did
- you see posts on your social networks that you didn’t make (especially asking people to click a link), or
- you lose a mobile device.
- Let everyone know. Tell your contacts to be on the lookout for suspicious emails or posts from you. And tell them to delete those emails and posts right away.
- Reset your password for the account that was hacked and all your other key accounts (like your email and online banking). Remember to follow the password rules (long, strong, and unique).
- If you think a device has been infected, update your security software and then run a full scan.
- If you cannot get into an account, contact that service provider right away and follow the steps they give you to recover your account.
You can take the same steps when a company lets you know it had a security breach. Better safe than sorry! Worried you're a victim of identity theft? Report it right away.
About the IT Security Team
We protect the City of Boston's electronic assets and data from cyber threats. Our team puts in place and manages security tools, including:
- web filtering
- intrusion protection, and
- data loss prevention.
We work to detect and stop intrusion attempts. We also develop and enforce the City's cybersecurity policies. As part of this work, we educate City employees about the best practices for staying cyber secure.
We keep the City's technology assets secure through regular vulnerability scans. When requested, we also perform penetration testing. The goal is to find vulnerabilities that attackers could exploit and close those gaps.