U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Stay Cyber Safe

Cybersecurity Awareness Month Logo

October is Cybersecurity Awareness Month, a global effort to help individuals protect themselves online. This year’s theme is “Secure our World” and the City of Cambridge is proud to participate in this online safety and education program now celebrating its 20th year.

This year’s theme, Secure Our World, calls everyone to action to adopt ongoing cybersecurity habits and improved online safety behaviors. Secure Our World remain a consistent theme for every Cybersecurity Awareness Month in the future.

Its key messages underscore how we can Secure Our Information, Secure Our Families and Secure Our Businesses by focusing on four simple—yet critical—actions that everyone should implement and continuously strengthen.

Cybersecurity Action Steps you can take now

  • Enable Multi-Factor Authentication – Enable multiple-factor authentication (sometimes called two factor authentication) across all accounts that support it. This single step is one of the best ways to reduce the risk of an account being hacked. Start with your highest priority accounts such as email, banking, health, password managers, and social media profiles. Not all accounts do, but if an account or service offers this option, enable it.

    Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator application.
  • Use Strong Unique Passwords on all accounts and a Password Manager – Longer passwords are stronger passwords. You can try using a passphrase or combination of words to make it memorable. Complex passwords utilize letters, capitalization, numbers, and characters to make them harder to compromise. Use a unique password on all your accounts, these multiple long complex passwords can be easily created and managed by a password manager that you protect with multi-Factor authentication.
  • Update Your Software – Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.

    When downloading a software update, only get it from the company that created it. Never use a hacked, pirated, or unlicensed version of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.

    Software from legitimate companies usually provides an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available. Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured, or it could contain malware.
  • Recognize and Report Phishing - Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for. Here are some quick tips on how to clearly spot a fake phishing email:
    • Contains an offer too good to be true
    • Language that is urgent, alarming or threatening
    • Poorly crafted writing with misspellings or bad grammar.
    • Greetings that are ambiguous or very generic.
    • Requests to send personal information.
    • Urgency to click on an unfamiliar hyperlink or attachment.
    • Strange or abrupt business requests.
    • Sending e-mail address does not match the company it is coming from.

What do I do?

Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition.

If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.

If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.

Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly.

Helpful Links

Links to Cybersecurity Awareness Month partners for more information and guidance on how to stay safe online!

Contact Us

How can we help?

Please provide as much detail below as possible so City staff can respond to your inquiry:

As a governmental entity, the Massachusetts Public Records Law applies to records made or received by the City. Any information received through use of this site is subject to the same provisions as information provided on paper.

Read our complete privacy statement


Service Requests

Enter a service request via SeeClickFix for things like missed trash pickups, potholes, etc., click here