As we all become increasingly computer literate and get used to various ways to access the Internet anytime from virtually anywhere, we have to also become more aware of how we store the vast amounts of personal and business information in databases at our fingertips. Organizations such as the Postal Service™ are prime targets for persons who would steal this information. By establishing good basic security habits, you can prevent a compromise of sensitive personal and business information caused by (or resulting from) a cyber intrusion.
n Use Postal Service technology for business purposes. The technology that you use at work is primarily for the authorized business of the Postal Service. It’s there to help you do your job.
n Limit personal use of desktop and laptop computers, e-mail, and Internet access. To protect yourself and the Postal Service, you should consult the acceptable use policy and discuss this use with your supervisor. A clear understanding of the limitations on this privilege can help you avoid unnecessary problems.
n Do not install your own software or any product from an outside vendor on a Postal Service system without permission from Information Technology.
n Keep your password secret and choose passwords that are very hard to guess. Make sure each password is at least eight characters in length and includes upper and lowercase letters and numbers. You also may use special characters such as “&,” “#” and “$.” Avoid simple English words, proper names, or personal data, such as birthdays, addresses, or telephone numbers.
n When you leave your desktop or laptop unattended, use the password-protected screensaver or log off the network.
n Change your password immediately if you think it has been compromised, and telephone or e-mail the Postal Service Computer Incident Response Team by calling 866-USPSCIRT (866-877-7247) or by sending an e-mail to USPSCIRT@usps.gov.
n Do not open messages or attachments sent to you by strangers. E-mail can easily and quietly spread viruses and cause other problems to our computer network.
n Do not initiate or forward e-mail chain letters, messages that contain possible hoaxes, advertising, jokes, or other non-business messages.
n Do not preview “spam” messages and do not click the “unsubscribe” within spam messages. Just delete them entirely. You may also put the sender into your junk mail file.
n Do not leave restricted, personal, or sensitive hardcopy information in public areas.
n Backup your work regularly to protect it from loss, and ensure that the backup is stored securely.
n If a sensitive data file must be removed from Postal Service premises, first obtain approval from your manager before removing the paper or electronic data. Secure the electronic data per an approved encryption method. For instructions on encrypting sensitive files, visit the Information Security Awareness page at http://ITWebShare.usps.gov.
Additional information may be found in Publication 805–E, What Every Employee Needs to Know About Information Security, available on the Postal Service PolicyNet website (http://blue.usps.gov/cpim). If you suspect that a security breach has occurred, you should report it immediately to the Postal Service Computer Incident Response Team by calling 866-USPSCIRT (866-877-7247) or by sending an e-mail to USPSCIRT@usps.gov.
— Corporate Information Security Office,
Chief Information Officer, 3-12-09
