13-3 Incident Prevention, Reporting, Response, and Containment

13-3.1 Incident Prevention

The following actions by Postal Service personnel can help prevent information security incidents:

  1. Display proper badge when in any Postal Service facility.
  2. Be aware of your physical surroundings, including weaknesses in physical security and the presence of any unauthorized visitor.
  3. Use only approved computer hardware and software with the latest patches installed.
  4. Use updated virus protection software and pattern recognition files.
  5. Do not download, install, or run a program unless you know it to be authored by a person or company that you trust.
  6. Use a personal firewall.
  7. Use a strong password of at least eight characters composed of upper- and lower-case alphabetic, numeric, and special characters.
  8. Encrypt sensitive-enhanced and sensitive information physically removed from a Postal Service facility.
  9. Encrypt sensitive-enhanced and sensitive information in transit.
  10. Back up data stored on local workstation and physically secure the backup copies.
  11. Be wary of unexpected attachments. Know the source of the attachment before opening it. Remember that many viruses originate from a familiar e-mail address.
  12. Be wary of URLs in e-mail or instant messages. A common social engineering technique known as phishing uses misleading URLs to entice users to visit malicious Web sites. URLs can link to malicious content that, in some cases, may be executed without your intervention.
  13. Be wary of social engineering attempts to solicit sensitive-enhanced or sensitive information (e.g., account numbers and passwords).
  14. Users of technology such as instant messaging and file-sharing services should be careful of following links or running software sent by other users.