Information Technology

Service Talk: Cyber Security Reminders

As we all become increasingly computer literate and get used to various ways to access the Internet anytime from virtually anywhere, we have to also become more aware of how we store the vast amounts of personal and business information in databases at our fingertips. Organizations such as the Postal Service™ are prime targets for persons who would steal this information. By establishing good basic security habits, you can prevent a compromise of sensitive personal and business information caused by (or resulting from) a cyber intrusion.

Authorized and Limited Personal Use of Information Technology

n Use Postal Service technology for business pur­poses. The technology that you use at work is prima­rily for the authorized business of the Postal Service. It’s there to help you do your job.

n Limit personal use of desktop and laptop computers, e-mail, and Internet access. To protect yourself and the Postal Service, you should consult the accept­able use policy and discuss this use with your super­visor. A clear understanding of the limitations on this privilege can help you avoid unnecessary problems.

n Do not install your own software or any product from an outside vendor on a Postal Service system with­out permission from Information Technology.

Password Protection

n Keep your password secret and choose passwords that are very hard to guess. Make sure each pass­word is at least eight characters in length and includes upper and lowercase letters and numbers. You also may use special characters such as “&,” “#” and “$.” Avoid simple English words, proper names, or personal data, such as birthdays, addresses, or telephone numbers.

n When you leave your desktop or laptop unattended, use the password-protected screensaver or log off the network.

n Change your password immediately if you think it has been compromised, and telephone or e-mail the Postal Service Computer Incident Response Team by calling 866-USPSCIRT (866-877-7247) or by sending an e-mail to USPSCIRT@usps.gov.

E-mail

n Do not open messages or attachments sent to you by strangers. E-mail can easily and quietly spread viruses and cause other problems to our computer network.

n Do not initiate or forward e-mail chain letters, mes­sages that contain possible hoaxes, advertising, jokes, or other non-business messages.

n Do not preview “spam” messages and do not click the “unsubscribe” within spam messages. Just delete them entirely. You may also put the sender into your junk mail file.

Safe Handling of Information Resources

n Do not leave restricted, personal, or sensitive hard­copy information in public areas.

n Backup your work regularly to protect it from loss, and ensure that the backup is stored securely.

n If a sensitive data file must be removed from Postal Service premises, first obtain approval from your manager before removing the paper or electronic data. Secure the electronic data per an approved encryption method. For instructions on encrypting sensitive files, visit the Information Security Aware­ness page at http://ITWebShare.usps.gov.

Additional information may be found in Publication 805–E, What Every Employee Needs to Know About Infor­mation Security, available on the Postal Service PolicyNet website (http://blue.usps.gov/cpim). If you suspect that a security breach has occurred, you should report it immedi­ately to the Postal Service Computer Incident Response Team by calling 866-USPSCIRT (866-877-7247) or by sending an e-mail to USPSCIRT@usps.gov.