The cybersecurity landscape is increasing in size and complexity at a prolific rate. One of the largest trends in cyber technology, the Internet of Things (IoT), helps explain this growth. Postal employees must understand the implications of the IoT not only for their personal security, but also for the greater information security of the U.S. Postal Service®.
The IoT refers to the concept that most devices with on/off switches have the capability to connect to the Internet. While this may seem obvious, the far-reaching implications of this idea can be seen when one looks at the number of devices that have these capabilities. This list includes Wi-Fi enabled dinosaur toys, wearable technology, household equipment (i.e., radios, alarm clocks, washing machines, etc.), and even headphones. To put this in perspective, experts predict there will be more than 24 billion IoT devices on Earth by 2020 — approximately four devices per person.1
With the increasing number of these devices and the cyber threats faced by the Postal Service™, postal employees must never connect personal devices to their postal computers or network. While these technological advances offer more opportunities to connect, they also provide hackers with more chances to infiltrate our networks. Non-postal, non-encrypted thumb drives, wearable technology, and other personal devices are strictly prohibited from postal networks.
To protect your networks from cyber threats involving the IoT, take the following steps:
n Research the product before purchasing. Make sure that you investigate the security protocols of Wi–Fi enabled devices and ask about the process for security updates or software prior to purchasing.
n Update your device settings. No matter how new a device is, users should always complete legitimate security updates to ensure their device meets common security standards.
n Change the passwords for all your devices. Although it may be tempting, do not use one password for each of your devices. Passwords should use a minimum of 15 characters, including upper and lowercase letters, numbers, and a unique identifier or special character (special characters include “!,” “@,” etc.).
Suspicious activity should be reported to the CyberSecurity Operations Center (CSOC) at CyberSafe@usps.gov. For more information on reporting suspected threats, check out the new public-facing CyberSafe at USPS™ website at www.usps.com/cybersafe or the CyberSafe at USPS pages on Blue (https://blue.usps.gov/cyber/) and LiteBlue (https://liteblue.usps.gov/cyber/).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 1-19-17
