As small as flash drives are, they can have a massive impact on an organization’s security if they contain malicious code.
For instance, the 2008 cyberattack on the United States military — when an employee connected a malicious flash drive to a USB port on a laptop — caused the worst U.S military breach in history. This action uploaded malicious code onto a network linked to the U.S. Central Command, and it took 14 months to scrub the worm from military networks.
Today, organizations more fully understand the importance of securing USB ports. That’s why USPS® employees must only use USPS-approved, encrypted devices (e.g., flash drives and hard drives) purchased through the eBuyPlus catalog for storing and transmitting sensitive information. For a full list of approved removable memory devices, visit blue.usps.gov/cyber/utilize-encryption.htm.
Important: Devices purchased outside of the eBuyPlus catalog are strictly prohibited and not approved for use with USPS equipment.
Separating work and personal documents is also important while working from home. Do not share files between your home and work computer. To ensure that a data transfer doesn’t accidently happen, never plug a personal storage device or personal phone into a USPS-issued device.
CyberSafe at USPS® advises employees and contractors to follow these guidelines to ensure the USPS network remains secure:
n Plug only USPS-approved devices into Postal Service™ equipment (see blue.usps.gov/cyber/utilize-encryption.htm for a list of approved devices).
n Use a wall outlet or a portable charger to charge your personal devices.
n Avoid public charging stations, as cybercriminals sometimes install malicious software on these stations.
For more information about cybersecurity best practices, visit the CyberSafe at USPS web pages on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 7-2-20
