September is National Insider Threat Awareness Month (NITAM). The United States Postal Service® (USPS®) supports NITAM as part of its commitment to protecting the organization’s information resources from accidental or intentional unauthorized use, modification, disclosure, or destruction, which is stated in Handbook AS-805, Information Security, at blue.usps.gov/cpim/ftp/hand/as805/welcome.htm.
As a reminder, information such as personally identifiable information (PII), sensitive-enhanced information, sensitive information, and proprietary information must never be shared with unauthorized individuals or stored on unapproved devices; it must always be protected.
For instance, if “Jeff” copies, moves, and stores electronic files containing PII to an unapproved, removable media device, he meets the criteria for designation as an insider risk because he failed to protect sensitive information. If he disclosed information for personal gain, “Jeff” would also be considered an insider threat. Actions would then be taken to counter the threat and implement measures to protect Postal Service™ information from further unauthorized disclosure.
It‘s important to remember that not all risky activities lead to an actual threat. A pattern of conduct or behavior by an individual may be insignificant on its own, but worth reporting to CISO when observed in combination with other conduct or behaviors.
If you observe a pattern of irregular behavior, send an email to the Insider Risk Program at insider_risk@usps.gov.
If you notice that an individual poses any threat to USPS assets or personnel, contact the United States Postal Inspection Service® directly at 877-876-2455, option 2.
— Corporate Information Security Office,
Chief Information Security Officer, 9-21-23
