The Postal Service™ wants to remind employees and contractors to beware of oversharing work-related information. Oversharing can occur when Microsoft SharePoint and Teams sites are set to public instead of private.
While Microsoft SharePoint and Teams are great collaboration tools, we urge employees to be careful and not share confidential information that could put USPS® at risk.
If sites are set to public instead of private, content is accessible enterprise-wide and confidential information could be revealed that should remain protected. This could result in the loss of sensitive data, violation of privacy laws and compliance rules, and damage to our reputation with stakeholders.
To ensure the organization remains secure, the Chief Information Security Office recently converted all public USPS Teams and SharePoint sites to private sites.
Owners and members of the impacted sites should expect the following:
n After the transition to private sites, owners and members of the affected sites will retain their access.
n Any users who had access or used a public SharePoint site before the change will no longer have access if they were not members of the site.
Site owners can always change their private site back to public; however, they should first take these steps:
n Understand that content shared on public sites is searchable throughout the enterprise.
n Know that private channels can be added to public Teams sites only when the owners control access rights. For SharePoint, owners need to create a separate site to function as a private channel.
n Store documents or content containing confidential, sensitive, or sensitive-enhanced data only on private Teams or private SharePoint sites.
n Commit to conducting periodic reviews of all sites owned to ensure access rights are set accordingly and that no sensitive or confidential information has been added to public sites.
For questions about oversharing, visit the IT Self Help portal at usps.servicenowservices.com or email the Endpoint Technology Team at EndpointTechEngineeringDigitalCommunications@usps.gov.
For more information, visit the CyberSafe at USPS® pages on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber), as well as the Monthly Awareness Campaigns page at (blue.usps.gov/cyber/communications.htm).
— Corporate Information Security Office,
Chief Information Security Officer, 4-4-24