By Daniel Chaitin – October 10, 2015
Less than a year after a hack affected nearly 1 million U.S. Postal Service employees, a watchdog report finds that a quarter of USPS employees are still duped into clicking scam email links.
Additionally, 93 percent of the employees that clicked the phishing links did not report it to the Postal Service’s Computer Incident Response Team, as required by policy. These findings by the Office of Inspector General present a potential security risk to the agency.
Investigators sent emails containing false links to 3,125 employees over a two week period. Of that number, 789 clicked on one of the fraudulent links in the phishing email.
The audit also found that of the 3,125 employees it investigated, 96 percent did not complete the annual security awareness training offered at the agency. Ninety-five percent of those who fell for the phishing emails did not complete the course.
In response to the troubling findings, the inspector general recommended that all Postal Service employees with access to the Internet be required to take security awareness training.
Postal service officials “disagreed with the portrayal of the reporting in the audit as a 93 percent failure,” pointing out that over 100 reports of phishing complaints were received within the first hour. They also took issue with IG’s conclusion that the agency does not currently require all employees with access to USPS networks to take cybersecurity training, contending that it does require a “CyberSafe” course to be completed.
Follow up phishing tests by the Postal Service have shown modest improvement in awareness.
In September of 2014, the personal data of approximately 800,000 Postal Service workers was compromised due to a hack.
“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” said [former] Postmaster General Patrick Donahoe in a statement responding to the incident.
The Postal Service has over 200,000 email accounts, which send and receive more than 3.5 million emails daily.