USPS: Passphrases improve online security

Passwords are widely used to control access to online accounts, but they aren’t always secure. Using powerful software that runs through millions of word and number combinations, thieves can easily decipher commonly used passwords in seconds. For instance, it only took hackers one second to figure out 123456, a password used by more than 2.5…

 Continue reading

USPS OIG Report: Protection Against External Cyberattacks

Objective Our objective was to determine if the Postal Service has an effective security posture to protect its Information Technology (IT) infrastructure from external cyberattacks and prevent unauthorized access to restricted data. In the past two years, 51 percent of organizations have experienced a cybersecurity incident that resulted in a significant disruption to their IT…

 Continue reading

USPS updates security policies

July 22, 2021 The Postal Service has updated Handbook AS-805, Information Security, which details the organization’s security policies for technology assets and information resources. The updates include several new topics, including: The Executive Cyber Risk Committee, which evaluates and monitors cyber risk management activities and their alignment with the overall corporate risk profile; Contractual security…

 Continue reading

USPS: ‘Smishing’ brings email phishing to phones

The Postal Inspection Service has a message for consumers: Don’t become a “smishing” victim. The law enforcement agency is warning the public about the scam — short for SMS phishing — in which fraudsters impersonate banks, credit card companies and even the Postal Service in text messages to lure recipients into divulging personal financial data….

 Continue reading

USPS: Identifying inside security risks

The Postal Service is asking employees to remain vigilant for insider security threats that could compromise the organization’s operations. Insider security threats refer to employees, contractors or business partners who fall into two categories: accidental insiders and malicious insiders. Accidental insiders unintentionally violate security policies or online best practices by: Not physically securing laptop computers…

 Continue reading

How US postal inspectors go ‘undercover’ on the dark web

By David Thornton – July 11, 2019 For federal agents investigating cybercrimes, gathering open source intelligence is a lot like going undercover. They establish fake identities to gain the trust of the bad guys, and gather information on criminal activities. They just do it all from a keyboard. “To simplify it, you’re basically just trying…

 Continue reading

Postal Bulletin highlights protecting USPS Networks from personal devices

When plugging a smart mobile device (e.g., phone, tablet, or wearable technology) into a computer’s USB port, the two devices can exchange information or malware. At the U.S. Postal Service®, this could put sensitive information into the wrong hands and potentially affect our business and reputation. To prevent a security breach, follow these important charging…

 Continue reading

Avoid using USPS computers to charge devices

The Postal Service wants employees to remember that USB ports on work computers shouldn’t be used to charge personal devices. Plugging smartphones, tablets, wearable technology and other gadgets into USPS equipment violates Postal Service policy and puts the organization’s data at risk. The CyberSafe at USPS team offers the following tips: Use wall outlets in…

 Continue reading