USPS updates security policies

July 22, 2021 The Postal Service has updated Handbook AS-805, Information Security, which details the organization’s security policies for technology assets and information resources. The updates include several new topics, including: The Executive Cyber Risk Committee, which evaluates and monitors cyber risk management activities and their alignment with the overall corporate risk profile; Contractual security…

 Continue reading

USPS: ‘Smishing’ brings email phishing to phones

The Postal Inspection Service has a message for consumers: Don’t become a “smishing” victim. The law enforcement agency is warning the public about the scam — short for SMS phishing — in which fraudsters impersonate banks, credit card companies and even the Postal Service in text messages to lure recipients into divulging personal financial data….

 Continue reading

USPS: Identifying inside security risks

The Postal Service is asking employees to remain vigilant for insider security threats that could compromise the organization’s operations. Insider security threats refer to employees, contractors or business partners who fall into two categories: accidental insiders and malicious insiders. Accidental insiders unintentionally violate security policies or online best practices by: Not physically securing laptop computers…

 Continue reading

How US postal inspectors go ‘undercover’ on the dark web

By David Thornton – July 11, 2019 For federal agents investigating cybercrimes, gathering open source intelligence is a lot like going undercover. They establish fake identities to gain the trust of the bad guys, and gather information on criminal activities. They just do it all from a keyboard. “To simplify it, you’re basically just trying…

 Continue reading

Postal Bulletin highlights protecting USPS Networks from personal devices

When plugging a smart mobile device (e.g., phone, tablet, or wearable technology) into a computer’s USB port, the two devices can exchange information or malware. At the U.S. Postal Service®, this could put sensitive information into the wrong hands and potentially affect our business and reputation. To prevent a security breach, follow these important charging…

 Continue reading

Avoid using USPS computers to charge devices

The Postal Service wants employees to remember that USB ports on work computers shouldn’t be used to charge personal devices. Plugging smartphones, tablets, wearable technology and other gadgets into USPS equipment violates Postal Service policy and puts the organization’s data at risk. The CyberSafe at USPS team offers the following tips: Use wall outlets in…

 Continue reading

The US Postal Service Wants to Hunt Down Dark Web Criminals

By Joseph Cox – January 18, 2017 The FBI isn’t the only US law enforcement agency on the dark web. Considering that the digital drug trade relies on snail mail to transport goods, the US Postal Inspection Service (USPIS) works on related investigations too, and is now looking to expand its intelligence operations with more…

 Continue reading

USPS OIG: Review of Selected Active Directory Domains

Background The U.S. Postal Service uses Microsoft’s Active Directory (AD) to control access to more than 192,000 information resources managed by 183 domains on the Postal Service information technology (IT) network. Users can access systems and services through AD once they enter a user name and password. Administrators use AD to set up and manage…

 Continue reading