USPS Best Practices Regarding Email Security For Suppliers
September 30, 2016
Your security comes first
At USPS® we take our cyber security responsibilities seriously. Protecting the data of our customers, partners, vendors and suppliers is paramount. To help keep this information secure and protected, we have implemented comprehensive email policies and procedures for avoiding physical and cyber breaches.
USPS goes to great lengths to ensure email security with our suppliers.
Set up a spam filter and only send sensitive information over an encrypted connection.
The do’s and don’ts of email security
Email was one of the first widely-adopted web-based applications used by businesses in the earliest days of the Internet. Today there are billions of accounts, and this makes it a preferred avenue by which cybercriminals steal money, identities and account information like credit card numbers and passwords.
Understanding the most common email threats
In order to safely use email it is important to understand the nature of the threats employees face:
- Spam is the electronic equivalent of junk mail where unwanted emails show up in your inbox with unsolicited offers, requests, links that lead to malware, and downloadable files that infect your computer with malware.
- Phishing – attacks that use social engineering to obtain personal and financial information or infect your machine with malware by getting the victim to download an infected file or visit an infected website.
- Spear-phishing is highly-specialized phishing attack that targets a specific individual or small group of individuals to collect information in order to gain access to computer systems, networks, and data.
To remain safe when using email, USPS employees must:
- Send sensitive, sensitive-enhanced and non-publicly available information only to authorized personnel on a “need-to-know” over encrypted channels.
- Never use USPS-provided computing devices, including mobile devices, to check private email accounts or social media pages.
- Never open unsolicited or suspicious email attachments or click on links in emails.
- Never use the “Reply” button. Instead USPS employees must use the “Forward” option and either type in the correct email address or select it from the USPS email address book.
- Delete the spam without opening it.
- Never view, create or forward pornographic material.
- Never view, create or forward chain letters or other unauthorized mass mailings.
- Never use the “Reply-All” function to respond to emails with large recipient lists unless all recipients need to receive the reply.
How to counter common email threats:
- Activate a spam filter: More than 60% of all emails a business receives can be unwelcome, including spam and phishing attempts. Your email or hosting service may offer filtering services. Alternately, your business can set up a local filter, but review the filters regularly so that important email isn’t blocked in error.
- Require complex passwords: To lower the chance of getting hacked, a minimum of 15 characters is recommended. Learn more about password best practices here.
- Train your employees: Email-security training can help your employees recognize suspicious emails. Also, your employees should know that using work email inappropriately, to forward chain letters or pornographic materials that may include malware is not only dangerous for business—it can also be illegal.
- Protect sensitive information: Whether you’re sending private business information or data that is regulated (such as health records or personally identifiable information), be certain that it can only be accessed by those entitled to see it. Check with your mail or internet provider to be sure you’re using an encrypted connection.
- Determine an email retention policy: Business security can also depend on record-keeping. And some businesses are legally required to keep emails backed up and in storage for regulated periods of time. Consult your legal advisor to learn how this affects your business.
- Develop and enforce an email usage policy: With a published policy, you and your employees will be better able to recognize and avoid threats.