Corporate Information Security Office (CISO)
The U.S. Postal Service faces ongoing cyberthreats and challenges that directly impact customers, partners, and employees. In support of the Postal Service’s mission to protect its critical stakeholders, the Corporate Information Security Office (CISO) was established to safeguard the USPS network, monitor threats, and respond to incidents.
As with comparable organizations in the government and private-sector, cybersecurity is a top priority for the Postal Service, and an essential enabler to meet the organization’s business goals. Cybersecurity at the Postal Service is every employee and contractor’s responsibility. Even one small cybersecurity event could cause significant operational disruption.
Looking for Security Guidance?
You can find the USPS AS805 Guidelines on Information Security here.
For questions about USPS Cybersecurity guidelines or practices, contact us at CyberSafe@usps.gov. Please note that you are an MTAC member in your inquiry.
A safe IT environment, as protected by CISO, allows the Postal Service to achieve:
- Revenue generation: Cybersecurity allows postal to deploy and sustain the next generation of digital solutions and products.
- Infrastructure protection: Cybersecurity protects Postal Service’s mail delivery infrastructure against threats that could disrupt operations.
- Employee and customer data protection: Cybersecurity protects Postal Service employee and customer data.
- Regulation and standards compliance: Cybersecurity is required for the Postal Service to meet standards established by oversight and regulatory organizations.
- Brand protection: Cybersecurity is necessary to meet Postal Service’s business partner, information partner, and customer expectations.
How CISO constantly improves safeguards
In addition to safeguarding the USPS network and IT assets, monitoring threats, and responding to incidents, CISO addresses cybersecurity improvement recommendations provided by internal, federal, and industry subject matter experts. Some of the most recent initiatives we have adapted in this vein include:
- 24/7 year-round monitoring: The CyberSecurity Operations Center proactively recognizes incidents and threatening network interactions through non-stop threat intelligence, monitoring, and incident response.
- Incident response: CISO leads a collaborative and efficient incident response within the Postal Service, including endpoint threat detection and response.
- Awareness and training: CISO has trained more than 200,000 employees on cybersecurity essentials and raised 600,000 employees’ cyber awareness through our CyberSafe at USPS® training program and awareness campaign activities.
- System updates and scanning: CISO implements system upgrades and patching for all Postal Service systems.
CISO’s continued investment in cybersecurity addresses changing cyber vulnerabilities and prevent or minimize the impact of future cyber incidents to the Postal Service.
CyberSafe at USPS tips for businesses
Businesses large and small use USPS for shipping or logistics.
A single cyberattack can set your business back weeks or even months, so having a cybersecurity plan is more important than ever. The following suggestions provide preventative steps your business can take to minimize risk.
- Train team members to avoid opening suspicious emails or clicking on suspicious links.
- Keep software updated on all employee computers and cell phones.
- Regularly backup data from employee work computers.
- Ensure employees avoid conducting business transitions over public Wi-Fi networks.
While USPS CISO has provided a few tips here to help partners, other government agencies take a more proactive role in educating the business community and the public about cybersecurity matters. Here are four helpful sites that can make a difference in your cybersecurity program.
Additional government cybersecurity tips
- DHS Cybersecurity Infrastructure Security Agency (CISA): CISA is responsible for protecting the nation’s critical infrastructure from cyber and physical threats. This mission requires effective coordination and collaboration among a broad spectrum of government and private sector organizations. https://www.cisa.gov
- National Institute of Standards and Technology National Initiative for Cybersecurity Education (NICE): The mission of NICE is to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. https://www.nist.gov/itl/applied-cybersecurity/nice
- National Cyber Security Alliance Stay Safe Online: The National Cyber Security Alliance builds strong public and private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity. https://staysafeonline.org/
- Federal Trade Commission (FTC) onGuard Online: Check out the FTC’s free online security tips and resources. Share with your friends, family, coworkers, and community. https://www.consumer.ftc.gov/features/feature-0038-onguardonline
Five CyberSafe at USPS® tips to help remote workforce members stay secure
The coronavirus caused many businesses to adapt to a partial or full teleworking environment. While necessary, the remote work reality opened a new area of security vulnerability for enterprises across the country, revealing the importance of individual teleworkers’ home IT habits.
To help protect the Postal Service, the USPS Corporate Information Security Office (CISO) responded to the COVID-19 crisis by putting together a series of CyberSafe at USPS teleworking tips to help protect remote workforce members as well as the agency’s IT network infrastructure. Educating the workforce is a critical component of the USPS® cybersecurity program. An educated workforce member is less likely to fall for a compromising trap.
These five tips represent some of our favorite CyberSafe at USPS tips and can be applied to almost any remote worker in the coronavirus era. They are suggestive only, and do not represent formal guidance from the United States Postal Service. We hope you find them useful for your own enterprise’s cybersecurity efforts.
- Tip #5 Watch out for COVID-19 branded phishing attacks
- Tip #14 Secure your meeting
- Tip #16 Home security (routers)
- Tip #22 Webcam spy (Protect your laptop and home)
- Tip #30 Cabin Fever? (Beware of unknown wifi)
Contact Us About Security Incidents and General Inquiries
USPS CISO wants to hear from the industry about security incidents as soon as possible. If you are experiencing a security incident, please do the following:
1) Inform USPS CISO immediately by sending an email to CyberSafe@usps.gov. Please provide as much information about the incident as you can, including location, screen captures, and affected service.
2) Contact the local USPS Inspection Service office by calling 1-877-876-2455.
Please take both steps so our Cybersecurity Operations Center and the Inspection Service can respond as quickly as possible.
Have general questions about USPS information security? Non-emergency cybersecurity inquiries should be emailed to our CyberSafe@usps.gov email address. Please note you are an MTAC member in your inquiry.
In addition, please review Handbook AS-805 - Information Security. AS-805 establishes an organization-wide standardized framework of information security policies to ensure the detection, prevention, response to, and investigation of cybercrime incidents and misuse of Postal Service information technology assets.
Frequently asked questions about the Postal Service can be found here. In addition, you can ask general questions about the Postal Service via this form.
For specific questions about USPS information security or the CISO office, a special email address will be created for MTAC.