The Postal Service is reminding employees and contractors that while office email is an efficient way to communicate, it can also leave the organization vulnerable to cyberattacks if misused.
Research shows most malicious software — also known as malware — is delivered through emails, often as HTML attachments. Once downloaded, the malware allows cybercriminals to gain access to personal information, sensitive data and potentially entire computer networks.
For instance, emails played a key role in last year’s massive cyberattack against SolarWinds, a major firm that specializes in security software widely used by government agencies, according to a Microsoft Threat Intelligence Center report.
The attack included an email phishing assault against SolarWinds’ partners with access to its systems.
The assault ultimately allowed the people behind the attack to gain access to a SolarWinds software product and insert a malicious code that later comprised online security.
While the Postal Service was not affected by the SolarWinds cyberattack, many reputable organizations — including government agencies — were impacted when the code was uploaded.
To avoid potential email threats, the CyberSafe at USPS team offers the following tips:
• Use appropriate encryption in external emails that contain sensitive information — such as birthdate, marital status and addresses — by adding #sensitive# to the subject line.
• Keep USPS and personal emails separate. Sending or receiving email to your USPS email address from your personal email account is prohibited.
• Don’t use your USPS email to subscribe to retailer or other notifications unrelated to official postal business.
Employees should remain vigilant and report any suspicious emails.
The CyberSafe at USPS Blue page has more information.