WASHINGTON, D.C.—Cybersecurity incidents such as phishing scams, ransomware attacks and computer viruses continue to rise. Accordingly, Forest Service employees are responsible for being aware of these threats and helping to protect U.S. Department of Agriculture network security. The Chief Information Office recommends employees use the following cybersecurity and telework tips to help safeguard the network and agency information.

Things you can do:

• Ensure you have a strong, unique password for each account. Use at least 12 characters and a mixture of uppercase and lowercase letters, numbers and symbols. For more information on strong passwords, please watch the CIO’s Virtual Road Show webinar on Strong Passwords.
• Log off at the end of the workday (ctrl-alt-delete, then select sign out), but remain on the Virtual Private Network so critical system updates continue when you are not working.
• Reboot your computer each morning, then re-establish your VPN connection.
• Use approved communication and collaboration methods for official business, such as Outlook or Teams.
• Limit all non-mission-essential activity on government-furnished equipment (e.g., social networking, audio and video streaming, personal shopping).
• Study and follow the Rules of Behavior for Forest Service systems.
• Use only government-furnished equipment to do government work.
• Configure your home Wi-Fi according to best practices, change the password and enable encryption. For more information on securing home Wi-Fi, please watch the CIO’s VRS webinar on Wi-Fi.
• Use Box (Pinyon) to store or share information containing personally identifiable information, mark files appropriately and share only with those who have a need to know.
• Encrypt and password protect all email containing For Official Use Only, Controlled Unclassified Information, personally identifiable or protected health information if sending outside the Forest Service domain.
• Stay aware of how to spot cyberattack attempts by familiarizing yourself with cyberattack methods. For information on cyberattack methods, please watch the CIO’s VRS webinars on Malware and Phishing.
• Immediately report loss or theft of government-furnished equipment to cyber.incidents@usda.gov or call 866-905-6890.
• Report suspicious emails to spam.abuse@WDC.USDA.gov.
• Report suspicious cyber activity or behavior to cyber.incidents@usda.gov.
• Remember that you may be held administratively, civilly and/or criminally liable if you commit an unauthorized use or unauthorized disclosure of personally identifiable information in violation of federal statutes or USDA directives and regulations.

Things you should not do:

• Do not use government furnished IT equipment for non-mission-essential activity (e.g., social networking, personal shopping).
• Do not use internet-based, unofficial audio and video on-demand and streaming services or websites (e.g., YouTube, media streaming) unless authorized to do so as part of your duties.
• Do not leave your computer unlocked or leave your LincPass in your computer when unattended.
• Do not use untrusted internet or Wi-Fi connections.
• Do not use personal accounts (e.g., cloud, file sharing) for official business.
• Do not work from public locations where others can “shoulder surf.”
• Do not open suspicious emails.
• Do not click security alert or warning “pop-ups” on your computer equipment.
• Do not auto-forward or forward personally identifiable or protected health information from official email accounts to personal email accounts.
• Do not use any non-Forest Service instant messaging applications to share Forest Service information.
• Do not post, store or transmit For Official Use Only, CUI, personally identifiable or protected health information on personal equipment.
• Do not collect personally identifiable information without proper authorization.
• Do not send unencrypted personally identifiable information or protected health information outside the Forest Service domain.
• Do not travel internationally with government furnished IT equipment, such as laptops, tablets or mobile phones. If you are approved to travel internationally on Forest Service business, you will be provided loaner equipment. For more information on this process, including points of contact, please watch the CIO’s VRS webinar on International Travel with a GFE.

Following the above cybersecurity and telework tips will help protect the USDA network. If you would like to learn more about how to protect yourself from cyber threats, please visit the CIO Cybersecurity Outreach, Awareness and Training Solutions webpage (internal link), where you can find articles, event information, posters, games and more information related to cybersecurity.