WASHINGTON, D.C.—Cybersecurity incidents such as phishing scams, ransomware attacks and computer viruses continue to rise. Accordingly, Forest Service employees are responsible for being aware of these threats and helping to protect U.S. Department of Agriculture network security. The Chief Information Office recommends employees use the following cybersecurity and telework tips to help safeguard the network and agency information.

Things you can do:

• Ensure you have a strong, unique password for each account. Use at least 12 characters and a mixture of uppercase and lowercase letters, numbers and symbols. For more information on strong passwords, please watch the CIO’s Virtual Road Show webinar on “strong passwords.”
• Log off at the end of the workday (ctrl-alt-delete, then select Sign Out) but remain on the Virtual Private Network so critical system updates continue when you are not working.
• Reboot your computer each morning, then re-establish VPN connection.
• Use Box (Pinyon) to store and share files with others.
• Use approved communication and collaboration methods for official business, such as Outlook or Teams.
• Limit all non-mission-essential activity on government-furnished equipment (e.g., social networking, audio and video streaming, personal shopping).
• Study and follow the rules of behavior for Forest Service systems.
• Use only government-furnished equipment to do government work.
• Configure your home Wi-Fi according to best practices; change the password and enable encryption. For more information on securing home Wi-Fi, please watch the CIO’s webinar on “Wi-Fi.”
• Use Box (Pinyon) to store or share information containing personally identifiable information; mark files appropriately and share only with those who have a need to know.
• Encrypt and password protect all email containing For Official Use Only, Controlled Unclassified Information, personally identifiable, or protected health information if sending outside the Forest Service domain.
• Stay aware of how to spot cyberattack attempts by familiarizing yourself with cyberattack methods (e.g., malware, phishing).
• Immediately report loss or theft of government-furnished equipment to cyber.incidents@usda.gov or call 866-905-6890.
• Report suspicious emails to spam.abuse@WDC.USDA.gov.
• Report suspicious cyber activity or behavior to cyber.incidents@usda.gov.
• Remember that you may be held administratively, civilly and/or criminally liable if you commit an unauthorized use or unauthorized disclosure of personally identifiable information in violation of federal statutes or USDA directives and regulations.

Things you should not do:

• Do not use government-furnished equipment for non-mission-essential activity (e.g., social networking, personal shopping). 
• Do not use internet-based, unofficial audio and video on-demand and streaming services or websites (e.g., YouTube, media streaming) unless authorized to do so as part of your job duties. 
• Do not leave your computer unlocked or leave your LincPass in your computer when unattended. 
• Do not use untrusted internet or Wi-Fi connections.
• Do not use personal accounts (e.g., cloud, file sharing) for official business.
• Do not work from public locations where others can “shoulder surf.”
• Do not open suspicious emails.
• Do not click security alert or warning “pop-ups” on your computer equipment.
• Do not auto-forward or forward personally identifiable or protected health information from official email accounts to personal email accounts.
• Do not use any non-Forest Service instant messaging applications to share Forest Service information.
• Do not post, store or transmit For Official Use Only, CUI, personally identifiable or protected health information on personal equipment.
• Do not collect personally identifiable information without proper authorization.
• Do not send unencrypted personally identifiable information or protected health information outside the Forest Service domain.

Following the above cybersecurity and telework tips will help protect the USDA network. If you would like to learn more about how to protect yourself from cyber threats, please visit the CIO Cybersecurity Outreach, Awareness, and Training Solutions webpage (internal link), where you can find articles, event information, posters, games and more information related to cybersecurity.