The U.S. Postal Services received some frustrating news in early October from the Office of the Inspector General on the effectiveness of its security awareness training program.
An internal USPS phishing simulation campaign found that more than 25 percent of the 3,125 employees who were tested clicked on a phony link. What’s more, 93 percent of the baited employees didn’t report the incident to the USPS Computer Incident Response Team, according to the report.
The testing came less than a year after a USPS data breach that compromised the personal information of 800,000 employees, as well as some customers who contacted the government. The November 2014 cyber intrusion appeared to be caused by a phishing email attack, according to the report. USPS already had annual security awareness training available to all employees with network access.