Information Technology Guidance Related to 2009 H1N1 Flu
Telework will be a key method for social distancing while continuing the Department's operations during a pandemic. Using guidance from the Office of Human Resources (OHR) and the Office of the Chief Information Officer (OCIO), telework agreements are in the process of being developed with certain DOI employees to enable them to work from home during a pandemic.
Supervisors need to become knowledgeable of these telework agreements, and which categories of employees they encompass. In addition, establish which employees in your office already have a telework agreement in place. Next, determine which personnel should have telework agreements in place so they can work remotely during the pandemic and allow for social distancing in your office. Once these personnel have been identified, work with these employees to get telework agreements in place for them.
Those employees who utilize information technology equipment (IT) during emergencies must work with their supervisor to establish a telework agreement and adhere to applicable cyber security policies, including using a Government Furnished Equipment (GFE) laptop. The DOI Enterprise Remote Access (eRAS), at https://vpn.doi.gov, provides online remote access for these personnel. In addition, GFE USB drives may be used by employees in these situations to store and transfer files. Government web-based email, GFE Blackberry, cellular phone or other mobile devices may also be used to conduct business during emergency situations. Employees should contact bureau/office helpdesks for assistance in establishing appropriate accounts and acquiring GFE.
Be Aware Spammers Exploit "H1N1 Flu and Swine Flu"
The Office of the Chief Information Officer (OCIO) wants employees to be aware the DOI Computer Incident Response Center (DOI CIRC) reported emails with malicious attachments are being received by users with filenames and subject lines related to the recent reports of the Pandemic H1N1 Flu and also the Swine Flu outbreak. This is due to the broad media coverage and lack of public knowledge about both the H1N1 Flu and Swine Flu, which gives spammers a higher than normal probability that computer users will open "How not to get H1N1 Flu.exe" and "Swine Flu" related spam messages. Spammers are using the H1N1 Flu and Swine Flu as a lure to get users to go to fake pharmaceutical and medical information websites. Additionally, the US - Computer Emergency Response Team (US CERT) has advised that this could be part of a spear phishing email campaign involving Adobe Reader (.pdf) attachments. DOI CIRC reminds users that phishing and spamming campaigns often coincide with highly publicized events and breaking news. USERS SHOULD REMAIN CAUTIOUS IN OPENING UNSOLICITED EMAIL.
Because of these potential phishing attacks and email scams, DOI CIRC encourages users to visit the U.S. Government's Flu.gov website as their source for H1N1 Flu, and seasonal flu, related information.
In response to the spear phishing email campaign, the DOI CIRC team has put in place signatures on network perimeter security devices to monitor for these types of threats. All identified threats will be blocked immediately to eliminate any possibility of harm to the DOI network and its users. However, there may still be some of the malicious email that filters through or you may receive such fraudulent email from well meaning friends, family or co-workers.
To do your part in ensuring your system remains free of these security risks:
- Don't trust unsolicited email.
- Do not follow unsolicited links and do not open unsolicited email messages.
- Use caution when visiting non-trusted Web sites.
- Use caution when downloading and installing applications.
- Maintain up-to-date antivirus software
- Refer to the following link for a document on how to help avoid email scams: http://www.us-cert.gov/reading_room/emailscams_0905.pdf