Securing the mail stream
30 September 2011
Recent letter-bomb incidents – an attack on an office of the Swiss nuclear power industry, and devices sent to the manager of Celtic football club - highlight the fact that mail remains a point of vulnerability for many businesses. Richard Thompson outlines the available preventative measures.
THE GLOBAL MAIL STREAM consists of billions of mail pieces carried by postal services, licensed postal competitors, daily messenger services and companies that provide on-site mail services within large organisations. Keeping the mail stream secure is a daunting task, but there are measures that can be taken to reduce the risk.
All sectors of public and private business, from multinational organisations and central government to small to medium size enterprises and local government are at risk of postal security incidents.
In the UK, The Centre for the Protection of National Infrastructure (the CPNI) is the government authority that provides protective security advice to businesses and organisations to reduce the vulnerability of the national infrastructure from security threats such as terrorism and espionage. The authority takes the issue seriously enough to offer practical security guidelines against letter-bombs (including chemical, biological and radioactive threats) on its official website. On the 31st March, 2009
‘PAS97:2009 A Specification for Mail Screening and Security’ was published in collaboration with the British Standards Institution. This provides advice and assistance in assessing the risks organisations face from postal threats and provides direction on implementing appropriate screening and security measures, whether internally or by outsourcing to an external provider.
Quite how many businesses have taken the trouble to view these guidelines remains a moot point. Certainly, the number of organisations that have implemented robust changes to their mail-handling procedures remains small, although momentum in this area is gathering. In terms of our [Pitney Bowes] own specialist operation in the UK, we have seen year on year growth of 15% in terms of new users of our mail screening services. All mail through our operation has canine, radiological, anthrax, x-ray and operative screening.
The possibility of anthrax attacks is the threat that has been given the most media attention in the past. One of the persistent myths about anthrax is that it is a powder that can be seen inside an envelope. However, the spores fit very easily through a paper envelope. Once it is in a building, even if the powder is contained within the envelope, the building is contaminated.
Plastic is one way to contain anthrax. Bagging mail is a safe approach for low-volume recipients of mail, allowing for containment and proper disposal. For high volume users, offsite, self-contained negative pressure air rooms can be built to keep the mail quarantined until proven safe.
In our UK operation we have screened over 30 million pieces of mail in the last 5 and a half years. In this time we have had to call out response units over 140 times. Whilst none of those items contained anthrax over 70% of them did contain a powder or substance of one form or another.
The cost of false alarms
The real threat most businesses face is the lost worker productivity and downtime associated with these false alarms, which can be costly. The impact of disruption should not be underestimated. How does one calculate the loss to a company if a 2000-member employee campus is shut down for even half a day due to a false alarm?
As with any other anti-terrorist activity, there is no "silver bullet" solution. A number of different but integrated approaches must be implemented. But by having the right people and processes in place, these disruptions can be minimised.
In fact, the most important factor in mailstream security by far is a well-trained, educated mail handling team. Working in conjunction with security personnel, this is the best line of defence against an attack on the mailBeing able to identify the sender of a particular mail piece is an important safety consideration. Indicia from postage metres are traceable to a specific device, and mail centre personnel should be aware of this to easily affirm whether a mail piece comes from a trusted source.
It is also important to segregate and remove nuisance mail which may contain threatening or abusive language on the outer envelope. The recipient, on seeing a nuisance letter, may raise an alarm that could shut down a building or a floor of an office at considerable cost to the client. Nuisance letters are normally allowed to be sent on in an outer sealed plastic bag with a comfort letter that states that the letter has been through the screening process and the item is not a threat. Since beginning our operation in the UK we have extracted over 12,000 nuisance letters, with the highest number in one month being 565 and the lowest 63. We have seen a significant increase in nuisance letters with a 252% rise per 100,000 mail pieces from 2006 to 2010.
After employee training, the possible counter measures that organisations can implement to improve mail centre security include relocating the incoming mail function to isolate it from other departments, automating the function to reduce the incidence of manual handling, and improving the screening of incoming mail and packages through the use of video, x-ray and even specially trained dogs.
Some firms at a higher level of perceived risk are implementing additional safety measures, which include the mandatory use of protective clothing and equipment for personnel, the creation of secure and self-contained workstations for opening mail, and the use of high efficiency vacuums and air filtration systems. The trained mail handlers inside understand the procedures for remediation and know what steps to take to minimise the threat. In the unlikely event that actual biohazards are present they can be contained in a vacuum-sealed room that can be cleaned at a cost far lower than that of cleaning a building. The cost of cleaning up an anthrax-contaminated facility is about the same as the cost of tearing down the facility and rebuilding it completely.
Digitisation of mail is a practice that is also interesting government and big business sites. In response to the 2001 Anthrax attacks, which shut down the US Congressional postal centre, the House of Representatives piloted a digital mail system allowing first-class mail to be scanned offsite and delivered to members in electronic form thus reducing the House’s vulnerability through the mail.
Digitisation is particularly relevant for organisations that may have a shorter term threat as re-direction of mail can be initiated to a specialist screening operation. Re-direction can delay mail between 24 and 48 hours but at least digitisation can provide immediacy of information back to the client to compensate for some of the time delay in re-direction.
An array of products and technologies are available to help bolster mail centre security - from metered mail and address management software that help verify the origin and authenticity of individual mail pieces, to e-mail alerts with attached digital images of unexpected packages or the remote opening and digital delivery of messages. The higher-end solutions can include extreme measures to isolate and contain potential biohazards, as well as the ongoing use of cleansing or biohazard detection devices.
Every product or technology related to mail centre security may not be appropriate for or needed by every organisation. But every organisation needs to strike a balance and take sensible safety precautions. When mailprocessing personnel use awareness, common sense, and effective, documented procedures, mail safety and security is achievable. The cost of ignoring the issue can be astronomical.
Richard Thompson is Vice President of Pitney
Contact Details and Archive...