MYTH #1: It Won’t Happen Here.

Complacency is the enemy of security. We’ve said it before, and we’ll keep saying it.

Most organizations don’t take adequate security precautions. Anywhere between a quarter and a third of organizations do no mail screening.

During our annual surveys, approximately half (56.5%) of survey respondents report that the organization they work for screens at least some of the mail they receive. A much smaller number—35%—say all mail is actively screened on a consistent basis.

Mail threats can occur at any time, for any type of organization. They may come from terrorist factions, homegrown extremists, or individuals with a grievance against a particular company Mail screening is an essential part of an overall security plan that includes physical security and cyber security strategies to protect an organization’s staff, assets and reputation. Yet, many security professionals battle complacency in their organizations and haven’t implemented adequate protection from mail threats.

As long as terrorists have low cost and easy access to mail, all organizations must consider comprehensive mail screening an essential part of a security program.

 

MYTH #2: X-ray Mail Screening Is Enough

Many organizations have X-ray for mail screening, but X-rays are primarily useful for identifying only explosives.

Chemical, biological, radiological and nuclear (CBRN) threats require other specialized equipment and training. These threats are not detected by X-ray.

X-ray equipment is a good first step in screening mail -- but it is only a first step.

X-ray technology is often misunderstood. It is not designed to isolate small amounts of low density powder or liquids and cannot identify chemical, biological or nuclear threats. X-ray scanning systems are a first line of defense to detect threats that contain high density materials, like the metals found in IEDs (Improvised Explosive Devices) or PIES (Power Source, Initiator, Explosives & Switches), weapons, sharps and blades.

The technical definition for x-ray is “electromagnetic radiation of high energy and very short wavelength (between ultraviolet light and gamma rays) that is able to pass through many materials opaque to light.”

But what does that mean? Here is a simple way to think about it:

X-rays penetrate objects at different rates, for example wood is penetrated more than lead. As the x-rays hit an object, the X-ray unit collects and analyzes the object's density and absorption rate. It translates these results into different shades of grey. Low density items like most powders appear light and shadowy, so difficult to see. For color displays, the color you see on the monitor is computer generated.

 

MYTH #3: There is Little Threat

This past year was truly a “high water mark” for threats in the mail. 

There were multiple incidents including the Austin Bomber last March, Ricin letters sent to Trump and the Pentagon, and the several Mail Bombs sent in October 2018 to former president Obama, Hilary Clinton and others.

Other years we have noticed there are very few mail threats reported on.  Why is this?  They are detected by mail screening experts with a concern for privacy and discretion.

Far from declining, the number of suspicious pieces of mail, including those containing improvised explosive devices, is holding steady, according to the U.S. Postal Service

“Mail threats are so common today they don’t make the news unless they reach a high-profile target. If you wait to screen until mail terrorism threatens your company, it’s too late.”  - Amos-Leon’ Otis, SoBran Founder and CEO

If you are associated with controversial issues or experienced recent layoffs, your risk of an attack is elevated. It’s important to remember, however, that mail threats can occur at any time, for any type of organization. They may include dangerous substances or explosives or they may simply be designed to frighten an organization. Even a hoax threat can shut down operations for hours if not days or more.

MYTH #4: The U.S. Postal Service Screens the Mail Already

 "The overwhelming volume of mail does not permit the Postal Service to screen every piece." - U.S. Postal Inspection Service website

Each year, the U.S. Postal Service processes 170 billion pieces of mail.  In order to mitigate threats to employees and the overall organization, further precautions must be taken.

In addition, the number of deliveries that reach organizations from outside delivery companies is rising.  FedEx, UPS and others deliver well over 30 million packages daily.

Your organization's mailroom is the last line of defense.

MYTH #5: Mail Screening Costs Too Much

The question organizations need to ask is ‘What is the cost of NOT screening the mail?’

In our discussions with customers, the question of budget and cost does come up. Why is mail screening so expensive and why should we pay this amount when we haven’t had a mail threat in years? What we tell them is most of our existing customers felt the same way until they actually received a threat. And these organizations were shut down for days in some cases - and for weeks in other cases.

We have seen examples such as a multinational bank shut down for only a couple hours, however the cost was around 1.7 million dollars.

What will a day or two business disruption cost your business?   $500,000? $1,000,000 ? Sometimes looking at the cost of one mail threat and evacuation in any calendar year can be a good way to assess the value of mail screening. It depends on your business risk.

Make sure your facilities and your organization are protected.

Mail screening is an important piece of an entire security plan.

Basic steps for Mailroom Safety include:

1. Put a plan in writing
2. Install correct sensor equipment
3. Train employees
4. Run practice drills

If this is not possible, consider outsourcing mail screening to a third party or sending mail to a third party screening facility.

As always, I appreciate your comments. smartin@sobran-inc.com