Suspicious Packages and Mailroom Security - Handle with Care
Packages and letters that flow unchecked into enterprise mailrooms are jeopardizing your company's security. (Includes: What a Suspicious Package Looks Like)
By Daintry Duffy
July 01, 2004 — CSO — Leave it to Tom Brokaw to make the statement for mailroom and postal security. When Tom Brokaw held up his amber prescription bottle in October 2001 on NBC Nightly News and declared, "In Cipro we trust," the statement encapsulated the nation's vulnerability during the anthrax scare. Brokaw's assistant had tested positive for exposure to cutaneous anthrax and much of NBC's New York staff, including the usually unflappable anchor, was put on the anthrax-fighting drug as a precaution. Of course, NBC wasn't the only entity caught up in the hysteria. Politicians, celebrities and thousands of regular folk scrambled to get their hands on the small white pills. A spate of white-powder hoaxes followed, and across the country companies supplied latex gloves and detailed procedures for their employees to use when opening mail. The evening news was filled with images of Americans donning gloves and face masks for the short walk down to the mailbox.
Although 22 infections and five fatalities were eventually attributed to anthrax exposure, three years have faded much of that initial fear into a melodramatic memory. Many of the precautions that companies put in place were phased out after the initial crisis passed, and in most companies the mailroom work is once again considered just another rote administrative task with few or no security implications.
"It's out of sight, out of mind," says Mike Guevremont, senior vice president with Executive Protection Systems (EPS), a security consultancy that provides WMD protection equipment, training and services to the U.S. Senate, House of Representatives and Department of Defense. "It's been so long between incidents that people have become lackadaisical again. Companies are very nonchalant. They used to make people wear gloves, but why should they now? Nothing's happened." Guevremont estimates that only 3 percent to 5 percent of private industry is currently prepared to handle a mail-borne security threat.
Few organizations understand the stakes of mail security better than the United States Postal Service. Two postal workers died from inhalation anthrax in 2001, and another seven survived exposure. The Brentwood postal facility in Washington, D.C., required a $130 million decontamination and renovation before finally reopening in December 2003. And another facility in Trenton, N.J., underwent an $80 million cleanup and is expected to reopen by the end of 2004. Since the attacks, the Postal Service has taken the lead in educating private companies and citizens about the standards and practices that are fundamental to good mail security, offering onsite consultations to help companies improve their security procedures. Thomas Day, vice president of engineering for the USPS, has seen his job transformed by the anthrax attacks from a focus on expediting the movement of mail to strengthening the Postal Service's defenses against future attacks. Day says that CSOs have an important role to play in ensuring mail security. But that message has yet to be received in many security departments. "There's a tendency to forget about the mailroom," he says. "Security focuses on the front door, not the back door, which can be a greater threat. At least at the front door you have to identify yourself. When you're coming in the back [as the mail usually does], there are ways to sneak around that process."