Mail Room Security, Delivering danger?

IN VIEW OF THE ONGOING TERRORIST THREAT, corporate organisations have been forced to concentrate on addressing the points of potential attack that can be monitored and controlled in the real world environment.

For many, the accumulation of smaller – and much less well-publicised – threats actually poses a far higher total risk to the business than major acts of terrorism. Those individual threats might encompass the actions of disgruntled employees, activist groups and acts of straightforward criminality.

Mail Rooms: the security risk

One of the main interfaces for an organisation with the outside world is its Mail Room, where all sorts of post is received every day. The Mail Room is a critical point of vulnerability. At the same time, it can also be turned into a highly controlled environment wherein mail is screened, threats identified and any danger both isolated and then averted.

If a larger organisation is either attacked or contaminated, the cost of even temporary closure and relocation may well be enormous. In 2002, the largest of the US Senate’s office buildings shut down for more than three months due to anthrax contamination. Decontamination of the Hart Office building – which plays host to 50 of the US’ 100 Senators and their members of staff – was estimated to have cost over $30 million.

In order to deal effectively with the threat of ‘dirty’ attacks in the UK, the Government Decontamination Service was established as an Executive Agency within the DEFRA family on 1 October last year. It is part of the much wider CBRN Resilience Programme led by the Home Office, which is ensuring that the UK is capable of responding quickly and effectively when dealing with (and recovering from) CBRN incidents – in particular those perpetrated by terrorist factions.

At the same time, larger private and public sector organisations have been establishing secure Mail Room scenarios. Often located at remote sites, they are usually operated by third party specialists. Parliamentary operations in both the UK and the US have set up facilities of this kind to protect Government officials and representatives. Those Mail Rooms also have to function to service standards that ensure genuine messages reach their addressees in a timely fashion.

Volumes of mail that require screening when received by larger corporate organisations in the UK are enormous. In the US, such businesses can receive over 20 billion items of mail per year in roughly equal proportions from households or other concerns. In the UK, the volumes of mail received by larger businesses and Government organisations total around 3.3 billion items every year.

The vulnerable sectors

What sectors receive the greatest number of suspect packages? Which industries are most at risk – and in need of a secure mail facility?

To offer a broad-brush initial answer to that question, Pitney Bowes Management Services recently analysed a representative sample of organisations from across the UK and the US where such facilities exist.

Using a year’s worth of data on mail throughput and suspicious parcel investigation, an index of vulnerability was constructed among key sectors to reveal relative levels of suspicious letter or package receipt. The resulting index figures show that Government concerns, finance houses and high-tech companies stand out as those mainly at risk from attack through the mail. All of them are leaps ahead of all the other sectors examined by the survey.

As the formulators and issuers of legislation, policy and taxation, in addition to sometimes controversial foreign policy, Government organisations are seen as the principal target for extremists and anarchists. Nor should we forget the occasional outbreak of civil disobedience, as characterised by the British populace’s outbursts against the Poll Tax during the 1980s.

Internal terrorism within Great Britain has included audacious attempts on the heart of Government itself, most notably the mortar attacks on Whitehall and MI6. Alongside these ‘spectacular’ events, however, there was also a steady stream of letter bombs directed at individuals, Government departments, the police service and specific companies in the private sector. In the US, of course, the Senate, the House of Representatives and the Pentagon all came under attack during the anthrax ‘campaign’ of 2001-2002.

Next in line as prime targets are the finance and banking organisations. Famously under attack in New York on September 11 2001, financial institutions are most frequently selected by foreign and home-grown terrorists as symbols of what they wish to attack in Western society. The Baltic Exchange in London readily springs to mind. Both the World Bank and the International Monetary Fund have been targeted with anthrax in the mail system. The European Central Bank suffered letter bomb attacks in 2003.

The risks and losses associated with even a temporary closure of Mail Room operations are much more expensive in the finance world, in particular for capital market institutions who deal with huge sums of money and often complex instruments on an hourly basis. Finance houses, then, must take particular care over Mail Room security.

Characteristic of society

Third in our index of vulnerability to attack through the mail are the high-tech industries. Again, we believe that this is the direct result of them being perceived as a recent and prominent characteristic of post-Millennial Western society. Individual and organised terrorists alike view them as an essential pillar of capitalism, economy and Government, and thus any disruption to them will be seen as fundamentally destabilising.

Moreover, the high-tech sector also numbers among its ranks such natural targets as surveillance technology companies and defence industry players.

None of the sectors studied (which also included insurance, energy, manufacturing, healthcare, pharmaceuticals, legal, business and media/telecommunications) should be complacent, even though all bar the top three suggest vulnerability scores below the average.

For example, although the pharmaceuticals sector sits at 47% below average, this is not a comprehensive view of company risk to mail-based attack since we know for a fact that animal rights activists tend to target employees in their own homes.

By way of another example, the risk of attack through the mail for insurance companies – at 8% below average – usually emanates from policy holders whose claims have not been satisfied. These companies face a deep-rooted threat that must be addressed at the causal level rather than merely provide a protective filter to screen against unexpected dangers.