Top 10 practices for secure mail and safe package handling
If you ask most security professional or corporate real estate executives today about how they secure their operation against mail and package threats, you may get puzzled looks followed by “We use cameras” or “we have security guards at the dock.”
Over the years, we’ve all heard about the occasional suspicious package or threat letter sent through the mail, and the incident is quickly forgotten. But with recent events in the news, there’s evidence the focus may be changing.
What are the real risks of receiving mail threats or suspicious packages?
The statistics are startling. According to the Mail Threat Data Center (TDC), an informational study by RaySecur found more than 6,300 mail-borne incidents of powders, chemicals or drugs have been reported per year by the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the U.S. Postal Inspection Service (USPIS).
Just last November and December, multiple letter bombs were sent to high-profile institutions and locations across Spain, including the Prime Minister of Spain Pedro Sanchez, the Ukrainian embassy in Madrid, and the Defense Ministry.
Organizations across the public and private sector bear tremendous potential risks if a mail threat hits. Although these threats might be a new discovery for some organizations, secure mail and package safety practices have been around for two decades.
There is evidence that the risks from both a legal liability and public health perspective can be significant. Organizations could face serious legal exposure by ignoring the data and doing nothing.
What Are the Top Mailroom Risks?
The risks in mailrooms are clear, as evidenced by data from the 2021 Annual Mail Threat Report by Raysecur, a provider of terahertz technology for detecting mail-borne threats.
The report says 89% of dangerous mail attacks involved letters or parcels small enough to fit in a curbside drop – many of which end up in mailrooms.
Although official 2022 data have yet to be released from the ATF and USPIS, in 2020 over 262,000 suspicious mail items were sent for forensics analysis, with inspectors responding to more than 2,356 incidents involving suspicious items, powders, or liquids sent in the mail.
In February of 2022, on the first day of Black History Month, more than a dozen historically black colleges and universities (HBCUs) were forced to lock down or postpone classes after at least 18 HBCUs received bomb threats.
In December 2022, there were 17 cases of European embassies receiving either letter bombs, false bomb letters, or letters containing animal parts through the mail.
Of all threats, white powders, including drugs, were the most prevalent, being found in more than half of all dangerous mail items.
The RaySecur report notes the top threats include powders and liquids sent in letters, hoax devices, chemical and biological agents, radiological and potentially explosive material (package bombs). Mail screening is one of the key practices to ensure optimal security for your mailroom.
White Powder Threats on the Rise
Each year, substances ranging from deadly to benign continue to cause a potential health risk to employees, triggering actions by emergency response by security teams to include disruptive local and/or federal law enforcement presence at your facilities.
The substances could include dangerous anthrax or ricin, or simply flour, sugar or baking powder.
While most mail-borne risks have come in the form of powdery substances, drugs such as fentanyl are on the rise, and actual exposure itself can cause serious illness. If employees become exposed to the most common mail-borne threats, which are powdery substances such as (fentanyl, anthrax, you could face OSHA inspection, citations, exposure under worker's comp and occupational disease statutes, negligence or wrongful death lawsuits, and negative publicity and severe disruption to business.
The continued controversies related to COVID-19 vaccines saw laboratories and vaccination facilities worldwide receive suspicious packages and white powder threats intended to shut down production.
Every organization should look to protect their human and physical assets from these types of threats.
Think of your mailroom as a mail services center (MSC) -- a central “intake” hub for all inbound mail and package receiving and distribution to your employees. Whether your MSC is a stand-alone operation that coordinates inbound deliveries with a traditional dock, or combines mail functions and central receiving to a single location, its mission is the same: ensuring the safe receipt and delivery of mail and packages to the end user community it serves,
While mail service centers often get a bad rap, they still play an important role in business, government and education. The mail and package delivery process often includes direct delivery to an individual or mailstop with signature requirements for packages delivered to departments, executive level management teams to include C-suite executives and their staff.
As a result, advanced screening of all mail and packages becomes a critical component of a safe and secure delivery process.
Screening Technology and PPE Equipment
Among of the best practices recommended as part of a comprehensive Secure Mail and Safe Package Handling (SMSPH) program is the installation of mail threat detection technology.
MCP Enterprise BPO Services, through its partnership with RaySecur, offers advanced mail and package screening technologies that use lower frequencies in the terahertz range (T-rays) to look inside mail and small packages and detect threats prior to the delivery process beginning.
We’ve found T-rays can detect even the smallest traces of powder and liquids inside mail and packages, ensuring we can provide safe deliveries to our end user community of corporate, government and educational clients.”
By following these SMSPH best practice guidelines, organizations can significantly reduce their risk of harmful agents getting past the mailroom or dock area.
PPE Equipment
Every company, hospital and government leader should establish safe practices that include at a minimum three things in the PPE category:
- Mail screening and x-ray technology for detection of mail and packages that appear to contain suspicious powders or other unusual substances.
- Provide nitrile or vinyl gloves for employees who request them.
- Provide NIOSH-certified N95 or greater respirator masks, which are used in hospitals to protect against most infectious agents that could come through the mail.
Evacuation Protocols
Consider following guidelines provided by Homeland Security, the Centers for Disease Controls and Prevention and OSHA, all of which provide information on mail and package handling safety, including educating internal security teams on including mail and package threat communication protocols in the event of an actual incident.
Organizations should include language on handling threats in their master evacuation plans and reviewing the plan annually.
Is Your Organization Prepared?
The following SMSPH best practices by MCP help mitigate risks of mail and package threats and ensure that your organization has the correct procedures and protocols in place to protect corporate assets -- while providing secure screening and safe delivery of mail and packages to all associates, including work from home (WFH) employees, in-office personnel and corporate tenants.
These practices also help C-suite executives feel secure knowing that their mail and packages have been fully screened and quality checked.
Top Ten Best Practices for SMSPH
Secure Mail and Package Handling Training. Conduct annual training classes for all facility staff (facilities and mailroom managers, property management and security teams). The classes should provide mail safety processes, security procedures, and communication protocols in the event of receipt of suspicious letters or packages. Include specialized CBRNE training on how to protect your staff and building systems against potentially harmful powders, chemicals, biological agents or explosives found in the mail.
Develop a SOP Manual. Your operations team should develop and review annually a standard operating procedures manual in both hard copy and electronic form. Use the hard copy manual for training classes with all mailroom staff and provide online portal access to security and real estate leaders, including facility managers and property management personnel.
Install Mail Screening Technology. Identifying and installing technology that can detect a wide array of threats should be a top priority. For example, MCP partners with companies like RaySecur, the makers of MailSecur, a 3D imaging technology that detects a wide range of threats and potential hazards in the mail. The U.S. Department of Homeland Security has designated MailSecur as a Qualified Anti-Terrorism Technology (QATT) under the SAFETY Act.
RaySecur is the first manufacturer of dedicated T-ray mail security scanners to receive the QATT designation under the U.S. Safety Act. In addition, through the MCP and RaySecur partnership, organizations can get 24/7/365 remote support with real-time access to former military explosives ordnance disposal (EOD) Master Badge threat experts who provide remote line of sight threat assessments.
The EOD program offers instant feedback to organizations’ security teams and real estate professional for quick decision making, which can avoid unnecessary panic and costly building evacuations.
Provide PPE for Mail and Receiving Staff. Organizations should provide, as a precautionary measure, personal protective equipment (PPE) to minimize exposure to mail-borne hazards. PPE should include specific items to protect employees against mail and package threats such as nitrile gloves, NIOSH approved N95 masks or N-95 respirators, and for central receiving operations proper safety glasses and shoes, protective vests, and when required full body HazMat suits.
N95 masks meet OSHA requirements for air filtration in the U.S., and according to the CDC should disposed of after five uses. N95 respirators are more expensive than N95 masks and are single-use devices.
Note: The CDC cautions against KN95 masks since many counterfeits have been sold that do not meet NIOSH requirements. The CDC adds that approved KN95 masks that meet Chinese standards have markings printed on the product to indicate they are authentic.
Establish Reporting and Communication Protocols. Effective communication is critical in the event of an actual threat letter or suspicious package. Corporate real estate leaders and facilities managers should develop an incident reporting process that includes a communication call tree of decision-making resources who should be immediately contacted in case a building evacuation is required. Consider assigning the tasks only to designated executive level personnel to control the communication flow, prevent the spread of misinformation and avoid public panic.
Carry Out Response Training Exercises. Practice your response plan twice annually at a minimum. MCP recommends conducting these training exercises when building populations are low, and mail staff is less busy. MCP conducts assessments and reality-based training scenarios that are custom tailored to each operation based on building and campus layouts. The assessments identify gaps in current screening and response plans and provide organizations with process recommendations to ensure that safety protocols are in place.
Assign a Dock Master to Oversee Package Intake. MCP recommends limiting access of potentially harmful items into your facility by assigning a dockmaster to oversee all carrier delivery activity. Dockmasters have responsibility for all central receiving functions including personnel, systems, carrier logins (FedEx,UPS, Amazon, supply orders, etc.) and other items delivered from small and medium sized packages to large boxes and palletized items.
This position is designed to provide a centralized control point for mail and package intake so that proper screening may occur prior to delivery. Based on facility layouts, all deliveries are then coordinated with mailroom management to optimize efficient distribution to end users based on their location.
Maintain a Master List of Who to Call. Work in concert with your internal facilities leadership and chief security team to develop a master list including (contact names and phone numbers) detailing who to call as first responders (postal inspectors office, local law enforcement, FBI, ATF, etc.) in the event of an actual incident. Be proactive in identifying and documenting what critical information they may need and create a checklist for use during your initial threat assessment call.
Include Mail and Package Threats in Evacuation Plans. Develop an evacuation plan that clearly spells out what to do and where to go to ensure overall safety. Consider systems monitoring technology such as EODSecur, a virtual tool to remotely view and assess mail threats that arrive at your facility.
Hire Experts to Manage Mail Operations. There are approximately 300,000 jobs outsourced in the U.S. each year, with the primary drivers being greater access to expertise and lower fixed costs. Having mail specialists do the work can lower your labor costs. By outsourcing your labor the company you hire can find the right person for the job. Outsourcing also allows your business to put highly experienced managed services experts in motion to tackle the most common mailroom problems that are difficult to control in house, such as turnover, training and, of course, mail and package screening.
Mitigate Your Risks
These 10 best practices, when done well, will help you detect more mail-borne threats while simultaneously mitigating your legal risks, limiting your liabilities and reducing threat response times.
Successful programs will deliver measurable improvements to safety and security operations as well as provide assurance that your threat detection and response program is proactive, and always adapting to future potential threats.
Bernard Newman is a senior consultant with MCP Enterprise BPO Services, an Atlanta-based managed services workplace solutions company. As a former executive at Pitney Bowes, IBM subsidiary Tascor and CB Richard Ellis, Newman has developed numerous technology partnerships, managed strategic alliances, led business development teams, managed large-scale mail and logistics operations and provided consulting, training and solutions for large enterprises across the public and private sector. He has more than 35 years of experience in best practice operations, secure mail, logistics and distribution services, facilities management services, digital transformation, records and information management, managed services, production print, document management services.