262,000 suspicious mail items in 2021.   6,300 threats  —  are you prepared?

Download our Annual Mail Security report.

Mail Threat Alert - OctoberAugust September July 2020

Dangerous Mail Report Download

Cody Martin, RaySecur Director of Mail Security, explains the best ways for any organization’s mail room to improve mail security.

With Cody’s experience as a former US Postal Inspector, his recommendations on how to improve mail security are invaluable.

In this interview, Cody discusses the inspection and handling of mail items and mail security training for organizations.

Cody Martin.

Cody Martin

Director of Mail Security & SOP Team Lead

Cody Martin had over 12 years of experience as a Federal Agent with the U.S. Postal Inspection Service, and several additional years as a mail security consultant.

  • USPIS Dangerous Mail Specialist & Instructor
  • Co-created USPIS IED Program for National Headquarters
  • Investigator on high-profile / VIP cases
  • Screened mail for the NFL, NBA, President George W. Bush (ret.)
  • First responder to hundreds of incidents

Download a Copy

Download and print or share this intelligence report on mail security.

Improve Mail Security.

How to Improve Mail Security

Security and facility teams can greatly improve efficiency and mail security with everything from physical layout upgrades to a custody verification process.

Cody Martin outlines these simple upgrades, and their impact on mail security for any organization. Let’s look at the best ways to do that.

Improve Mail Security 1: Mail Center Layout.

1. Mail Center Layout

Enhancing the physical layout of your mail room or mail screening area can greatly improve process, efficiency, and mail security — but how?

There has to be some thought put into how your mail screening area is set up. Let’s look at the best ways to do that.

Often, we are trying to find a balance between moving the mail in an efficient manner and maintaining a high level of screening—especially visual and tactile mail screening.

Sometimes, these two are in direct opposition to one another. If this is the case, I would defer to security every time.

However, a balance can often be found. In order to do that there are a few things that need to be completed or looked at ahead of time:

  • Risk Assessment – You need to know your risk level and where your vulnerabilities.
  • Technology – What types of mail security technology will you need to address the threats identified in the assessment.
  • Standard Operating Proceduresmail security SOPs have to be created to detail how mail will be processed and screened.
  • Health and Safety Requirements – Consider the integration of wash stations, decontaminations stations, fire extinguishers, etc.

Once these issues are squared away proper mail flow can bet set up according to volume and processes, procedures, and technology can be laid out in a format that makes sense for your overall objective.

Improve Mail Security #2: Mail Security Training.

2. Mail Security Training

One of the keys to mail security preparedness is practical, hands-on training. In fact, Training is one of our Mail Security Pillars.

This starts with awareness both in their environment and of the mail itself. Your program should be setup in a way that allows you to benchmark its effectiveness. This is critical in mitigating potential risk.

A crucial component of this is training. A lot of times, training is directed and focused specifically on the screeners who are interacting with mail on a day-to-day basis. While this is good, it’s only part of the equation.

Training should go from the top down. Anyone who will have a role during a dangerous mail event should be attending ongoing training. This training may look different depending on the person’s role within the organization, but there will be times that it overlaps as well.

The training should be built around creating a culture of awareness and efficiency in executing SOP’s, to include emergency procedures.

To expand on that, USPS recommends training that addresses these areas of concern:

USPS Publication 166.
  • Basic security procedures
  • Recognition and reporting of suspicious letters or packages
  • Proper use of personal-protection equipment
  • Response protocols for the various potential threats

I’ve found on of the best ways to train, outside of using test pieces, is to conduct a table-top exercise.

Again, these exercises should include anyone within the organization who will play a role in a dangerous mail event. If possible, also include any relevant first responders who would play a role in a dangerous mail event at your organization.

An example tabletop exercise may include the following elements:

  • Neutral facilitator familiar with SOP’s and Emergency Response protocols
  • A scenario broken into 3 or so “parts” that make sense as natural stopping points
  • Each break is used for Q&A and to transition to the next phase of the scenario
  • Scenarios should include involvement from every level of the organization and first responders, if available
  • Once the entire scenario is complete there should be time for follow-up to determine if critical elements were covered to a satisfactory level

This training should be documented, as all training should. If any areas of weakness are identified, follow-up training should be conducted to strengthen these areas.

Walking through these types of training drills will help employees strengthen their grasp of SOP’s and increase security effectiveness.

Improve Mail Security #3: Mail Security Documentation.

3. Document Suspicious Mail Incidents

There are a lot of organizations who handle suspicious mail internally with little to no involvement from first responders. This is typically on the front end of an incident where the incident is deemed insignificant and little is done.

Examples of these often include eccentric mailings that contain weird writings, written threats, and other related content. These types of mailings can be the first indication of someone who has potential to escalate the threats being sent.

As I often discuss, mailers with bad intent will often escalate their tactics if a desired outcome is not achieved — a fact well-established by the history of dangerous mail threats.

As a result, documentation is paramount. It is not only beneficial from an internal threat analysis standpoint, but also extremely valuable to law enforcement if they become involved.

So, with that in mind, what information should you document and how should you maintain it? This is very subjective and you will have to determine that answer as it relates to your organization and security posture.

But, in a nutshell, you need to be documenting anything that raises to a level of being questionable or suspicious. Once an item is identified that meets that level, it’s time to document.

Information you should consider documenting includes:

Improve Mail Security Teams.
  • Pictures of the item from all relevant angles
  • Pictures of any relevant content
  • Sender
  • Addressee
  • Postage
  • Weird or unusual markings
  • Labels
  • Declarations
  • Tracking information
  • Date received
  • Size, weight, rough dimensions, etc.
  • Suspicious characteristics

From a usability standpoint, this information can be easily documented in a spreadsheet that is shared among key individuals.

In addition, if the mailing is to be safe, but still suspicious nature, consider physically maintaining it for a certain amount of time. This is a viable alternative, especially if the number of suspicious items received are on the lower end in regard to volume.

Improve Mail Security #4: Mail Security SOPs.

4. Continuity of Operations Plan (COOP)

A COOP, or Continuity of Operations Plan, is a plan that will allow essential operations to continue functioning during critical incidents.

COOP’s are often used within the government, but not as much within the private sector (sometimes called a Business Continuity Plan). However, I feel it is something that should strongly be considered for any enterprise mail security program.

This is especially relevant for companies who rely on incoming/outgoing mail as part of their daily business function or in scenarios where a mail related shutdown would have a detrimental impact on business.

Mail related security incidents can sometimes have a huge impact on business operations. When this happens there are often essential business functions that need to be maintained as operational. Mail may be one of these functions.

Activation of your COOP will depend on a lot of factors, but the overall objective is to reestablish mail operations as quickly as possible in response to an unplanned event. The event type and outcome will have a direct correlation to how long normal operations may be down.

For instance, a non-hazardous white powder mailing may have your mailroom shutdown for half a day. In comparison, a legitimate threat containing a biological threat could have your mailroom shut down for weeks or months depending on how long decontamination and related tasks take.

Improve Mail Security Management.

In addition to mail related threats, a well-designed COOP can also help you prepare for other unplanned events such as the current pandemic or other manmade or natural disasters.

Consider the following when creating your COOP:

  • Have you performed a risk assessment? What are the risks that need to be addressed?
  • What is scope of your plan?
  • What are the critical functions that need to be maintained? Does it strictly cover mail operations or does it cover other business functions as well?
  • What other functions rely on the mail for continued operation?
  • How long can you mailroom be down before the COOP would need to be activated?

You should consider the factors above, in addition to many others, when creating your plan.

Once the plan is created, you need to test it (see the tabletop exercise above), and then refine the areas that did not perform or function as expected. This can be an ongoing process as threats continue to evolve.

Improve Mail Security #5: Mail Security Verification.

5. Verification Process

Another topic I often talk about is the verification process that relates to chain of custody. Simply put, the chain of custody includes the people who have handled a particular mail piece and the path it has taken from the mail to the recipient.

Chain of custody is important because it provides a trail we can follow to verify the legitimacy of a mailing, or on the other end of the spectrum, it can help verify a level its suspicious nature. Both of these are important functions of implementing a mail security program.

Here are a few common ways to verify the chain of custody:

  • Contact the addressee
    • Are they familiar with the sender’s information (keep in mind, this can often be fraudulent)
    • Are they expecting the mail piece?
    • If so, do the dimensions match what they are expecting?
    • If not, would there be any reason to be receiving a mailing from the geographic area in question
    • Have they been involved in any of the most common emotions driving mail security threats?
Improve Mail Security Custody.
  • Contact the sender
    • Sometimes you will have to search public information to try and obtain this information (phone and address)
    • Ask them if they mailed something to the address in question.
    • If so, have them provide the name of the addressee
    • Ask them to describe the contents of the mailing
  • Is the mailing from a known sender?
    • Known vendors
    • Amazon
    • Business partners, etc.
  • Be sure to compare the sender address (zip code) to the zip code on the cancellation stamp.

As you work through this process you will begin to put together enough information to either deescalate or verify the item as suspicious.

If it is deemed suspicious, you should follow the processes and procedures outlined in your SOP. If you get the point of contacting first responders, be sure to share any relevant information you have obtained during this process.

Download a Copy

Download and print or share this intelligence report on mail security.

Improve Mail Security.