Riskonet partner Ulrik Odén about the risks of ‘powder letters’ and poisoned products
“Pay us or we’ll put poison in your product.” Criminals are striking fear into the hearts of the business owners and consumers of Jules Destrooper, Ferrero Rocher and Lavazzo in Belgium. What’s the best way to respond in the face of such extortion and the threat of powder letters? The Swedish Riskonet partner Ulrik Odén has specific and relevant experience. His advice: “While these threats are virtually impossible to prevent, with proper preparation, you can curtail the resulting losses and fallout.”
Ulrik Odén has years of experience in providing security and safety advice to privately-owned companies, municipal authorities and other organisations. Following a wave of letters containing suspicious powder in the U.S. in 2001, some of which held dangerous and deadly Anthrax, the Swede has been supporting city officials and government agencies in his home country in developing safety policy. This is no easy task, as the contents of threatening letters can vary widely. Security services therefore term such missives ‘CBRNE letters’, where the acronym stands for ‘Chemical, Biological, Radiological, Nuclear, and Explosive’.
Since the letters first appeared in 2001, people all over the world have been sending them in order to threaten and disrupt. In Sweden alone, Odén is aware of hundreds (if not thousands) of powder letters that have been sent to organisations over the years. “Some threats are intended mainly to disrupt the activities of an organisation or to express dissatisfaction with a particular individual, product or policy. And while nearly all of them contain a harmless powder, they nevertheless result in costs to society, interruptions in production and fears with regard to employee exposure.”
Losses: 1,600 man-days
It’s not difficult to imagine how miscreants’ actions can seriously impede the operations not only of factories, but of chemical and power plants as well, with the resulting losses potentially reaching into the millions of euros. “There are companies that could tell you about this first-hand,” Odén knows. An actual example: “One employee was handed a letter from the mailroom, addressed to him, when he arrived at work one morning. Because he was running late for a meeting, he opened it in the lift and left the open envelope lying on his desk. When he got back, it was as if someone had eaten a powdered-sugar doughnut at his desk. By the time it became clear he had received and opened a powder letter, the possible spread of the powder had become a company-wide problem. Although the letter containing the powder was located in the employee’s department, it had potentially been circulated through the entire building via the lift. The company had to evacuate the entire premises and remain closed for two days, incurring direct damage of 1,600 man-days! And all because of a substance that was revealed, after the fact, to be harmless.”
What can you do to prevent such losses? Preventing threats from occurring is virtually impossible, according to the expert. “You can’t ignore this type of threat; you have to make every move based on the assumption that the substance is real. What you can do, however, is limit the damage incurred as a result of the incident. I know companies that have invested in a separate mail facility, located away from the main offices. That makes it possible to deal with any CBRNE letters they receive in an isolated setting, without having to shut down the entire company for a matter of days. Separated vent systems have been installed in those mail facilities to prevent the further spread of hazardous substances in the building.” Odén also recommends training reception and mailroom employees to spot any suspicious letters or packages.
Take all threats seriously
When ill-wishers threaten companies by saying they’ll sabotage their products, it’s quite another matter altogether. This can result in massive losses, regardless of whether the threat is ultimately revealed to have been a false alarm. “Apart from the immediate threat to the health of consumers, these threats place companies like Jules Destrooper and Ferrero Rocher at risk of serious damage to their reputations. When a threat is made, the public may decide not to purchase or consume that company’s products for a while,” Odén explains, before going on to say that the first and best-known threat of this type involved Israeli oranges. In 1978, a group known as the Arab Revolutionary Army Palestinan Command claimed to have injected oranges from Israel with mercury in a bid to damage the Israeli economy.
“The company had to evacuate the entire premises and remain closed for two days, incurring direct damage of 1,600 man-days”
“It comes in waves,” Ulrik Odén continues. “Sometimes it will be quiet for months or years, and then the first threatening letter or extortion attempt encourages others – copycats – to follow suit.” His advice is to take all threats seriously, contact the police and make sure that access to your production locations is as secure as you can make it.
Establish a security plan
How can one prepare for the unimaginable and undesirable? “Establish a plan,” says Ulrik Odén. “First of all: be aware of your company’s potential appeal in terms of threats and extortion attempts, and be very aware that you too can be a target. Publicly traded companies, where threats can impact the price of stock fairly quickly, are particularly well-advised – and even to a certain extent obligated – to draft policy and ensure they have procedures and protocols in place.”
“Take a good hard look at your security: are the steps you’re taking to restrict access watertight? Invest in measures that will keep intruders out. At the same time, you have to be aware that threats may also come from within. A disgruntled employee can carry out his or her threat at a production location without being seen. And miscreants can sabotage or poison your products on store shelves as well.”
Prioritise the safety of persons
And if it happens, despite your best efforts? “Treat the matter seriously, like a genuine crisis. Be prepared to evacuate your locations. Escalate the crisis to the highest level – and make sure, at the very least, that you have a crisis management team who knows exactly which steps to take. Crises must be managed, so you need to clearly convey to the rest of the world that you know what you’re doing and that the safety of employees and customers is your top priority.”
“Be cautious and try to limit your losses”
“In situations like this, communicating with stakeholders is an art form in itself. It’s important to rehearse a crisis as well, in order to be optimally prepared for the real thing. And if your company and its products are being threatened or extorted, you should cooperate closely with the police. They are best equipped to guide this type of crisis through to a positive resolution. And another thing: never pay the extortioners. If you pay once, it’s practically guaranteed you’ll have to do it again and again.”
In short, Ulrik Odén summarises, “Companies should adopt a principle that applies in boxing: there’s no avoiding getting hit, but you should still make sure you’ve got a strategy to defend yourself. That means a plan, an idea, being conscious of the risks, taking threats seriously and training your staff in order to be ready. ‘Keep your guard up’, is my advice.”
Do you want to effectively mitigate your risks in connection with powder letters and extortion while ensuring potential shutdowns are kept to a minimum? Be prepared! Riskonet offers practical guidance and support in establishing effective processes and procedures for handling and screening the mail and goods that arrive at your site. This includes assistance with:
- Drafting policy and guidelines
- Procedures for the safe management of incoming mail and goods
- Screening and carrying out mailroom processes
- Advice on updating and/or expanding a safe and secure mail facility
- Bespoke crisis rehearsals and drills for Crisis Management Teams