Among the many cyber tools available to today’s criminals, ransomware poses perhaps the most serious threat to businesses. The term ransomware describes a family of malicious software that’s designed to take over a victim’s network and deny access to important files or data until a ransom is paid. Over the past year, we’ve seen the rate of ransomware attacks triple[1], with high-profile strains like WannaCry, Petya, and its variants NotPetya and Bad Rabbit wreaking havoc across global markets. While the victims of ransomware attacks span a range of industries, organizations in the shipping and mailing space appear to be favored targets. Last spring, a shipping corporation lost an estimated $300 million in potential revenue from service and invoicing outages caused by ransomware.[2] A global freight giant and several port administrators also experienced damaging network outages caused by the same attacks.[3]

As the leader of the Postal Service’s cybersecurity organization, I’ve witnessed firsthand the impacts ransomware and related attacks can have on the mailing industry. This past year, one of our shipping partners and a large mailing client suffered major disruptions resulting from a ransomware attack. Third-party incidents like these pose a serious risk to our revenue and mail processing operations, and as a result, they threaten the business of mailing organizations across the supply chain. As technology continues to foster closer connections between our businesses, we should recognize the shared responsibility we all have in securing the mailing industry cyberspace and protecting the data and operations of our business partners, vendors, and customers.

So what can mailers do to prevent a devastating ransomware attack? By addressing cybersecurity challenges associated with employee behaviors, processes, and information technology, organizations can shore up their resilience to cyberattacks and contribute to a safer mailing ecosystem.

Developing Safe Employee Behaviors

While IT capabilities and processes are instrumental to an organization’s cybersecurity strategy, employee behavior plays an equally critical role in preventing cyberattacks. The majority of cyber incidents can be prevented by educating employees to recognize phishing, setting sufficiently complex passwords, and obeying security warnings. To this end, the Postal Service has implemented CyberSafe at USPS, an industry-leading cybersecurity awareness and training program. Through CyberSafe at USPS, our organization launches targeted campaigns to improve our workforce’s cyber resilience and educate our partners and customers on safe cyber practices.

In addition to standard quality assurance and data handling training, mailing organizations should enroll employees in similar programs to develop safe cyber practices throughout their workforces. Mail center administrators, in particular, should focus training efforts on discouraging employees from connecting internet-enabled devices to mail processing equipment. Viruses like ransomware are often spread when devices are connected through a USB cord for charging or file sharing. Device security programs like the Postal Service’s Separate for Security campaign remind employees of the dangers of connecting devices and suggest alternative ways to transmit data safely across an organization.

Enforcing Secure Processes

In addition to training staff on cybersecurity fundamentals, organizations should implement appropriate data security and control processes. IT administrators should keep operating systems and firewalls current by enrolling all devices in mandatory system updates. Recurring software updates allow IT companies to protect devices against newly identified cyber risks. Since cyber criminals often probe compromised networks for outdated or unpatched software, these updates provide a critical layer of protection against would-be ransomware attacks.[4]

To limit the impact of a ransomware attack, administrators should house duplicate copies of crucial files and programs on external networks. Backing up critical information and regularly testing data recovery processes ensures essential business operations can continue in the event of a network shutdown. Organizations should also consider housing mail processing equipment and email servers on separate networks to insulate mail services from the effects of a ransomware attack. By preparing mail processing equipment to run offline and establishing a comprehensive, battle-tested disaster recovery plan, a mailing organization can avoid serious disruptions in the aftermath of a ransomware attack.

Implementing Technical Safeguards

Along with safeguards designed to improve the cyber resilience of an organization’s people and processes, mailers should adopt technical measures to mitigate the cyber risk posed by phishing. Cybercriminals utilize phishing attacks to trick unknowing email recipients into downloading infected files sent as attachments, thereby planting a ransomware infection on an organization’s IT network. To prevent phishing, organizations should closely monitor their inbound messages for spam and use email authentication tools to make sure that mail purporting to come from their servers is legitimate. To protect our organization’s email platform, the Postal Service conforms to Department of Homeland Security (DHS) email validation mandates and maintains a robust anti-phishing program. These safeguards ensure our organization does its part to keep spam out of the email environment for our business partners, vendors, and customers.

Defeating ransomware requires a cross-organizational commitment to developing people, processes, and technology. We all play a role in defending the mailing industry from cyber threats – from the executive level to the frontline employees. I encourage you to review our website,, to learn more about steps your organization can take to enhance its cybersecurity posture and eradicate the ransomware threat.

Greg Crabb is the Chief Information Security Officer and Vice President, United States Postal Service.


[2] FedEx Estimates Ransomware Attack Cost $300 Million,

[3] FedEx's TNT Reels From June Cyberattack as Damage Lingers,

[4] What is ransomware? How it works and how to remove it,