Case study: How USPS promotes cybersecurity

What are the material issues the company has identified?

In its 2018 Annual Sustainability Report USPS identified a range of material issues, such as customer service and satisfaction, optimising delivery and network operations, financial stability, employee health, safety and wellness. Among these, promoting cybersecurity stands out as a key material issue for USPS.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups USPS engages with:

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics USPS engaged with its stakeholders (USPS customers) through focused surveys, with over 75 respondents providing input on the relative importance of sustainability topics.

What actions were taken by USPS to promote cybersecurity?

In its 2018 Annual Sustainability Report USPS reports that it took the following actions for promoting cybersecurity:

• Providing cybersecurity training
• During FY 2018 USPS’s CyberSafe at USPS team trained more than 220,000 employees and contractors on cybersecurity fundamentals. The team also engages employees using interactive touchpoints, including monthly phishing simulations to help employees recognise and report cyberscams. Related events include the Annual Cyber Security Awareness Fair at USPS’s national headquarters, which promotes best practices to employees and USPS contractors.

• Implementing the “Cyber Guardians” programme
• USPS also initiated the “Cyber Guardians” ambassador programme, empowering USPS field employees to serve as the eyes and ears of USPS’s cybersecurity programme. These individuals facilitate the exchange of critical cybersecurity information between the Corporate Information Security Office (CISO) organisation and co-workers within their local offices. By year end 2018, CISO had enlisted 55 Cyber Guardians across 19 states. 

• Raising cybersecurity awareness
• USPS’s CISO continues to promote its website, CyberSafe at USPS, which provides employees, customers and suppliers with information they need to stay safe online. Visitors can learn more about cybersecurity best practices, and how USPS safeguards their personal and financial information. Throughout the year, CyberSafe at USPS features content that raises awareness and promotes safe online behaviours on a range of topics, which include:
  • Texting scams involving bank notifications, IRS (Internal Revenue Service) notifications and contests.
  • Tech support scams that involve individuals impersonating information technology employees.
  • Risks from using public Wi-Fi in airports and coffee shops.
  • Risks of ransomware and other malware attacks through email attachments.
  • New “Report to CyberSafe” button in Outlook to make reporting suspicious emails easier.
  • Dangers and consequences of sharing user logins, passwords and accounts.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

• Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
• Business theme: Compliance with laws and regulations, Protection of privacy

78% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

7 GRI sustainability disclosures get you started

Any size business can start taking sustainability action

GRI, ISEP, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom  (venue: London School of Economics)

• Exclusive FBRH template to begin reporting from day one
• Identify your most important impacts on the Environment, Economy and People
• Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP. 
• Benchmarking methodology to set you on a path of continuous improvement

See upcoming training dates.

References:

1) This case study is based on published information by USPS, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:

http://database.globalreporting.org/

2) https://www.globalreporting.org/standards/gri-standards-download-center/

Note to USPS: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.