A self-supporting, independent federal agency, the United States Postal Service (USPS) is the only delivery service that reaches every address in the US: 155 million residences, businesses and Post Office Boxes. As cyberattacks evolve, USPS responds by raising cyber awareness, fortifying network monitoring and strengthening telecommunications response capabilities. Tweet This!
This case study is based on the 2018 Annual Sustainability Report by USPS published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.
Cybersecurity ensures operational continuity, protects USPS’s employees and keeps USPS ‘s customers’ information safe. Accordingly, USPS invests in platforms that increase security as well as improve employee safety, benefit sustainability and enhance customer experiences. In order to promote cybersecurity USPS took action to:
- provide cybersecurity training
- implement the “Cyber Guardians” programme
- raise cybersecurity awareness
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 100 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) USPS has identified;
- How USPS proceeded with stakeholder engagement, and
- What actions were taken by USPS to promote cybersecurity
What are the material issues the company has identified?
In its 2018 Annual Sustainability Report USPS identified a range of material issues, such as customer service and satisfaction, optimising delivery and network operations, financial stability, employee health, safety and wellness. Among these, promoting cybersecurity stands out as a key material issue for USPS.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups USPS engages with:
How stakeholder engagement was made to identify material issues
To identify and prioritise material topics USPS engaged with its stakeholders (USPS customers) through focused surveys, with over 75 respondents providing input on the relative importance of sustainability topics.
In its 2018 Annual Sustainability Report USPS reports that it took the following actions for promoting cybersecurity:
- Providing cybersecurity training
- During FY 2018 USPS’s CyberSafe at USPS team trained more than 220,000 employees and contractors on cybersecurity fundamentals. The team also engages employees using interactive touchpoints, including monthly phishing simulations to help employees recognise and report cyberscams. Related events include the Annual Cyber Security Awareness Fair at USPS’s national headquarters, which promotes best practices to employees and USPS contractors.
- Implementing the “Cyber Guardians” programme
- USPS also initiated the “Cyber Guardians” ambassador programme, empowering USPS field employees to serve as the eyes and ears of USPS’s cybersecurity programme. These individuals facilitate the exchange of critical cybersecurity information between the Corporate Information Security Office (CISO) organisation and co-workers within their local offices. By year end 2018, CISO had enlisted 55 Cyber Guardians across 19 states.
- Raising cybersecurity awareness
- USPS’s CISO continues to promote its website, CyberSafe at USPS, which provides employees, customers and suppliers with information they need to stay safe online. Visitors can learn more about cybersecurity best practices, and how USPS safeguards their personal and financial information. Throughout the year, CyberSafe at USPS features content that raises awareness and promotes safe online behaviours on a range of topics, which include:
- Texting scams involving bank notifications, IRS (Internal Revenue Service) notifications and contests.
- Tech support scams that involve individuals impersonating information technology employees.
- Risks from using public Wi-Fi in airports and coffee shops.
- Risks of ransomware and other malware attacks through email attachments.
- New “Report to CyberSafe” button in Outlook to make reporting suspicious emails easier.
- Dangers and consequences of sharing user logins, passwords and accounts.
Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?
The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:
- Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
- Business theme: Compliance with laws and regulations, Protection of privacy
80% of the world’s 250 largest companies report in accordance with the GRI Standards
SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.
Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.
FBRH GRI Standards Certified and IEMA approved Sustainability Course | Venue: London LSE
By registering for the next 2-day FBRH GRI-Standards Certified and IEMA approved Course you will be taking the first step in gaining the many benefits of sustainability reporting.
1) This case study is based on published information by USPS, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:
Note to USPS: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.