Public libraries handle a surprising amount of personal information every day. You might already take steps to secure your library card database, but public-access computers and other systems can also pose a risk. If you aren't already, you need to pay close attention to securing these other systems, too.
Between training and policy, effective antivirus solutions, and smart network planning, you can protect your library's data from accidental loss and cyberattack.
For Your Staff
Library staff should follow the same protocols as other organizations, especially since they tend to handle large amounts of personally identifiable information about their patrons. Here are a few ways to keep your library protected and avoid downtime.
Before you do anything else, develop a data backup and recovery plan. In the event that you lose data due to cyberattack, system failure, or human error, you need to ensure that you can restore your files as quickly as possible, minimizing damage and downtime.
For best results, follow the 3-2-1 rule: Create three separate copies of your data and keep them in at least two locations, one of which should be offsite. Update these backups regularly to ensure that you always have a recent copy in the event of data loss. You can use software such as Veritas Backup Exec to ensure that these copies are constantly updated in the background.
You'll also need to use an antivirus solution in order to protect your network from malware, spyware, and other viruses. TechSoup offers libraries security products from Avast, Bitdefender, and Norton. Bitdefender and Norton are good options for smaller libraries with only a few computers to manage, while Avast is a solid choice if you have a lot of computers on your network.
Training and Accessibility
You should also train your staff on safe internet use, how to spot phishing emails, and what to do in the event of a data breach. You can design this training yourself or use a tool like KnowBe4, which offers a range of digestible courses for staff and patrons. Additionally, ensure that all sensitive files are accessible by only those people who need to access them.
For Public-Access Devices
If you provide public-access computers for your patrons, consider taking these security measures to protect your sensitive data — and to protect the privacy of your patrons.
One way to protect sensitive data is to keep your public-access devices on a separate Wi-Fi network from your staff computers. This creates a layer of protection between the two networks, preventing any cyberattacks on public-access computers from spreading to staff devices.
One way to contain malware infections and prevent data leaks is to regularly wipe and reset your public-access computers. This ensures that any potentially malicious files downloaded onto the computers will be deleted. It will also wipe any documents that your patrons may have saved to the hard drive.
To automatically carry out these resets, consider using a tool like Reboot Restore Rx Pro. You can set this software to automatically reset your Windows computers at a predetermined time, such as once per week or after each logoff. This will keep your computers in good working order and ensure that you are not storing any unnecessary files. If you have software or documents that you want to keep, you can store those in a folder that will be retained when the system is wiped.
Computer Use Policy
A great way of reducing your risk of cyberattack is to employ a computer use policy for your public-access devices. You might ask patrons to watch a short training video on how to spot potential threats and what to do if they suspect a security breach. You may also ask your patrons and staff to read and agree to an acceptable use policy for your computer equipment. This educates your patrons, while covering you in the event of an incident and providing points of reference in case you need to revoke a user’s computer access.
Taking Security Seriously
In order to protect both your clients and your staff, you need to dedicate some time and budget to security measures at your library. By keeping public-access devices on a network separate from your staff computers, investing in antivirus software, and ensuring that your clients are safe in their use of public-access computers, you can keep your library running smoothly.
- Enroll in TechSoup Courses' Cybersecurity Bundle.
- Get a recorded Introduction to Data Privacy and Cybersecurity for Nonprofits.
- See a webinar on The Best TechSoup Training Resources for Libraries.
- Check out TechSoup's Top Offers for Libraries.
Top photo: Shutterstock