The COVID-19 pandemic has affected different businesses and organizations in diverse ways. Libraries have unique challenges. Many had to close for several months after the pandemic started and are just now beginning to reopen. While wanting to provide services to the community, they must also be careful to avoid spreading the infection, so many are actively taking temperatures and doing health screenings.
In response to social distancing guidelines and an increased demand for educational and business services, libraries have amped up their online offerings to include e-books, audiobooks, lending programs, video conferencing services, and other practical solutions.
Many staff were furloughed, and many were able to work from home, needing to tap into digital resources to complete their work. Additionally, libraries have dramatically increased their email and social media outreach more than ever before. While all of this electronic growth can provide organizations with even greater reach, it can also expose them to cybersecurity challenges.
So, with all this change, where should a library begin the process of reassessing its security vulnerabilities? What are the immediate things libraries should take care of? Below, we answer these important questions.
Cybersecurity Threats for Libraries
With in-person and online access to the public, libraries are vulnerable to attacks on their internal systems. They face these particular security threats.
Many libraries do not prohibit the use of USB flash drives. These devices can sometimes allow users to access the network systems, which make them vulnerable to malware. Subsequent users of public access computers are vulnerable to having their personal or financial information stolen.
One specific type of malware that libraries should be worried about is ransomware that encrypts all the files on a server or computer. This type of malware can spread quickly through a network. The attacker often demands money to unlock the files. The Spartanburg County Public Libraries system in South Carolina was infected with ransomware through email, which dramatically affected the public's ability to use its system. Other infected library systems included St. Louis, Missouri, and Brownsburg, Indiana. Seventeen U.S. cities were impacted by ransomware attacks in 2017.
Remote Work Vulnerabilities
Remote workers who use their home systems are much more likely to be vulnerable to attack due to less secure measures. They are at heightened risk of browser-based attacks, unsecured wireless networks, and difficulty fixing security breaches once they occur.
Checklist to Protect Your Library
Fortunately, there are many things that you can do to protect your library and prevent identity theft.
Educate Your Staff
For any security measure to be effective, your staff needs to know about it. You should educate your staff on the possible cybersecurity risks and the ways to prevent them. In addition to educating your paid staff, also be sure that you provide training for volunteers. Here are some basic instructions for all staff who use your systems to adhere to include.
- Do not click on attachments.
- Do not open emails from unfamiliar senders.
- Monitor for extensions like .exe or .zip that may have executable files.
- Closely review the sending email address before opening an email since many attackers may use very similar sounding names of people or organizations.
- Do not click on links in emails unless you know the sender.
You can also limit the ability of some staffers to compromise your system. For example, you may want to set up systems in a manner that users can only access certain programs and functions based on their job duties. Consider disabling links in your email application to prevent compromising your system. Do not install free software that you have not properly vetted.
Limit the Use of External Devices
External devices like USB flash drives can be used to install malware into a computer system. If a network is infected, the infection can also spread to these devices, which members of the public may use on their home devices, further compromising their personal data. Some libraries provide staff with their own flash drives that they can only use on library systems. These flash drives are scanned before use.
Protect Your Passwords
An easy but often overlooked way to protect your online security is to use strong passwords and different passwords for each site. This simple step is huge in preventing identity theft. You can use a password manager to help keep track of all of your passwords. Enforce strong password routines within your organization by setting up all of your password-enabled systems with strong passwords.
Back Up Your Systems
One of the best protections that a library can have against a ransomware attack is a current backup. This is because ransomware can lock up your applications, systems, and information. Having a recent backup can help you restore your system much faster. Your backup should not be connected to the network and should be offsite.
Software companies often provide free updates so that their programs will run more efficiently and securely. Keep your software up to date so that you have the latest security patches. Also, make sure your antivirus software will automatically update.
Know the Security Protocol of Vendors
You likely have various companies that provide you with software for your computers or other digital services. Check with these companies about what they are doing to prevent identity theft and cyberattacks. People in libraries may be doing anything from studying for their driver permit test to studying for school to checking their credit report or bank account information, so it is important that your patrons should feel safe that the latest security measures are in place and that you have carefully vetted third-party vendors.
Be especially wary about companies that initiated contact with you instead of the other way around.
Now More Than Ever
Now more than ever, libraries serve an integral role in the public's access to information and much needed social services. While there are many threats out there, there are also several ways that you can protect the security of your digital infrastructure and your patrons' privacy.
About the Author
Daniel William is content director and a cybersecurity director at IDStrong, which specializes in identity monitoring. His great passion is to maintain the safety of the organization's online systems and networks. He knows that both individuals and businesses face the constant challenge of cyber threats. Identifying and preventing these attacks is a priority for Daniel.