Computer and internet technologies have brought valuable opportunities and efficiencies to the library and education fields. Unfortunately, this kind of innovation often also brings challenges, especially with security. And although every organization tackles cybersecurity differently, there’s one common denominator. When it comes to security, everyone in your organization plays a role—often a critical one.
As Executive Director for Global Security Services at OCLC, I oversee security, privacy, and compliance protocols for a global technology organization. The security of our hardware, software, and data is obviously important, but my most potent defense against cybersecurity threats is the same as yours—my colleagues, and making sure they’re informed and well trained. So, when I give this message at meetings and webinars, I often get a very positive response from library workers. “Training? We’re great at that!”
In those discussions, I also get a lot of questions about what is the best firewall, anti-virus, or VPN solution. That’s all going to depend on your library’s unique technology and needs. What’s never in question, though, is that you have staff and users who probably don’t know everything they should. And the biggest threats you face actually come in through eyes, brains, and hands, not wires and Wi-Fi.Mitigate cybersecurity threats with training. #OCLCnext Click To Tweet
Four cybersecurity training opportunities
Cybersecurity can be complicated. Improving your defenses, doesn’t have to be.
- Set up a security awareness program for staff and users. Obvious? Perhaps. But you would be surprised how often this gets overlooked. I recommend that every employee learn the basics of cybersecurity—and to repeat that training on a regular basis. Include what to be aware of, how to handle suspicious activities, what to do, who to contact, etc. And don’t forget about your users! Incorporate cybersecurity tips on your website, social media, and other channels that reach them.
- Ensure proper hardware and software set-up. This is, to a degree, part of the job of your IT department, of course. But it also involves training your staff, in many cases, in how to set up their home computers, laptops, tablets, and smartphones. It boils down to making sure your staff knows how to avoid security problems in all aspects of their digital lives.
- Put a robust password policy in place. Many organizations go with the bare minimum for password requirements. The result? Bare minimum protection! I recommend requiring staff to change passwords every three or four months and using a scheme that’s easy to remember but hard to guess. There’s a great XKCD comic about how putting together a narrative around four random words is easier for humans to remember but harder for computers (or hackers) to guess. Multi-factor authentication adds another line of defense by verifying a user’s identity with additional credentials like a PIN.
- Learn about partner and vendor security policies. That’s something we at OCLC take an active role in, both with our library customers and with our “upstream” vendors. One example is how OCLC researches, manages, and purchases SSL certificates on behalf of our EZproxy customers. Our efforts help prevent phishing and data breaches. I recommend doing this with your IT providers (like OCLC and other vendors), and on behalf of your staff and end users.
Keeping systems updated requires training, too
Lastly, I’d like to stress the importance of keeping your systems updated. That includes the ones you install yourself, and those that you work on through partnerships with organizations like ours. For example, after its next release, EZproxy will have built-in security protocols that can automatically detect and disable compromised user accounts, making it easier to prevent data breaches. In some cases, it may be the only system on campus that can detect compromised accounts. But guess what? If you don’t upgrade to the latest version, you’ll miss important new updates.
Which (now that I think about it) brings us back to training.
Like great libraries, great security starts and ends with people
One thing I’ve learned from my time working with libraries is that from the outside, people often focus on the materials—the books, databases, movies, music, maps, etc.—whatever content they might need on their next visit. But from the inside, we know it’s the people who make the library work, and the people who come there who inspire us. It’s a community first.
The same should hold true for how you think about security—make it a community effort. It’s not just about technology and tools, but privacy, safety, efficiency, and reliability. So, if you understand why your staff and users need to be informed, the how and what will follow.