A Publication of the Public Library Association Public Libraries Online

Protecting Your Library Against a Data Breach

by Melanie A. Lyttle and Shawn D. Walsh on March 20, 2015

Sony has been in the news the past few months after its recent hacking scandal. Additionally, hacks have occurred against Target, Home Depot, and other businesses over the past year, causing customers to worry if they had used a credit card to shop at one of these places. As libraries, we don’t keep people’s credit card information, but it is still important to be secure. We want this post to encourage people to talk with their coworkers and in-building IT people. Just having the conversation makes all libraries more secure.

Generally the opinion of some library people is that they don’t have to be especially secure because they are libraries. The idea is security through obscurity. However, all that does is cause libraries to play a waiting game. It is not a question of IF there will be a problem, but when.

Libraries have a plethora of computers with good bandwidth and servers with lots of space. By the very nature of libraries wanting to provide open access, they are a target for potential hackers. Open access is both a tenant of who we are as libraries and extremely important. It is not our intent, at all, to say there should not be open access! However, we must provide this service with our eyes open — knowing it could come back to bite us later. This mode of thinking isn’t meant to scare you, but to cause you to stop and think.

In order to continue to provide the best access possible, we pose the following questions:

When was your last security audit? Have you checked to see that all your recent computer updates installed properly? Did it fix security holes or make the existing ones bigger? Getting someone to do a security audit is similar to getting someone to do a home inspection. There are plenty of people you can call, but you want someone who really knows what he or she is doing so it saves you time and money later on. To find a good security auditor you want to check with current and previous customers of your potential contractor. Are they pleased with the service they received? Did they feel it was worth the money?

Have you kept up-to-date with your updates? Sometimes something as innocuous as not updating a browser plug-in like Flash or Acrobat can be a problem. Are all your Windows updates done? Is your anti-virus up-to-date?

How good are your back-ups? This is one of those questions that can strike fear into your heart. The idea is that back-ups are there if you have a problem, but do you know if they would even help you? Have you ever tried to restore anything from one? This is just about checking to see that the files you are backing up are ones you can actually use. How often are you rotating your back-ups? What length of time do you back up your files? A day? Two days? Do you set one of your back-ups aside every so often to make sure you are not preserving compromised data that has been backing up onto what you would use to restore all your files if necessary?

Have you checked your technological band-aids? Sometimes changes to systems are made in the heat of the moment to accommodate immediate needs. Have you gone back and made sure they were done in the best possible way? Someone placed those band-aids in the best possible way at the time, but that may not be the best long-term fix for the problem.

How are you managing all your updates? There are programs like Ninite (https://ninite.com) and Wpkg (http://wpkg.org/) that can help you manage your non-Microsoft applications updates.  Are you paying attention and checking regularly for your Windows programs updates as well?

Are you ignoring security concerns because you have Apple devices? There is the belief that if you run devices from Apple that you will not be a target for hacking. That is not wholly true. It is true that there are not as many Apple computers to target as Windows computers, but that again is security through obscurity or quantity. Recently Apple has had some security issues so staying updated on your iOS updates and Apple applications updates are important. There are programs like “Get Mac Apps” (http://www.getmacapps.com/) that function similarly to Ninite and Wpkg for Windows devices that manage updates.

My IT person says you guys are wrong! We’re okay with that. Everyone will have local concerns and parameters that make different levels or types of security better or worse for them. Security can’t impede workflow or be so lax that it’s nonexistent. In the end, if you are staying up to date with your virus protection and different program updates, you should be fine. But sticking your head in the sand and pretending security isn’t an issue won’t protect you from anything either. As long as you and your local security person have talked and made a plan that works for your library, then our work has been done.

Melanie A. Lyttle is the Head of Public Services Madison Public Library. You can watch her YouTube channel, Crabby Librarian, at http://www.youtube.com/watch?v=7Rv5GLWsUowShawn D. Walsh is the Emerging Services and Technologies Librarian at Madison Public Library.

Tags: , , , , , ,