Libraries must consider safety and security to be a part of their workflow when thinking about managing their technology resources. At EBSCO Information Services, we get a lot of questions from librarians looking to ensure that their library services are as secure as possible. There are plenty of resources available to help you maintain a safe environment for library users and staff. Here are a few ways to secure your library’s technology resources.
Secure and upgrade public computers
The first step is to ensure all public technology resources are secure. First and most important, make sure that your library computers are running up-to-date versions of operating software. Windows 10 and MacOS Mojave are the safest you can run today. Tip – trial the upgrade process on one machine first, and test the software to ensure the upgrades are running smoothly.
This may sound routine, but it’s incredibly important. You can’t make your library patrons safe if your library machines aren’t safe. Older Windows versions like XP and Vista aren’t even supported by Microsoft anymore, meaning that you can’t update them with new fixes.
Next, make sure the browsers on all your computers are also on the latest versions, as it’s impossible to secure an old browser. If you’re using Google Chrome and/or Firefox, turn on automatic upgrades – these browsers are upgraded almost monthly, so there’s no way you can keep up with that schedule manually. In our experience, almost 75 per cent of all users of these browsers are running the latest version at any time; that’s how powerful automatic upgrades can be. Internet Explorer – and Microsoft’s new browser, Edge – upgrades are crucial as well, but they’re handled differently. Microsoft bundles those updates into Windows Update, which updates the whole operating system. In Windows 10, there’s no way to turn off automatic updates, but in Windows 7 and 8, you will want to make sure those updates are running.
Invest in antivirus resources
Antivirus resources are sometimes disregarded because, well, it’s just one more thing to find money for. However, it’s still important to ensure your public computers are protected by antivirus software. Yesterday’s attackers were after credit card numbers; today’s attackers are also interested in selling access to your library’s content and running Bitcoin mining programs.
The good news is that if you can get your computers to Windows 10, Windows Defender is finally an adequate basic security solution for the desktop, although your IT department may invest in third party solutions instead. Once installed, make sure the antivirus update subscriptions are running properly, scans are running consistently and the appropriate fixes are being made in real time.
Unfortunately, occasionally a computer may get infected with malicious software that your antivirus package isn’t able to remove. You can tell this has happened when the same computer keeps alerting – it’s not that it’s getting re-infected, it’s that the antivirus software tried and failed to remove the first infection. There’s no choice in these cases except to wipe the hard drive and reinstall.
Set secure passwords
What’s a secure password, you ask? I’ve been asked this repeatedly; when I delivered mandatory security awareness training, it was the only part of the class where I could see everyone taking notes. A secure password is one that’s hard for an attacker using a computer to guess. It’s not something that feels personal or private or special. If it’s something that would appear on your Facebook page, or your institution’s page or web site, it’s not a secure password.
The best way to manage passwords is to use password management software, like 1Password or LastPass. These packages will generate a new password for every site you use, and remember these passwords. The only password you’ll need to remember is the one you use for the tool’s password manager. Chrome, Firefox and Safari have password managers built in, as well.
However, you can still manage without one of these tools, if you must. Longer passwords are better passwords. You can use a dictionary – open it three or four times, pick a word from every page, and separate them with hyphens. Teenaged-basin-surmise-refill is a lot easier to remember than @GMU8^TBYU, and it’s similarly safe.
Staff passwords aren’t the only ones that need to be secured. Libraries subscribe to various vendor services, and many require passwords. The same trick can be used to generate a shared password. Tip for sharing this password – don’t put it on your public website. Attackers use Google to search for passwords the same way a burglar checks under the mat for a key. Instead, print the password on paper or notecards. Surprisingly, that’s safer than most ways of posting them online.
Securing your library’s resources is crucial to maintain a safe, secure environment for your institution and its patrons.
Skott Klebe is a platform security architect at EBSCO Information Services