Only you can prevent hackers from ruining our lives.

Yes, even libraries can be a target for those seeking to profit off of disruption. In March 2024 Marshall Breeding, founder of https://librarytechnology.org/, wrote in his column in Computers in Libraries about the impact of cyberattacks on the Toronto Public Library and the British Library and how it is sometimes months before even basic services can be restored to library patrons.

Then in over Memorial Day, Seattle Public Library was brought to its knees by a ransomware attack. All services were brought to a stop. It took more than a month to restore wi-fi, and more than two months before books could be returned and processed and new holds could be placed and filled. The goal was to finally have all services restored by the end of August.

Yes, these are big libraries in big places. That doesn’t mean our consortium is safe just for being relatively small. This is why increasingly our systems will need to become more secured and all library staff will be impacted by new processes meant to avoid those worst-case scenarios.

These are steps that WVLS technology and ILS staff are taking now and will be doing more of to protect our systems:

  • Enrolling all library staff with an email address in regular Infosec IQ online training
  • Enrolling all staff in phishing email tests
  • Rolling out a Staffing Changes online form for reporting new hires, changes in job roles, and departing staff so we can retired old emails and secure accounts, know which accounts are active, and change Sierra passwords
    • Reminders to secure non-LEANWI accounts (like a library’s own Gmail account) after staff depart
  • Resetting Sierra passwords when employees depart libraries
  • Creating a user agreement and associated guidelines for using a library system email account and accessing Sierra
  • Using October as an opportunity to share best practices for personal and professional cybersafety, including:
    • Using strong passwords
    • Using a password manager
    • Using Multi-Factor Authentication (MFA) – a password plus a call/text to a phone or email verification, or other combinations of methods
    • Recognizing and reporting phishing
    • Updating software regularly – on both work and personal devices (computers, phones, etc.)

All of this will make this a safer, more secure place to work. We’re only as safe as the person who takes the least action!

Accessibility Toolbar