August 30th, 2011 Brian Herzog
Over on LISNews, Blake has a series of posts on IT security in libraries, and it's absolutely worth checking out. So far there are five parts:
- IT Security For Libraries
- Practical Tips For Online Privacy
- Practical Advice On Choosing Good Passwords
- Staying Safe Online
- 20 Common Security Myths
It's good for library staff to know and abide by this information, but it is also very useful material for building a online safety program for the public.
Another of my favorite security-related posts is the Email Scam Competency Test, to see if you can tell legitimate email messages from scams. At the end of the test, click the "why" links to see the clues for telling the difference.
February 15th, 2011 Brian Herzog
Did you read the story about a library in England that found two devices, designed to steal patron information, plugged into their computers?
It almost sounds like an urban legend, but even if it were it's still a good remind to all of us that this could happen anywhere.
The devices are USB keyloggers - someone would unplug the keyboard from the computer, plug the keyboard into this device, and then plug it back into the keyboard's USB port. With this device between the keyboard and computer, it can record every keystroke made on the computer - including websites visited, username/password combinations, credit information, etc.
The best defense against this is for library staff to check for these, or anything attached to a library computer that shouldn't be there. The article also suggest plugging keyboards into the front of computers, to make spotting them easier.
To notice something like this, of course, library staff must be familiar with what should and what shouldn't be there. I don't mean to be all preachy, but this is a good opportunity to familiarize staff who may not be really tech-savvy with library equipment. And another thing: take a few minutes today and check all of the computers in your library.
Thanks Dale for sending this to me, and it was also on LISNews.
Tags: computer, computers, equipment, identity, keylogger, keyloggers, libraries, Library, public, security, theft, usb
January 13th, 2011 Brian Herzog
Over the last few years, we've noticed a rise in DVD thefts at my library. It seemed to happen in waves - once in awhile, we'd suddenly notice ten or so empty DVD cases on the shelf.
In general we're pretty relaxed at my library, and try to err on the side of good customer service. However, as the empty cases built up, staff started investigating ways to curtail the thefts.
But the kicker was that, when we ran the numbers, all of the security options we looked at (cameras, dummy cameras, security cases, a DVD jukebox, keeping DVDs behind the desk, etc.) were actually more expensive than just buying replacement DVDs. At least, this was true for the rate of theft we were seeing.
It seems counter-intuitive, and a little aggravating, but this is the route we took. The Circ staff was especially frustrated by the apparent "do nothing" approach, but we reviewed the numbers multiple times over the years, and replacement was always the cheapest option. Well, that combined stepped-up monitoring by staff.
And then something happened that no one expected: a stack of DVDs with a note attached ended up in our bookbox. Apparently, whoever had been stealing them got a conscience (or else, as one popular theory holds, his mother found them*). And then, a week later, a second stack of disks showed up.
We had been saving the empty cases all along, so re-adding them to the collection was easy. Hopefully, this trend will continue, and we'll end up with all of our DVDs back - just a couple years late. And we haven't noticed many missing lately, so the increased staff monitoring also seems to be working.
*Most of the DVDs that were stolen were Adam Sandler/Will Ferrell/American Pie-type movies, which implies the culprit(s) is probably high school boys.
May 6th, 2010 Brian Herzog
Here's something neat - and vital for library staff, both for those who directly provide computer help to patrons and for anyone else who uses a computer in their daily life:
A recent Slashdot post linked to a test to see how well people can identify spam, scam and phishing email messages (which can happen to anybody).
The test is provided by SonicWall, and would be a great for:
- taking as a group during a staff meeting or training day
- testing new employees to help protect your network and increase their tech competency
- showing to students and computer literacy classes to teach them to evaluate websites and email messages
After you're finished, be sure to click the "why" links on the test results to see exactly what looks suspicious and what are the red flags - that is the most helpful part of the test.
Tags: competencies, competency, email, libraries, Library, phishing, public, quiz, scam, scams, security, spam, test