For Librarians

Librarians have always been at the forefront of protecting the individual privacy of patrons and ensuring that resources are well-curated and come from credible sources. Publishers share this desire to preserve a safe and trustworthy environment for the exercise of human curiosity for authors and readers.

illustration of a man reading a book with foliage behind him

NEW: A toolkit for librarians to help engage your security team on cybersecurity threats

Click to view the Shift Insight Library Survey Results

Read the related Scholarly Kitchen Guest Post 'Cybersecurity and Academic Libraries: Findings from a Recent Survey'

SNSI University Relations Group

The SNSI University Relations Group works to help raise awareness of shared vulnerabilities, discuss challenges and ways to improve the user experience, while providing legitimate access to scholarly content. Participants have all been informally working together for the past few years and collaborating with leading librarians and other key industry stakeholders in order to develop solutions and or ways to mitigate threats to the ecosystem.

SNSI tips for academic librarians on building strong information security defenses at your institution

The Scholarly Networks Security Initiative recommends these rules of thumb when considering how libraries can contribute and support information security practices in higher education. These same recommendations can also be applied to nearly any other organization too. The investment of time, focus, and technology in prevention efforts is far more useful than the significant costs that result after a security intrusion or data breach. Security is the responsibility of everyone within an organization, to protect institutional data, that of faculty, staff and students, and to ensure the integrity of the work and research the institution performs. However, this investment in protecting information must be visibly supported from leaders across the organization to establish and reinforce a strong security culture on campus.

Create a Campaign for Information Security literacy

Develop Mature Security Practices

Refresh

your knowledge of your institution’s information security and privacy policies. Research aspects of the policy, if necessary.
Take advantage of any training resources available from the Information Security Office.

Connect

with your institution’s Chief Information Security Officer or Director of Information Security and build a relationship to discuss ways that the library can participate in improving security and privacy culture on  campus.

The library

is a hub of learning for the campus community. Engage in teaching moments with students, faculty and staff that expand upon and extend normal password protection and phishing avoidance instruction taught by IT personnel to include responsibility for library resources.

Promote

the use of confirmed, legitimate websites for collecting primary sources, including author and publisher sites. Discourage the use of pirate sites as the integrity of content coming from unofficial sources cannot be guaranteed.

Remind

colleagues and students of the risks that come when sharing account passwords and campus credentials as they are likely tied to other personal information including HR or student grade information, and may unknowingly enable access well beyond the single system they are trying to share.

Provide

clear, easy to understand and operate methods for securely accessing library resources from off campus.

Inform and educate

faculty, staff and students on steps they should take if they discover that their credentials have been compromised or given to another individual.

Consult

your institution’s IT or Information Security office to recommend scheduling a REN-ISAC Cybersecurity Peer Assessment. Start a conversation about how the library can support and assist with increasing the institution’s information security culture.

Partner

with Campus IT or Information Security to promote available reading and videos on information security for self-service use by patrons at your institution. Examples and recommendations can be found on the SNSI Website

Evaluate

the library’s and campus’ requirements against the security capabilities of library-specific systems and applications and develop plans and pacing for timely software updates and patches.

Run and keep

up-to-date endpoint protection and/or antimalware software on all library computers, both patron-facing and those that library staff use.

Back up

important files and records for recovery in case of ransomware attack or system failure. If a campus-wide backup and recovery solution exists, begin to use it. SNSI recommends a 3-2-1 approach to backup: keep three distinct copies of the data, two of them local but on different mediums, and one additional copy being off-site (including cloud).

When looking

into bringing on new electronic resources, make sure they comply with your institution’s security policies.

Create a Campaign for Information Security literacy

Refresh

your knowledge of your institution’s information security and privacy policies. Research aspects of the policy, if necessary.
Take advantage of any training resources available from the Information Security Office.

Connect

with your institution’s Chief Information Security Officer or Director of Information Security and build a relationship to discuss ways that the library can participate in improving security and privacy culture on  campus.

The library

is a hub of learning for the campus community. Engage in teaching moments with students, faculty and staff that expand upon and extend normal password protection and phishing avoidance instruction taught by IT personnel to include responsibility for library resources.

Promote

the use of confirmed, legitimate websites for collecting primary sources, including author and publisher sites. Discourage the use of pirate sites as the integrity of content coming from unofficial sources cannot be guaranteed.

Remind

colleagues and students of the risks that come when sharing account passwords and campus credentials as they are likely tied to other personal information including HR or student grade information, and may unknowingly enable access well beyond the single system they are trying to share.

Provide

clear, easy to understand and operate methods for securely accessing library resources from off campus.

Inform and educate

faculty, staff and students on steps they should take if they discover that their credentials have been compromised or given to another individual.

Develop Mature Security Practices

Consult

your institution’s IT or Information Security office to recommend scheduling a REN-ISAC Cybersecurity Peer Assessment. Start a conversation about how the library can support and assist with increasing the institution’s information security culture.

Partner

with Campus IT or Information Security to promote available reading and videos on information security for self-service use by patrons at your institution. Examples and recommendations can be found on the SNSI Website

Evaluate

the library’s and campus’ requirements against the security capabilities of library-specific systems and applications and develop plans and pacing for timely software updates and patches.

Run and keep

up-to-date endpoint protection and/or antimalware software on all library computers, both patron-facing and those that library staff use.

Back up

important files and records for recovery in case of ransomware attack or system failure. If a campus-wide backup and recovery solution exists, begin to use it. SNSI recommends a 3-2-1 approach to backup: keep three distinct copies of the data, two of them local but on different mediums, and one additional copy being off-site (including cloud).

When looking

into bringing on new electronic resources, make sure they comply with your institution’s security policies.

Librarians and libraries have long been champions of good security to uphold the values core to the library. The campus-wide efforts to protect data are increasing as threats against institutions’ data rise. Libraries, in partnership with other administrative units across campus including IT and Information Security, can educate patrons on how to protect institutional and personal information, access genuine resources to support their research, and build strong relationships between the Library and campus Information Security colleagues.

Other Resources

SNSI University Relations Group Members

  • Gwen Evans, VP, Global Library Relations, Research Networks at Elsevier.
  • Helen B. Josephine, Principal, HBJ Associates.
  • Juan P. Denzer, Engineering and Computer Science Librarian, Syracuse University Libraries.
  • Kathleen P. Neely, Global Marketing Director, Libraries and Institutions, Taylor & Francis.
  • Matthew Ragucci, Associate Director of B2B Product Marketing, Wiley.
  • Rick Anderson, University Librarian, Harold B. Lee Library, Brigham Young University.
  • Stacy Best Ruel, Director of Marketing, Key Accounts, Americas Springer Nature.
  • Sharon Mattern Büttiker, Director of Content Management, Research Solutions, Inc.
  • Sari Frances, Dir. of Content Protection Services, Elsevier (Co-Chair).
  • Scott Levi Ahlberg, Chief Operations Officer, Research Solutions and Reprints Desk, Inc.
  • Andrew J. Wesolek, Director, Digital Scholarship and Communications (DiSC), Jean and Alexander Heard Libraries, Vanderbilt University.
  • David W. Green, Library Systems Analyst, State Library of Ohio.
  • Jamen McGranahan, Associate Director of Library Technology & Assessment Services, Vanderbilt Library, Vanderbilt University.
  • John Felts, Head of Information Technology and Collections / Librarian, Coastal Carolina University.
  • Natasha Nekola, Sales Manager US and Canada at the JAMA Network.

SNSI invites librarians and publishers, along with other important stakeholders, to contribute their time, ideas, and experience to help maintain a safe, secure, and trustworthy information environment for all. Please contact us with your ideas, concerns, and requests for more information.