For Librarians
Librarians have always been at the forefront of protecting the individual privacy of patrons and ensuring that resources are well-curated and come from credible sources. Publishers share this desire to preserve a safe and trustworthy environment for the exercise of human curiosity for authors and readers.
NEW: A toolkit for librarians to help engage your security team on cybersecurity threats
Click to view the Shift Insight Library Survey Results
Read the related Scholarly Kitchen Guest Post 'Cybersecurity and Academic Libraries: Findings from a Recent Survey'
SNSI University Relations Group
The SNSI University Relations Group works to help raise awareness of shared vulnerabilities, discuss challenges and ways to improve the user experience, while providing legitimate access to scholarly content. Participants have all been informally working together for the past few years and collaborating with leading librarians and other key industry stakeholders in order to develop solutions and or ways to mitigate threats to the ecosystem.
SNSI tips for academic librarians on building strong information security defenses at your institution
The Scholarly Networks Security Initiative recommends these rules of thumb when considering how libraries can contribute and support information security practices in higher education. These same recommendations can also be applied to nearly any other organization too. The investment of time, focus, and technology in prevention efforts is far more useful than the significant costs that result after a security intrusion or data breach. Security is the responsibility of everyone within an organization, to protect institutional data, that of faculty, staff and students, and to ensure the integrity of the work and research the institution performs. However, this investment in protecting information must be visibly supported from leaders across the organization to establish and reinforce a strong security culture on campus.
your knowledge of your institution’s information security and privacy policies. Research aspects of the policy, if necessary.
Take advantage of any training resources available from the Information Security Office.
with your institution’s Chief Information Security Officer or Director of Information Security and build a relationship to discuss ways that the library can participate in improving security and privacy culture on campus.
is a hub of learning for the campus community. Engage in teaching moments with students, faculty and staff that expand upon and extend normal password protection and phishing avoidance instruction taught by IT personnel to include responsibility for library resources.
the use of confirmed, legitimate websites for collecting primary sources, including author and publisher sites. Discourage the use of pirate sites as the integrity of content coming from unofficial sources cannot be guaranteed.
colleagues and students of the risks that come when sharing account passwords and campus credentials as they are likely tied to other personal information including HR or student grade information, and may unknowingly enable access well beyond the single system they are trying to share.
clear, easy to understand and operate methods for securely accessing library resources from off campus.
faculty, staff and students on steps they should take if they discover that their credentials have been compromised or given to another individual.
your institution’s IT or Information Security office to recommend scheduling a REN-ISAC Cybersecurity Peer Assessment. Start a conversation about how the library can support and assist with increasing the institution’s information security culture.
with Campus IT or Information Security to promote available reading and videos on information security for self-service use by patrons at your institution. Examples and recommendations can be found on the SNSI Website
the library’s and campus’ requirements against the security capabilities of library-specific systems and applications and develop plans and pacing for timely software updates and patches.
up-to-date endpoint protection and/or antimalware software on all library computers, both patron-facing and those that library staff use.
important files and records for recovery in case of ransomware attack or system failure. If a campus-wide backup and recovery solution exists, begin to use it. SNSI recommends a 3-2-1 approach to backup: keep three distinct copies of the data, two of them local but on different mediums, and one additional copy being off-site (including cloud).
into bringing on new electronic resources, make sure they comply with your institution’s security policies.
your knowledge of your institution’s information security and privacy policies. Research aspects of the policy, if necessary.
Take advantage of any training resources available from the Information Security Office.
with your institution’s Chief Information Security Officer or Director of Information Security and build a relationship to discuss ways that the library can participate in improving security and privacy culture on campus.
is a hub of learning for the campus community. Engage in teaching moments with students, faculty and staff that expand upon and extend normal password protection and phishing avoidance instruction taught by IT personnel to include responsibility for library resources.
the use of confirmed, legitimate websites for collecting primary sources, including author and publisher sites. Discourage the use of pirate sites as the integrity of content coming from unofficial sources cannot be guaranteed.
colleagues and students of the risks that come when sharing account passwords and campus credentials as they are likely tied to other personal information including HR or student grade information, and may unknowingly enable access well beyond the single system they are trying to share.
clear, easy to understand and operate methods for securely accessing library resources from off campus.
faculty, staff and students on steps they should take if they discover that their credentials have been compromised or given to another individual.
your institution’s IT or Information Security office to recommend scheduling a REN-ISAC Cybersecurity Peer Assessment. Start a conversation about how the library can support and assist with increasing the institution’s information security culture.
with Campus IT or Information Security to promote available reading and videos on information security for self-service use by patrons at your institution. Examples and recommendations can be found on the SNSI Website
the library’s and campus’ requirements against the security capabilities of library-specific systems and applications and develop plans and pacing for timely software updates and patches.
up-to-date endpoint protection and/or antimalware software on all library computers, both patron-facing and those that library staff use.
important files and records for recovery in case of ransomware attack or system failure. If a campus-wide backup and recovery solution exists, begin to use it. SNSI recommends a 3-2-1 approach to backup: keep three distinct copies of the data, two of them local but on different mediums, and one additional copy being off-site (including cloud).
into bringing on new electronic resources, make sure they comply with your institution’s security policies.
Librarians and libraries have long been champions of good security to uphold the values core to the library. The campus-wide efforts to protect data are increasing as threats against institutions’ data rise. Libraries, in partnership with other administrative units across campus including IT and Information Security, can educate patrons on how to protect institutional and personal information, access genuine resources to support their research, and build strong relationships between the Library and campus Information Security colleagues.
SNSI invites librarians and publishers, along with other important stakeholders, to contribute their time, ideas, and experience to help maintain a safe, secure, and trustworthy information environment for all. Please contact us with your ideas, concerns, and requests for more information.