Full Text

Libraries must pay close attention to the security of the technology applications they implement to support their work and provide access to resources for users. Any lapse can bring incredible harm to the library as an organization and to patrons if their personal information becomes compromised or exposed.

Security concerns are more serious than ever. The internet has become increasingly hostile territory, with all systems and services that the library might operate under constant threat. No organization can responsibly operate systems connected to the internet without sophisticated layers of defense against the inevitable barrage of attacks. Libraries are not immune to these attacks. Attackers do not spare organizations with benevolent missions. The ongoing transition to technology services delivered through cloud computing has changed many aspects of security and privacy. Much of the technical burden has shifted from the library to its technology providers. Libraries must ensure proper security practices through contractual requirements. Unfortunately, individuals and organizations that perpetrate malware attacks have also gained ever more powerful tools deployed through cloud technologies. Libraries must continue to rank security as a top concern when selecting and implementing any technology component.

Ransomware: Be Prepared

The likelihood of security incursions is substantially higher than ever before, and the consequences are more severe. For example, ransomware attacks have turned into a proftable activity by attacking all manner of organizations, including governmental entities, nonprofts, and libraries. These attacks take advantage of the same techniques that have been around for years, such as tricking users into opening an email message with a malicious payload. When opened, the malware may be capable of working its way through the data fles of the organization and encrypting them with a digital key known only to the attacker. Once encrypted, the associated applications will likely fail, and the data fles will be inaccessible. The organization often receives a message from the intruder, demanding fnancial payment for the digital key needed to decrypt the fles. The intruder usually requires that the payment be made in Bitcoin or some other cryptocurrency. Transactions made in cryptocurrencies can take place without revealing the identity of the recipient.

Cryptocurrencies provide the mechanism that makes computer...