Customer service experience
Since it’s their job to constantly patrol the library, your security workers will come in contact with patrons for many reasons other than safety or loss prevention. Make sure you choose security staff that is able to assist the public with general library logistics such as finding different sections, explaining checkout rules, and which programs are occurring on a specific day. The extent of this may vary between large branches with full-coverage staff and small locations that need more help, but every security worker should be aware of what peripheral needs might come up.

Physical requirements
Make the physical requirements for any security positions absolutely clear in your job listing. If applicants do not realize that they will be standing or walking for their whole shift or that they will be expected to help lift boxes of books or help set up furniture for programs, you may unintentionally hire someone who is unqualified. Stress the physical requirements from the beginning to guarantee that you choose the right fit for your location.

Technology savvy
Another job point that doesn’t seem obvious but becomes crucial immediately, security workers must be familiar with basic word processing and email at the very least, to create and file incident reports. This is a skill that is rapidly becoming universal, but don’t take it for granted in all your applicants. If your library has its own security system set up, your security workers will need to either be familiar with it or able to learn how to use it properly for the safety of all staff and patrons.

Flexible schedules Your security workers will have to cover more than just the hours your library is open. They will be your first line of contact if anything goes wrong overnight or whenever the library is supposed to be empty. To truly secure the library, they need to be willing to respond to alarms; help cover late, early, or distant events; and keep your materials, staff, and customers secure at all times.

What do you look for in security staff? Share your experiences in the comments below.

Further Reading

Melanie Griffin, “I’m Not Actually a Librarian: Volunteer Coordinator,” Public Libraries Online, January 25, 2016.

Melanie Griffin, “Safety & Security Workers Are An Integral Part of Library,” Public Libraries Online, April 15, 2016.

The post I’m Not Actually a Librarian: Security Staff first appeared on Public Libraries Online.

Your library staff and patrons deserve the security of mind that comes with a security team. They can help with:

• Regulating unruly customers.
  As painful as it is to admit, not all who walk into the library are looking to enrich their lives peacefully. Fortunately, a good security worker can defuse a situation before it gets out of hand, whether it’s ejecting someone who is intoxicated or helping a lost child find their parent.
• Keeping buildings and collections up to safety codes
  In conjunction with maintenance staff, security officers also work with local safety officials to make sure all areas of the library (including physical storage areas) comply with fire codes and any other physical safety measures that must be taken, whatever the shape of the building.
• Protecting both patrons and employees during emergencies
  Ideally, all staff would know exactly what to do in case of a sudden fire, structural collapse, tornado, or on-the-job injury. Security workers strive toward that optimism while staying alert to the busy realities of everyday work life. They are there not only for direction and guidance during a real disaster but may also provide training or disaster drills.
• Coordinating and updating building access.
  As the eyes and ears of the library, security officers are in charge of the flow between the public and staff-only areas. This includes keeping updated, ongoing records of new and exiting employees—including volunteers, staff from other locations, members present for library board meetings, and cleaning, construction, or other third-party workers—not only to make sure only those authorized are coming and going but also to track where keys and access cards are at all times. In conjunction with human resources or on its own, the safety and security office can help keep the library’s backstage free and clear of trespassers.

Library security is an often-overlooked but incredibly important job on both a day-to-day and big-picture basis.

Further Reading:

Griffin, Melanie. “I’m Not Actually a Librarian: Volunteer Coordinator.” Public Libraries Online. January 15, 2016.

The post Safety & Security Workers Are An Integral Part of Library first appeared on Public Libraries Online.

I am a strong believer that librarians should be considered mandated reporters nationwide. We work in one of the few professions that see preschool children and their parents. We are in a position to see the interaction between child and adult and see this relationship unfold at time when a parent may not be particularly on guard. Likewise, we are also in the position to have unguarded conversations with seniors and can often gain insight based on the kinds of questions a senior asks.

In my state, librarians are not mandated reporters. Consequently, we receive no training and no direction for what to do if we have suspicions. Without this, our perceptions are not recognized as legitimate. This became painfully apparent to me and my staff recently.

A male patron, who appeared to be the father of two young girls, began coming to our library. My staff brought him to my attention because of things that they overheard in the man’s interactions with the girls. They reported extremely racist, sexist, and politically inflammatory comments. They reported what sounded like threats, “You better find a book or I’ll tell you one of my stories, and we know what happens then.” But we all agreed, while we found these things disturbing, they were not grounds for action.

Their visits were infrequent. They purchased books from the used rack, but didn’t check anything out. No one knew their name. So we started to pay attention. On a couple of occasions I tried to engage one of the girls in conversation. She appeared scared, avoided eye contact, and answered in monosyllabic responses with as little information as possible. The situation made everyone uncomfortable, but we didn’t know what to do.

One day, one of the girls, unbeknownst to her father, wandered to look in the stacks; I wandered to shelve nearby. When the man found her, he was clearly irate. “There’ll be no food for you tonight, and none til you prove you can behave,” he announced. I tried to intervene and explain the girl had done nothing wrong, but I was informed she knew the rules and clearly hadn’t followed them. Fearing a worse fate for the child if I persisted, I stopped.

Immediately after this exchange they left the library. Considering his promise to withhold food a clear threat, we called the police and our local children’s and family services department. One of my staff had spied their license plate, an out of state plate.

In our case, we fear our report did little good. Because of the out of state license plate, both our state and the state of origin kept referring us back and forth to the other. Neither ever took ownership. The police were patronizing. They explained that we were only librarians and that police couldn’t arrest people we didn’t like! We tried to explain. Ultimately they told us there was nothing they could do. We have not seen these patrons again.

It is a situation that haunts us. We cannot help but wonder if we were considered a mandated reporter, might we have been able to cite something more concrete? Would we have been taken more seriously? Might there have been something that could have been pursued?

The post Should Librarians Be Mandated Reporters? first appeared on Public Libraries Online.

Generally the opinion of some library people is that they don’t have to be especially secure because they are libraries. The idea is security through obscurity. However, all that does is cause libraries to play a waiting game. It is not a question of IF there will be a problem, but when.

Libraries have a plethora of computers with good bandwidth and servers with lots of space. By the very nature of libraries wanting to provide open access, they are a target for potential hackers. Open access is both a tenant of who we are as libraries and extremely important. It is not our intent, at all, to say there should not be open access! However, we must provide this service with our eyes open — knowing it could come back to bite us later. This mode of thinking isn’t meant to scare you, but to cause you to stop and think.

In order to continue to provide the best access possible, we pose the following questions:

When was your last security audit? Have you checked to see that all your recent computer updates installed properly? Did it fix security holes or make the existing ones bigger? Getting someone to do a security audit is similar to getting someone to do a home inspection. There are plenty of people you can call, but you want someone who really knows what he or she is doing so it saves you time and money later on. To find a good security auditor you want to check with current and previous customers of your potential contractor. Are they pleased with the service they received? Did they feel it was worth the money?

Have you kept up-to-date with your updates? Sometimes something as innocuous as not updating a browser plug-in like Flash or Acrobat can be a problem. Are all your Windows updates done? Is your anti-virus up-to-date?

How good are your back-ups? This is one of those questions that can strike fear into your heart. The idea is that back-ups are there if you have a problem, but do you know if they would even help you? Have you ever tried to restore anything from one? This is just about checking to see that the files you are backing up are ones you can actually use. How often are you rotating your back-ups? What length of time do you back up your files? A day? Two days? Do you set one of your back-ups aside every so often to make sure you are not preserving compromised data that has been backing up onto what you would use to restore all your files if necessary?

Have you checked your technological band-aids? Sometimes changes to systems are made in the heat of the moment to accommodate immediate needs. Have you gone back and made sure they were done in the best possible way? Someone placed those band-aids in the best possible way at the time, but that may not be the best long-term fix for the problem.

How are you managing all your updates? There are programs like Ninite (https://ninite.com) and Wpkg (http://wpkg.org/) that can help you manage your non-Microsoft applications updates.  Are you paying attention and checking regularly for your Windows programs updates as well?

Are you ignoring security concerns because you have Apple devices? There is the belief that if you run devices from Apple that you will not be a target for hacking. That is not wholly true. It is true that there are not as many Apple computers to target as Windows computers, but that again is security through obscurity or quantity. Recently Apple has had some security issues so staying updated on your iOS updates and Apple applications updates are important. There are programs like “Get Mac Apps” (http://www.getmacapps.com/) that function similarly to Ninite and Wpkg for Windows devices that manage updates.

My IT person says you guys are wrong! We’re okay with that. Everyone will have local concerns and parameters that make different levels or types of security better or worse for them. Security can’t impede workflow or be so lax that it’s nonexistent. In the end, if you are staying up to date with your virus protection and different program updates, you should be fine. But sticking your head in the sand and pretending security isn’t an issue won’t protect you from anything either. As long as you and your local security person have talked and made a plan that works for your library, then our work has been done.

Melanie A. Lyttle is the Head of Public Services Madison Public Library. You can watch her YouTube channel, Crabby Librarian, at http://www.youtube.com/watch?v=7Rv5GLWsUow. Shawn D. Walsh is the Emerging Services and Technologies Librarian at Madison Public Library.

The post Protecting Your Library Against a Data Breach first appeared on Public Libraries Online.

This comment was said in jest, but rang painfully true.  Those who know me are well aware that I have concerns about cloud security.  Disks fail.  This is a truism for electronics. All electronics. The reassurances of redundancy that are provided make me equally as uncomfortable.  If the outside source guarantees that my data will never be eaten by the dreaded ghost in the machine, this means that they are keeping copies of my data.  In fact, to be assured they can keep this promise, they are keeping multiple copies of my data in different locations.  When I delete my data, how do I know that all copies of it are truly gone?

Furthermore, electronics get hacked.  The bigger the system, the more likely it will be targeted at some point.  With my data kept in multiple locations, it also means that there are multiple opportunities.

And let’s not forget the obvious: accidents happen.  Here is a true story.  I am an avid online gamer.  I play text-based rpgs  (if that has no meaning to you, don’t worry). A few years ago, my preferred site announced it would be down for a few hours as our gaming data was transferred to a new, faster, and more advanced server space.   The 20,000 or so of us registered at the site are almost all geeks.  We weren’t worried about the 8 million or so posts on the site. A data transfer is easy.  Site management was excellent.  We paid greatly for a service provider, located in California.  The service provider who was updating the hardware said all the right things and provided all the right guarantees.

Our confidence failed when the few hours turned to a few days.  An “accident” had occurred when our provider went to copy the data.  Some people’s data ended up in the wrong place.  Some people’s data merged with other people’s data.  Ultimately, we learned that our gaming information was in the possession of a business in Sweden.  Our game site manager, located in Australia, had credit card information for a business in Europe.  Fortunately for us, the European business had its data merged with the Swedish company that had ours!  A deal was made.  Our geeks sorted out the business’ information, returning it all to the right parties, and we got our game posts back.

On the one hand, this was a heartwarming tale.  Lots of strangers worked together across the globe and solved a problem.  Of course, for us, it was easy.  The few weeks we were down did not “cost” us our livelihood.  We had no serious personal or financial data stored; only personally chosen usernames and email accounts.  The others had far more serious breaches.  It was lucky too that the credit card data was accidentally delivered to non-criminally minded nerds, who actively sought its rightful owners.

Still, the world of cloud security did get a boost this summer. On June 25, the Supreme Court in U.S. v. Wurie and Riley v. California held that police generally require a warrant to search information on cell phones. The ruling was unanimous.

What the court understood— that most people do not— is that the information (photos, email, etc.) accessed via the cell phones is not actually IN the cell phone.  It’s in ‘the cloud’; or in other words, it’s sitting on the cell phone service provider’s server (i.e. Verizon, ATT&T, Sprint, Virgin Mobile, etc.). In fact, it’s probably sitting on several servers.

The Supreme Court’s ruling is an evolution of Fourth Amendment rights. As this has been applied to cell phones, it is likely that this will set the precedent for the ruling to be applied to all cloud stored information.  While this is bad news for law enforcement, it is great news for the public and for libraries.

With the Patriot Act, many libraries stopped keeping particular kinds of data for fear that the government could swoop in, grab the computer, and learn a myriad of information about their patrons. Don’t get me wrong, this concern is still real and the government can still do this.  However, this new ruling can extend the protections of Fourth Amendment rights of individuals, which in the past existed only in their residences to public venues, such as libraries.

It will be interesting to see if this gets tested.  Though I for one, hope I am not the library to have the experience.

The post Every Cloud Leaks a Little first appeared on Public Libraries Online.

For any library, big or small, it is highly important for staff to know how to handle safety-related situations in a consistent way. From discussing an issue with the person who is not following library policy to documenting the issues that arose, having a standard operating procedure helps to handle difficult situations. You can start with an incident report form used by everyone that collects all the necessary information on who was involved and what happened. This process is key for when you need to review situations in the future, or if the incident was serious enough to warrant police involvement. Once you have the reports, you have to have a way to keep track of them, whether it is by filing the paper forms appropriately or creating an in-house database. At Pikes Peak Library District, we use a fillable PDF document to write our incident reports, and we keep track of information in a database created by our IT department. Having standard suspension policies and due process is also important so that everyone is treated fairly.

Another key element is to help prepare staff for handling all kinds of difficult situations. From encouraging them to report inappropriate behavior to offering training on verbal de-escalation, giving staff tools to respond to issues is vital to their comfort at work. Sometimes you can get training for free from your local police department. Our crime prevention officer came and gave a few presentations on verbal de-escalation and conflict resolution.

On an even more serious note, after some of the active shooter incidents that occurred in the last few years, the Colorado Springs Police Department (CSPD) went out to institutions in the city and asked people to consider preparing for possible similar situations. Our security department took this advisement seriously. The head of security began attending staff meetings to discuss violent incidents and try to give staff information to consider for their individual locations, like thinking about your escape plan in different parts of the building. We have also started working with the CSPD to hold active shooter scenarios based on incidents from the library. The purpose of these efforts is not to incite fear, but to heighten staff awareness.[i]

If you’re interested in learning more about working on your library’s security, helpful information is available. InfoPeople presented a webinar with Warren Graham on library security. Graham also has a book entitled, The Black Belt Librarian: Real World Safety & Security. ALA has a webpage devoted to safety and security-related information. And, Ready Houston created a video detailing the appropriate response to an active shooter situation in Run, Hide, Fight.

The post Security in the Library first appeared on Public Libraries Online.