Just been reading Rudman, R. J. (2010) “Incremental risks in Web 2.0 applications.” The Electronic Library 28 (2) 210-230, as you do on your average Saturday morning. It’s written from the point of view that as libraries access and implement more Web 2.0 applications they’re increasing their surface area that is open to attack. Ok, I’m with it so far (I think). When the author starts detailing protocols for risk and control frameworks it all starts to go way over my head BUT it is useful in making you think about security and looking at your activities from the IT department’s point of view; after all without a good working relationship with your IT department life online would be very hard indeed. So that you don’t have to read it, here’s the take home message:
Work closely with the IT dept in all that you do in order to implement a security program that at the very least:
- take a multi-layered technological approach using filters, anti-malware, anti-virus software (this is where you need your IT buddies, cos if you’re like me you’ll need to phone a friend on this one – shouldn’t be your job as a librarian anyway!)
- Web 2.0 policy – detailed yet enforceable, continuous tweaking may be necessary; users should be aware of their ultimate accountability
- Training for all users on acceptable use and security features.
I think what it boils down to is that as a Library 2.0 zealot it behoves you to learn some basics that mean you’ll be doing your bit to keep your library and authority safe, just some rudimentary knowledge of stuff like phishing attacks would be good for everyone to know. I really think you can’t afford to stick your head in the sand because those threats are there. Without going into detail, we had a phishing attack at work a few weeks ago and it’s caused mayhem, our email and web traffic has been blacklisted by a lot of our stakeholders. My personal email filter places those emails that I send myself when at work in the spam folder; I’ve been bothered to go and fish them out and tell Outlook that emails from there are not spam but how many of those people we contact have known to do this? What a right royal pain in the arse.