If your library was hacked and all your computers were held for ransom, what would you do? In St. Louis, Missouri, recently, that is just what happened to the public library system. The 700 computers in all branches were effectively closed for book loans and internet access unless the library agreed to pay $35,000 in Bitcoin. The library refused and decided to wipe hard drives.
The use of ransomware by hackers on public computers has increased dramatically in the past two to three years, and libraries need to be diligent about security practices, said Daniel Ayala, director of global information security at ProQuest. Ayala provided tips and information during his talk on cybersecurity at Midwinter on Saturday.
“We need to think of the library as a hub for privacy and security,” he said. To do this, librarians need to protect systems, users, and data. Device security means making strong configurations for prevent misuse, he said. To prevent ransomware attacks, many librarians in the audience said they use Deep Freeze, an application that wipes a computer and rebuilds it after each use, bringing it back to a clean state.
“By being good examples, we can show users [good practices],” Ayala said. “Be careful what you plug into computers, such as USB drives.” While antivirus software was once a top action for protection, there is now a need for more layering to protect libraries and other institutions. Ayala also recommended Malwarebytes, a free and fast remedy against malware when something goes wrong.
Privacy is another concern for users and so fundamental to the library. By becoming more of an opt-in option with patron permissions rather than opt-out, libraries can help promote privacy.
“Data is going to be collected—it is unavoidable,” said Ayala. “But it doesn’t mean privacy violation. Our role when we collect data is to use it wisely and get rid of it when we’re done. Give patrons the information and options to make smart, well-informed privacy decisions.”