A key challenge in storing digital library data in the cloud is ensuring its security and privacy. Data breaches, cyberattacks, unauthorised access, and data loss are some of the threats that can compromise the integrity, confidentiality, and availability of information.
Reports of compromised user information are becoming more frequent. This rise in incidents raises concerns about member privacy and the security of library systems. Recent examples of security breaches include those in Australia, Canada and the United Kingdom.
Libraries with a Library Management System [LMS] host sensitive and confidential member data stored within the LMS. It may also contain records of what items members borrow, the reservations they place, and bills they may incur. In addition, the LMS may share data with third parties. It’s critically important to prioritise the privacy of members and that the LMS you use has the appropriate security to protect member data
Reasons why tight security is essential
- Protecting Member Data: Libraries hold a wealth of personal information about members, including names, addresses, contact details, and even borrowing history. A data breach could expose this information to identity theft, phishing scams, and misuse.
- Safeguarding Library Resources: LMS’s often manage digitised collections, including rare manuscripts, historical documents, and research materials. Inadequate security could lead to unauthorised access, data corruption, or even permanent loss of these invaluable resources.
- Maintaining Trust and Transparency: Libraries rely on public trust to operate effectively. A security breach can shatter this trust, potentially leading to decreased user engagement and hindering the library’s ability to serve the community.
Investing in robust security measures might seem daunting, but the cost of a data breach can be far greater. Libraries have a responsibility to protect the information trusted to them and ensure the continued accessibility of their resources. By prioritising tight security within their LMS, libraries can foster a safe and trusted environment for members.
Key Considerations for Data Security
Digital librarians need to adopt appropriate measures to prevent and mitigate security risks such as encryption, access control, backup, and recovery. They also need to comply with the relevant laws and regulations regarding data protection and privacy. Library teams also need to understand the technology provided by cloud LMS providers, such as their terms of service, data ownership, data location, and data deletion. Key considerations include:
1 Encryption
Adopt the use of encryption to protect data as this prevents unauthorised access and unwanted spying, protecting the user’s data whether this is data stored at rest (stored on servers) or in transit (being transmitted). Encryption methods should follow up-to-date security protocols and practices. Libero has strict physical data security standards and fulfils the strictest privacy regulations, complying with the Australian Privacy Act and the GDPR in the EU.
2 Access Controls
Librarians should create unique access controls personalised for library staff’s use only. Each staff member should have their own login when using a particular device and logout when finished, however Libero can support several different Identity Providers (IDP) for Single Sign-On to the Dashboard. By offloading authentication to a trusted IDP like Azure, Libero does not need to store Dashboard user passwords. It’s important though that within the Libero application Library administrators should still review access logs to identify any unauthorised access attempts or unusual login patterns. They should regularly verify that roles and permissions for library staff and third parties are appropriate for each user account and are regularly reviewed and updated as needed.
Libero has recently introduced Two-Factor Authentication (2FA) for logging
into the Libero 6 Dashboard, improving security and access controls.
With 2FA, an additional layer of authentication can be added, where
staff have the flexibility to receive a verification code via Email, SMS,
or Time-based One-Time Passwords.
For Australian customers, Libero has introduced digital ID verification for library members. New library members are now able to identify themselves using the Australia Post Digital ID Service. The Digital ID Service is built on a secure platform protecting privacy, using the latest encryption and security technologies to protect user data. Digital ID verification provides a higher level of security than traditional identity verification methods, including physical documents or signatures.
3 Regular Security Audits
Carry out regular security audits that tackle data loss and other security issues. This act is a preventative measure to identify potential future security risks. Conduct regular privacy audits – this helps to verify that all LMS processes and procedures comply with privacy policies. One benefit to using SaaS applications in the cloud – especially when the vendors software is hosted by a provider like AWS – is that, at a very base level, the data centres meet a wide array of security and compliance programs.
4 Regular Backups
Breakdowns in system operation and attacks are challenges to online library management, it is important to back up files using strong retrieval methods. This ensures recovery in case of a cyberattack or system failure. Libero 6 automatically generates and retains nightly backups of the last 12 months for all its hosted libraries. Each night, all backups, not just the most recent, are safely replicated in a data centre operated by a different provider.
5 Staff Training
Educate library staff on cyber security best practices, including identifying suspicious activity and password hygiene. Regular, ongoing training for library staff who have access to user data in the LMS. Training should include the library’s privacy policies and best practices for safeguarding user privacy. Libero 6 support has several training options from self-help, online tutorials with Libero TV and access to an experienced support team.
Libero’s strict physical and data security standards comply with stringent privacy regulations, delivering additional protection and benefits to customers and new members. With Libero, your data is safe! For more information about Libero, get in touch with our team of experts today.