Full Text

Over the last 6 years, libraries in St. Louis; Boston; Northampton, Pa.; Syracuse, N.Y.; Contra Costa, Calif.; Spartanburg, S.C.; and Butler County, Pa. have all had to deal with outages and disruptions to their servers and data caused by ransomware attacks. In July 2019 and again in April 2022, the Westchester County, N.Y., library system was hit with ransomware attacks. In a news release for the 2022 incident, the library told patrons, "The Westchester Library System informed us yesterday that the public internet terminals' hard drives need to be wiped. ... Considering that there are 500 terminals in 38 different libraries the process will take 1 1/2 to 2 weeks" (buy^SE|6uYs3q). In August 2022, the venerable library supplier Baker & Taylor was hit by a ransomware attack (b|tI|B/3YMüiS5).

By this point in our internet lives, we have all seen stories of supposedly secure federal, state, or local government or corporate sites hacked; the hijacking of social media accounts of celebrities; and intrusions of even "unbreakable" password storage sites and smartphone applications. We have moved beyond the need for constant vigilance, deterrence software, and toothless end-user policies. Why is it that even as recently as 2022, the most common passwords-and therefore the easiest and fastest to learn-are still "password," "123456," "guest," and "qwerty?" Have we learned nothing about how easy it is for software programs to guess any password under 12 letters, numbers, or symbols? If a 16-year-old kid from Estonia using a simple brute-force password-cracking program can get into the network of a Fortune 500 company, something is seriously wrong with our cyber-protection strategies.

The Need for Library IT Professionals to Step Up

I have conducted dozens of security site assessment reports for libraries. As part of these projects, I spend time speaking with the IT/information systems (IS) directors, managers, supervisors, and technical employees, asking pointed questions about the strength of their cyber-protections. We talk about software updates; backing up data off-site or to the cloud; preventing hacking; dealing with denial-of-service (DOS) attacks; and even how to train, remind, and encourage all library employees and their patrons to comply with cybersecurity policies and not make...