Rick Anderson, University Librarian - Brigham Young University Gwen Evans, VP Global Library Relations - Elsevier Susie Winter, VP External Communications - Springer Nature David Lowe-Robertson, Chief Information Security Officer - HEFESTIS Ltd In today's world, it’s not a question of if your institution will be hit by a cyberattack, but when. With higher education experiencing digital transformation and universities increasingly vulnerable to cyberthreats, it is imperative that institutions take proactive measures to mitigate the risks – and as stewards of access to campus networks, libraries are in a position to make that mitigation more effective. In this session, we will get advice on library-based network security strategies from a university chief information security officer, a librarian, and a cybersecurity expert.

1. Cybersecurity 101:
What every librarian needs to know about protecting
networks, data and access
UKSG, Glasgow
April, 2023

2. 2
Collaboration is key

3. 3
Did you know?

4. 4
Catalysts for Our Conversation

5. 5
Rick Anderson, Brigham Young University
David Lowe-Robertson, HEFESTIS Ltd
Gwen Evans, Elsevier
Susie Winter, SNSI / Springer Nature (Moderator)
Our panellists today

6. 6
Libraries should care about cybersecurity
because…
• We are the signatories of licenses that require us to
restrict access to licensed content
• Compromised authentication also means exposure of:
o Students’/employees’ personal information
o Course management systems
o Financial managements systems
o Email accounts

7. Improving Cyber Security: The business case
There is a clearly identified need to protect the
information assets of Universities and Colleges
from cyber attack
Microsoft© quantify the threat level to
Universities and Colleges as high and
escalating with the highest cyber attack rate of
any sector – over 82% of all encounters
https://haveibeenpwned.com/

8. 8
When, not if…. The aftermath of cybersecurity
attacks in libraries
https://www.choice360.org/webinars/cyber-security-in-higher-education/ https://www.choice360.org/webinars/gone-
phishing-service-continuity-after-a-cyber-attack/

9. 9
When, not if…. Mitigation Strategies
● Do you have a service
(business) continuity
plan for your campus?
Does it include the
library?
● Has it been stress tested
in a simulation exercise?
● Develop a service
continuity plan focused
on digital services
● Test it!
● SAMPLE PLAN COMPONENTS
○ Teams and Tasks
○ Process List
○ Sample Unit Recovery Strategies
● SUPPORTING DOCUMENTS
○ Services List (Prioritized)
○ Staff Directory
○ Vendor Directory
○ Communication Directory (list-servs, etc.)

10. 10
Some Resources to get started
● Developing a library service continuity plan focused on digital services and cybersecurity
https://www.timeshighereducation.com/campus/developing-library-service-continuity-plan-focused-digital-services-
and-cybersecurity
● Continuity 101: Introduction to Continuity – an interactive course from FEMA
https://emilms.fema.gov/is_1300/curriculum/1.html
● Bryant University Integrating Cybersecurity and Business Continuity https://is.bryant.edu/information-
security/integrating-cybersecurity-and-business-continuity
● Texas A&M page and template including interactive course:
https://www.tamu.edu/emergency/continuity/index.html
● Infographic Information Security Checklist for Academic Libraries https://www.snsi.info/librarian-
resources/.

11. 11
Thank you and discussion
www.snsi.info