Rick Anderson, University Librarian - Brigham Young University
Gwen Evans, VP Global Library Relations - Elsevier
Susie Winter, VP External Communications - Springer Nature
David Lowe-Robertson, Chief Information Security Officer -
HEFESTIS Ltd
In today's world, it’s not a question of if your institution will be hit by a cyberattack, but when. With higher education experiencing digital transformation and universities increasingly vulnerable to cyberthreats, it is imperative that institutions take proactive measures to mitigate the risks – and as stewards of access to campus networks, libraries are in a position to make that mitigation more effective. In this session, we will get advice on library-based network security strategies from a university chief information security officer, a librarian, and a cybersecurity expert.
5. 5
Rick Anderson, Brigham Young University
David Lowe-Robertson, HEFESTIS Ltd
Gwen Evans, Elsevier
Susie Winter, SNSI / Springer Nature (Moderator)
Our panellists today
6. 6
Libraries should care about cybersecurity
because…
• We are the signatories of licenses that require us to
restrict access to licensed content
• Compromised authentication also means exposure of:
o Students’/employees’ personal information
o Course management systems
o Financial managements systems
o Email accounts
8. 8
When, not if…. The aftermath of cybersecurity
attacks in libraries
https://www.choice360.org/webinars/cyber-security-in-higher-education/ https://www.choice360.org/webinars/gone-
phishing-service-continuity-after-a-cyber-attack/
9. 9
When, not if…. Mitigation Strategies
● Do you have a service
(business) continuity
plan for your campus?
Does it include the
library?
● Has it been stress tested
in a simulation exercise?
● Develop a service
continuity plan focused
on digital services
● Test it!
● SAMPLE PLAN COMPONENTS
○ Teams and Tasks
○ Process List
○ Sample Unit Recovery Strategies
● SUPPORTING DOCUMENTS
○ Services List (Prioritized)
○ Staff Directory
○ Vendor Directory
○ Communication Directory (list-servs, etc.)
10. 10
Some Resources to get started
● Developing a library service continuity plan focused on digital services and cybersecurity
https://www.timeshighereducation.com/campus/developing-library-service-continuity-plan-focused-digital-services-
and-cybersecurity
● Continuity 101: Introduction to Continuity – an interactive course from FEMA
https://emilms.fema.gov/is_1300/curriculum/1.html
● Bryant University Integrating Cybersecurity and Business Continuity https://is.bryant.edu/information-
security/integrating-cybersecurity-and-business-continuity
● Texas A&M page and template including interactive course:
https://www.tamu.edu/emergency/continuity/index.html
● Infographic Information Security Checklist for Academic Libraries https://www.snsi.info/librarian-
resources/.