In the March 2017 issue of the Business Information Review, Paul Pedley wrote about the “Relevance of privacy for corporate library and information services.” I find myself in an interesting position in regards to the intersection of library and information services with information privacy and security. After enjoying library work for almost 15 years in a variety of settings, I decided to make a career move towards the information security industry. I suspected that librarians and information professionals have the skills to be integral to the security processes of an organization, and I keep finding opportunities to confirm this. Pedley’s article resonated with me because I’m essentially living in that intersection of LIS and security.
In the information security world, I often give talks, podcasts, and write about how security professionals can utilize principles from library and information science for their work. Given my unique perspective, I will share some insight on how library and information services professionals can be proactive to help their organizations with security. To compliment Paul Pedley’s article, I’ve rounded up three practical, every day security practices that can help librarians and information professionals become allies on the security front of their organizations.
Get to know the IT or security team at your organization. Before you try to execute any activities yourself, talk to the people within your organization who handle data privacy and information security matters. Find out what their pain points are and ask how your two departments can collaborate.
Understand the basic vocabulary of security. Do you know what a DDoS is? How about an 0day? Do you know the differences between phishing, spear phishing, and whaling? You don’t need to know the technology behind these terms, but it can be helpful if you can have at least a basic understanding of the terminology used. Learning these terms can also help you do more comprehensive research for your clients or users. If you are asked to research a specific company and you see a headline with that company’s name and the letters DDoS in the headline, that’s important and you should understand how that affects the business. The National Institute of Standards and Technology has a glossary of terms. However, it is very technical, so for the less-technically inclined, utilize a resource like the National Cyber Security Alliance.
( Passwords. Most libraries and on-site information professionals have a role in managing passwords for their users, as it pertains to databases and subscriptions that fall under the jurisdiction of the library. Many law firm libraries, for example, utilize enterprise electronic resource management software like Onelog. In addition to tracking usage, resources like that are also password managers. That is a great opportunity to encourage users to create long and strong passwords, and flag any duplicate usage. (Which, by the way, is a discourage password practice from a security standpoint.) Librarians and information professionals are too busy to become the “password police,” but they have a unique opportunity to help the security goals of the organization by being on the front lines of password defense when dealing with users.
I’m not suggesting that librarians and information professionals need to become security specialists, in addition to their primary jobs. What I’m advocating for is becoming security allies within organizations, be collaborative with the IT people, and learn some of the lingo in order to better service users or clients. Corporate and law firm libraries are often in a constant battle to justify their existence within an organization, to prove their value. Security and privacy issues are only going to be more prevalent. Librarians and information professionals have a unique position to gain a little bit of knowledge in this area in order to cement their position of value within an organization.