Archive for the ‘patron privacy and security’ category

SMS from Red Phones!?

April 16th, 2010

I was intrigued by the news that both President Obama and Russian President Medvedev would prefer to communicate with each other via texting and email.  It seems as if Obama’s much-discussed addiction to his Blackberry before moving into the White House still influences his communication customs.  Some habits are hard to break but it also helps being the leader of the free world.

What really grabbed my attention was the mention that both Obama and Medvedev would rather communicate with each other directly than involve their staff members having to print out messages and deliver them by hand.  (Somewhere out there a White House staffer is looking for a new internship.)  Truly the speed at which you get information is important and sometimes saving a few extra minutes makes all the difference.

The notion that the world’s leaders can all text and email each other from their mobile devices adds quite a wrinkle to the term International Diplomacy.  International agreements, arguments and accords can now develop and take place via the clicking sound of QWERTY keypads.  I’d like to point out that Medvedev uses a decidedly less compact mobile device.

How this affects and changes a process that used to be carefully prepared and reviewed may be too hard to tell but the truth is that people will always want to find ways to make communication easier, more effective and more accessible.

This got me thinking.  If I was Obama would I want to be able to reach Medvedev via SMS?  Of course!

Obama: “OMG thanks for your help at the nuclear security summit.  I told you that DC in the spring is nice.”

Medvedev: “No worries.  Hey, while I’m in town can you get me tickets to the Hockey Playoffs?  Ovechkin FTW!”

Obama: “Settle down!  It’s the Blackhawks time!  Let me see what I can do, brb.”

No comments »

Posted in Business Life, Mobile Industry, mobile phones, Mobile Technologies, patron privacy and security

How Important is Patron Privacy at Your Library? 5 Tips for Increased Security

July 31st, 2009
How Important is Patron Privacy at Your Library?

How Important is Patron Privacy at Your Library?

I’ve never ever had a librarian tell me “we do not care about patron privacy or security at our library.”  And come to think of it, I haven’t had them even say it’s not that big of a deal. Security breaches stink and they can be harmful as the news of Twitter’s secret information exposed shows.  But they’re also embarrassing and ultimately very time consuming for those involved.  What’s more, there are simple things that can be done to avoid them, keep things secure and keep patron (and librarian) information private.

In the past 2 weeks, I have seen or read about 3 serious instances of security/privacy issues that could have been avoided if people within organizations would have been a little more careful or at least aware that their actions were viewable by others:

1) A user id and password posted on a blog by a library. We notified them to let them know.
2) A user id and password tweeted from one twitter user to their client, unaware that their @reply could be seen by others.
3) Twitter getting hacked by someone guessing an employee’s password on a Google Apps account.

I had a quick talk with our CTO to find out what he would say are 5 helpful security tips for libraries, or any business for that matter, to consider.  He gave me 6, the nice guy.

1. Whenever possible, don’t share user ID/logins between librarians.
Every time a login is shared, you’re creating more of an opportunity for a security breach.  The same as trying to keep a secret: the more people you tell, the more chances of it not being a secret.  The idea here is that if something happens, you can delete that user without disrupting everyone else.  Sometimes you have to share log-ins.  Understandable, so if you have to share, make sure the password is VERY unique but easy for everyone to remember.  Consider changing it regularly.

2. Assume that blogs, wikis, websites, Twitter, Facebook, etc, are viewable by the public and that everyone can read them.
It’s actually not the case, many of them can be hidden behind passwords, but as long as people second guess what they’re posting and thinking it’s possible for someone to see, you are creating a more secure environment.

3. Use or create systems that don’t show or store private patron information.
This is the one we see the most, unfortunately.  It’s done using hacks and work-arounds in the name of simplification, cost cutting, etc.  One of the librarians who advises us said “many people are using hacks because they want to be able to offer services to patrons, but I’m seeing more people understand it is simply not worth the risk.”  We believe if you can see a patron’s information, others can too.  If you’re using Google products, you have to delete information 3 times: inbox, sent box and then the trash (information is stored in the trash folder).  Sound a little paranoid?  Ok, but understand this is a blog post about security tips.  We care about security and hope you appreciate it.

4. Use Google Alerts for your library name to ensure that information posted about your library is what you want it to be.
These are easy to set up and easy to manage.  You can set them for select words/terms (the name of your library for starters) and control when they’re sent to you.  If someone is posting information about your library, you may not be able to get them to remove it, but at least you’ll know what it is.  Besides the security element, they can be pretty fun and you’ll be able to see when people are tweeting about how much they love you.

5. HTTPS: The “S” is for “Secure”
This is something you might not be able to do on your own, you’ll have to speak with IT or ask any web services you’re using if they offer it.  Simply stated, if you’re on a Wifi (most libraries are), or any sort of LAN network, and you login to a page without HTTPS, anyone in the network can sniff out your password.  HTTPS is what banks and/or credit card companies use online.

BONUS TIP (thanks Jay!)
6. If you only have one strong password, make sure it’s your email password!
Password “reset links” all work via email.  If someone can log into your email, they can get into anything.  Make sure your email password is used ONLY for your email and that it’s hard to guess.

So there you have them.  If anyone thinks of any more, please feel free to post them in the comments section.  There are obviously various ways hackers can cause harm, recently some experts found that they can get private information from an iPhone security flaw through text messagaging.  The difference is that some security issues are things hackers are going to find ways into.  The others are choices people can make to be a little more secure.


Bookmark and Share

2 comments »

Posted in Library Industry, library tools, patron privacy, patron privacy and security, social networks, Software

Tags: