This is part Eight in my many part series on IT Security In Libraries.
In Part 7 I listed many lists full of practical advice that covered just about everything dealing with IT security in libraries.
Part Six was really the first part of this post. I dealt with security in libraries, mostly theory, while this post is more practical, and is mostly lists.
In part 5 I covered 20 Common Security Myths, and how to defeat them.
Part 4 was a general "How To Stay Safe Online" post that covered topics like patching/updating, watching links and downloads, and using good passwords.
In Part Three I covered passwords.
In part 2 we talked privacy.
In Part One I tried to lay the foundation for security.
Libraries and librarians are fully embracing social media sites like Twitter, LinkedIN and Facebook. Our libraries use them to connect with and engage our patrons, increase library visibility and communicate information. We each use them to connect with old friends, sell ourselves, stay up to date with the world around us, and keep in touch with family. There are serious security risks involved with most social sites that can be avoided by following some very simple rules. The bad guys are finding it very easy to use these sites to cause trouble. Scammers, stalkers, phishers, spammers, hackers and every other kind of evil doer on the internet are finding new ways to get into our social networks every day. They are using links to spread malware and spam, and they're always one step ahead. They're using it to fill social media sites with evil, e.g. chat bots, captcha crackers, malware, spam, control botnets, blackhat SEO, etc…
Bad Guys Run Wild
People are more trusting on social sites because it is assumed those we are connected with are our friends. The bad guys take advantage of this. Using social media sites allow evil doers to hide in plain site because their posts are but one or two of billions. Social media sites are full of trusting people and the sites don't yet have the rather effective spam/evil filters now found in most email systems. Things are spread easily here because most people use these sites for sharing links and other things and people tend to assume what is being shared is safe. It's the one on one communication that looks innocent, but may not be. They're also stealing logins and asking for money from friends. They can use people or bots to chat up friends and ask for money or get them to click on things that will cause trouble. As we all use these sites more, the bad guys will target us in new and inventive ways. It will be largely up to the administrators at the sites to shut them down.
Social Media Policy
Your library should have a social media policy. Make sure the people who are running your social media accounts have a clear understanding of the goals. Who is allowed to use social media on behalf of the organization and what they're allowed to say are the two most obvious questions that must be addressed in a social media policy. You need to make all this clear or employees will make decisions on their own, on the fly. It's easy to imagine how this could go very wrong. Be sure to conduct proper training for employees, if only to clear up issues regarding official social media policies. Your library should have a coordinator(s) and champion(s). Your library should have a social media manager, or a team that has part of their time at work dedicated to managing your social media presence. You should have privacy settings configured appropriately for your library information and photo albums. Also, be sure you all monitor the official library social media accounts so you'll be the first to notice when trouble starts. Check things like Google Maps, Google Places, Yelp and other places to know what people are saying.
Own Your Name On The Web
Do you own your social identity? Do you know what the web thinks of you? Be sure you search your (either YOUR name or your library) name regularly, and know what comes up. Work hard to take ownership of those results either by doing good work, or by doing your own SEO. If you're really dedicated to keeping your name safe, you can work to OWN it yourself on ALL sites. Sign up for an account on every new thing that comes along! The easiest thing to do is set up a website for yourself. Registering a domain and setting up a simple vanity site to show off your hard work is easy, and very inexpensive.
Remember What's Being Sold
As Jaron Lanier points out:
"You think you're the user, but you're the used, or you're the product, and then you end up doing all this stuff to control your online presence, and your online reputation, and people become obsessed with that. But the real representation of you is the one you can't access, which is the one that's used to sell access to you to third parties. ... When [users] contribute to services like Google+, or Facebook, or other social networks, what's happening is they're working for the benefit of someone else's fortune by creating data that can be used to grant or deny access based on pay to these third parties, the tawdry third parties... "
To put that another way, if you're not the customer; you're the product being sold [Source]
Next week I'll have 15 tips for social media security in libraries!