Sure, we've all heard of March Madness, and perhaps even March Mammal Madness, but have you heard about March Maintenance Madness?! Well, we did just make that up - but still, we can predict its gonna be #trending so jump on board the early train!
March Maintenance Madness is meant to encourage all of you to take some time to review the security and safety of not only your Springshare systems, but all your library systems in general. We've been seeing cyberattacks and ransomware attacks on libraries on the rise and all it takes is *one weak password by one employee* to make your entire system vulnerable. Let's repeat that, your entire system's strength is only as strong as your weakest password. If that scared you a little bit, it was meant to! We're all fun and games here at Springshare, but when it comes to safety and security, this is no joke. So, take a few minutes to review our following tips and ensure all your staff are doing the same.
Tips for Reducing Risk & Enhancing Security
- Multiple Administrators / Succession Planning - It is important that you have multiple admin-level users in each of your LibApps tools. At least 2-3 times a week, we get emails from Springy users whose system administrator has left and they're locked out from all admin-level features... including creating accounts! It's so important to prepare your systems for succession planning, we even have a training session about it!
- Create & Use Strong Passwords - Test1234 is not a good password! It is vitally important that everyone with accounts in your Springshare Tools have a strong password that's at least 12 characters long and includes upper- and lowercase letters, numbers, and symbols.
- Don't Reuse Passwords - All passwords should be unique and not shared across multiple tools. Your email password should not be the same as your LibGuides password, for example.
- Saving & Sharing Passwords - Don't write passwords down - definitely no sticky notes under your keyboard! - or send passwords via email or text. Instead, consider using a password manager to securely store and share passwords. There are plenty of options from subscription-based, free, or even in-browser.
- Periodic Review of Accounts - It is important to do a periodic review of who has access to your systems and at what level. Someone you made an admin 3 years ago to test some customizations might not need admin-level access anymore. A review should be done quarterly or semi-annually.
- Removing Accounts / Making Accounts Inactive - Make it part of your internal protocols to ensure employees who are leaving your organization no longer have access to your LibApps tools. This includes deleting accounts entirely or making accounts inactive. This list of FAQs shows how to manage accounts across all Springshare tools.
- Use OAuth2 - For syncing your calendars in LibCal or LibStaffer or for sending emails in LibAnswers, use OAuth2 instead of credentials. This gives you and your IT department more fine-grained control over access.
- Is Everyone HTTPS? - All Springshare tools are run through HTTPS, which means that all your vendor apps embedded into Springshare tools should also be HTTPS... including all widgets, RSS feeds, CSS files, and more.
Security of your tools is vitally important and we take it very seriously here at SpringyHQ - so seriously we're dedicating an entire month to it! We hope you'll agree: Security is a shared responsibility. We're doing everything on our part to ensure our servers are protected and secure and it's crucial that you do your part as well. One more time for the folks in the back: Your Springshare tools are only as strong as your weakest password.