InfoSec Community Outreach Tips — Part 1.1: Public Libraries — Presentations for Librarians

  • Do not even try to explain doing research to a group of librarians. They will drop you like a bad habit, with a smile.
  • Keep your talk informational and informative without being condescending. They want to learn. Provide more in-depth explanations as needed.
  • Librarians love resources, so check yourself before you wreck yourself — get those citations correct and give links/resources for further reading.
  1. Explain yourself. You don’t have to completely blow your OpSec, just explain why you are qualified to speak on the subject of information security.
  2. Describe the state of the industry. I usually find some headlines to show that explain where we are today, things like the labor/skill shortage, how much cybersecurity spending there is, and what cybersecurity crime costs companies. All of these headlines to give as examples are easy to find.
  3. Security vs Privacy. Librarians are very familiar with privacy issues, plus there are already great programs available specifically for librarians by librarians about privacy. Check out Alison Macrina and the Library Freedom Project. See also this article, Librarians versus the NSA. It’s helpful to give a quick explanation of the differences between security and privacy, but I recommend that you refer librarians to the privacy resources geared to them.
  4. Vocabulary words. No, knowing InfoSec terminology will not keep anyone safe. However, it will help them to better understand the headlines and news stories they see every day. Also, it could be helpful for them to better communicate with their IT Department (if they have one) if they know some of these words. Choose ones that make sense for the environment. Explain what ransomware is, in a non-technical way. Tell them what cryptojacking is and how to protect against it. Find links to online glossaries as a resource for them to use later.
  5. Explain IoT. It may surprise you that a lot of people outside of our industry are not familiar with the term Internet of Things. Talk to them about what it is, how their toaster could become a part of a botnet. Show them Shodan. Emphasize the importance of changing default passwords for IoT devices.
  6. Resources. Librarians love information. Tell them about the websites that are good for getting InfoSec news, especially ones that are less technical and more consumer-friendly. Forbes has increased their InfoSec coverage lately and doesn’t seem to be spewing bad info like some other sources that shall remain nameless. Tell them about books, like The Cuckoo’s Egg, that are great to add to their library’s collection and fun to read. I even tell librarians about the DBIR, Verizon’s Data Breach Investigations Report. Why? It contains great information in an easy to understand format, plus it’s something they can direct patrons to if they need industry information. Remember, you’re not just educating the librarians, you are helping them better serve the public by making them aware of tools, tips, and resources.
  7. Phishing. Easy peasey. Go over common red flags and strategies to detect phishing emails. Show them things like VirusTotal and URLscan, for example, as free online tools to see what some of those links are all about.
  8. Social Engineering. Yes, phishing is SE. But, go into SE tactics over the phone, text, and in person as well as email SE.
  9. Basic Cybersecurity Hygiene. It doesn’t hurt to go over the basics like passwords, password managers, Multi-Factor Authentication, etc. Talk to the about the importance of backups, and the best methods for their situation.
  10. OpSec. Explain the concept of operational security, things like don’t take photos to post on social media that could contain something that could compromise the library like a password on a Post-It Note or whiteboard. Ask them how much information about the library staff is on their website, and does it need to be there?
  11. PII. Libraries collect information about their patrons. See how they retain that information securely. Ask if they need to collect that much information. Inquire if they ever purge old information. Explain to them why insecurely keeping PII is a security issue.
  12. Help. Give them resources where they can reach out for more help, especially if they have a cybersecurity incident. Tell them to practice tabletop exercises in the event of a ransomware incident. Make sure they know what help is available to them, and who they should contact, FBI, etc. Your job by talking to them is to give them some education, then leave them with resources, tips, and contacts for them to use on their own.

#Librarian turned #InformationSecurity professional. Your guide up a mountain of information!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Tagged in a Fun Facebook Quiz? Taking Part Could Cost Your Privacy

EVM-RS v0.11 — A SputnikVM Release

InfoSecSherpa’s Africa InfoSec News Roundup for Week Ending January 9, 2022

Image by WikiImages from Pixabay

New Phishing Scam offers a job at Marvel’s Avengers.

Top Data Security Companies

{UPDATE} Slots Stars Hack Free Resources Generator

Five Tips On How to Keep Your Cryptocurrency Savings Safe

HOW LOSING ONE MOBILE DEVICE PUTS YOUR WHOLE COMPANY AT RISK

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
InfoSecSherpa

InfoSecSherpa

#Librarian turned #InformationSecurity professional. Your guide up a mountain of information!

More from Medium

InfoSecSherpa’s News Roundup for Thursday, March 3, 2022

Sunflowers. Image by Ulrike Leone from Pixabay.

Inside the Accelerator: Paqt

Data Breaches: Privacy in the Digital Age

Tall, Dark & Digital