5 ways to shield your library from cybercrime — advice from the experts

Author: Saskia Hoving

Who would imagine that academic libraries would be targets for cybercrime? Criminals, apparently. In May 2022, the FBI warned U.S. colleges and universities that many of their network access credentials are already for sale on the criminal dark web. Even before that, the City of London Police’s Intellectual Property Crime Unit (PIPCU) issued a “do not use” warning for Sci-Hub and directed university staff and students to watch for phishing emails trying to steal university login credentials. And when asked, librarians stated they were most concerned about the theft of personal data — both staff and students — as well as potential institutional reputational damage inflicted by a cyber-attack.

So the question to ask is: Just how vulnerable might your library be? And what steps can you start to take — right now — to protect it? To help scholarly librarians deal with and navigate these challenges, Springer Nature has joined together with other institutions and publishers in The Scholarly Networks Security Initiative (SSNI). The SSNI is a group of institutions, vendors, and publishers working to solve or mitigate cyber-challenges threatening the integrity of scholarly networks. And according to SNSI, all parts of the scholarly system — including libraries, as well as publishers and others — need to pay attention to cybersecurity.

Shield your library from cybercrime: Tips from the experts

To figure out how vulnerable your library might be (and what you can do to mitigate those risks), first, you have to evaluate how vulnerable your library network already is — and experts suggest that it could currently be quite vulnerable. BetaNews reported cybercriminals can penetrate 93% of company networks (betanews.com). Library networks, often with thousands of unique users, are especially vulnerable.

To help the scholarly community deal with these threats, SSNI has developed a toolbox of tips to support libraries (and others) in data security practices. We asked Stacy Best Ruel, Director Customer Development Americas at Springer Nature, to pull out the top tips for combating cybercrime that you can easily implement now.

1. Work with your institution’s Chief Information Officer/Director of Information Security: Reach out to your institution’s central IT department. The Chief Information Officer (CIO) will be intimately involved with campus-wide cybersecurity, and it helps when that person knows that the library and its network takes the threats seriously. Partner with Campus IT or Information Security to promote reading and video material on information security at your university
2. Participate actively in security: Evaluate the library’s and campus’ requirements against the security capabilities of library-specific systems and applications and develop plans and pacing for timely software updates and patches. Run and keep up-to-date endpoint protection and/or antimalware software on all library computers, both patron-facing and those that library staff use.
3. Promote legitimate sites — discourage pirate sites: By definition, pirates steal. And if they’re willing to steal from publishers, they’re willing to steal from anyone — and are likely engaging in further criminal activity. Sci-Hub, for example, may be a state-sponsored actor, working for the Russian government. The Washington Post has reported that the U.S. Department of Justice (DOJ) is investigating its founder, Alexandra Elbakayan, for links to Russian Intelligence. If these allegations are true, then interacting with Sci-Hub (accessing articles, or, worse, providing them with login credentials) could have much wider ramifications than just getting access to paywalled articles. Rather, you should strongly encourage your users to access research information from reputable sources — from your portal, from publishers’ websites, or from legitimate aggregators. In addition to being secure, these sources also work to keep research up-to-date and to provide high-quality metadata along with the research itself.
4. Prepare a plan of action: Remind colleagues and students that, if they (willingly or unwittingly) share their login credentials, they’re putting the entire campus system at risk. That includes private student and faculty information, grading information, financial information in the Bursar’s Office, and more. Educate them on steps they should take if they discover that their credentials have been compromised or given to another individual or suspect site. 
5. Secure your systems and equipment: Back up important files and records for recovery in case of ransomware attack or system failure. If a campus-wide backup and recovery solution exists, begin to use it.

How is Springer Nature helping libraries secure themselves?

Springer Nature is working to further open research (and help accelerate the transformation to open science) which will, naturally, reduce use of pirate sites. By growing the number and reach of institutional open access agreements, Springer Nature is steadily making more and more research open.

Springer Nature also partners with Research Gate — a reputable research social network and aggregator (see point three, above) to make even research not published open access (OA) available via the network. Perhaps just as important is making Springer Nature’s own platforms more attractive and appealing to users than the pirate sites. Springer Nature’s developers work tirelessly to improve the platforms, adding in features that you and your users have said you want.

One final note: You should keep up with colleagues and cybersecurity experts about changes and trends in the field. Criminals are always on the move — but the good people are, too. Educate yourself further by speaking with your Springer Nature representative and periodically visiting the SNSI site for updates and the latest resources.

About Stacy Ruel

Stacy Ruel is a strategic leader with a proven record in enhancing customer engagement and driving growth within the higher education and publishing realms. Her extensive B2B background spans institutional sales, digital marketing, and brand positioning.

Currently serving as Director of Key Accounts at Springer Nature Group, Stacy leads a team focused on optimizing customer engagement through brand leverage and audience interaction. Her accomplishments include notable revenue growth and impactful campaign execution during her tenure as Head of Marketing for Commercial Key Accounts. Stacey's career showcases her prowess in customer-centric strategies, innovative leadership, and driving results in the publishing and education sectors.

Related content

• Protecting libraries from cyber-attack, about The Scholarly Networks Security Initiative (SNSI)
• Information & resources to support Libraries to prevent Cyberattacks, including podcast with Alan Brill, Senior Managing Director in the Cyber Risk practice of Kroll, Journal and Book Highlights
• Expanding access to research, exploring the ResearchGate and Springer Nature partnership
• White Paper: “The Springer Nature / ResearchGate partnership”, Researchers at the Centre: Content Discoverability, Visibility, and Access
• Institutional open access agreements, information for authors
• Platform enhancements: Security Enhancements for Springer Nature Platforms including SpringerLink

Don't miss the latest news & blogs, subscribe to The Link Alerts today!