As the old saying goes, it's better to be safe than sorry.
These LibGuides tips and tricks will help you enable and promote the security of patron and library data.
Protection and safety don't happen by accident... they are planned and executed by choice.
So, let's tackle this together because an ounce of prevention is worth a pound of cure!
2018 is all about secure web-browsing, and Chrome is leading this trend by raising their security game and working toward their end goal of all HTTP webpages having a "Not Secure' indicator. For more information on HTTPS security, check-out the HTTPS Protects Your Sites page of this newsletter.
This means that if a patron loads your Springy tool website over HTTP, they’ll see a Not Secure indicator in the address bar. This is definitely not good PR for you. You don’t want your patrons thinking your LibGuides, LibAnswers, LibCal, or LibWizard sites are untrustworthy.
Now all Springy sites - whether you’re on a product domain (ends in libguides.com, etc.) or a custom domain (ends in .edu, .gov, .org, etc.) - are ready to protect patron data by loading over HTTPS. Sites using a product domain use our wildcard certificate to load their sites over HTTPS. For custom domains, we recently worked some behind-the-scenes magic and installed a free Let’s Encrypt security certificate for you. You don’t need to ask your IT colleagues to change a thing. It just works!
But just having a security certificate in place doesn’t mean that patrons will magically load the page via HTTPS. You need to make a simple change to ensure this secure connection always takes place.
Automatically loading your web pages over HTTPS is the only way to ensure that they always have a secure connection. When you use the “Force HTTPS” feature, even if your patrons are linked to your site via an HTTP-based link the page will still load via HTTPS. In the future, Springy HQ will completely disable HTTP (i.e., loading pages over HTTPS will be forced automatically). Until then, though, we’ve provided you with the tools to make this change yourselves!
We know this is a "LibGuides Tips" area, but we don't want you to stop with LibGuides, so here's the scoop for all Springy products! LibStaffer, LibInsight, and LibCRM operate solely via HTTPS, so there’s nothing to change.
Check out the “What is Mixed Content” and “How Do You Find…” sections of the HTTPS Protect Your Sites page to learn more about what all of this means and how to find potential mixed content in your sites.
This tip might be short, but it can have a big impact. Sometimes you need to share important documents, slides, spreadsheets, or pdfs. How can you do that, securely?
Easy-peasy, using LibGuides CMS' password-protected files & documents.
Simply add the password you want to the Password field when either creating a new or editing an existing Documents & Files Asset. Share the password with the appropriate person/people, and you're all set! Just make sure you don't shout it across a crowded room. ;)
ICYMI, the EU's General Data Protection Regulation has prompted the creation of new Springy privacy tools for everyone... not just our clients in Europe. So privacy-conscientious librarians can enable these patron-related privacy features to ensure your users are informed about the use of their data.
If you haven't already, be sure to check-out the Public Cookie Notice & Customizable Privacy statement that you can enable in your LibGuides, LibCal, and LibAnswers systems. Via a small banner, it informs your patrons that a small cookie is installed on their computer to track their IP address for usage statistics.
If you're like most libraries, you might be employing other 3rd-party tools, like Google Analytics, in order to gather more detailed usage stats.
For clients in the European Union, you might need to take extra steps to ensure these 3rd-party tracking tools are GDPR-Compliant. Our compliance does not cover these 3rd-party embedded tools' compliance.
The opposite of security is storing important passwords on post-it notes around the reference and circulation desks. But we get it, how can you share important database credentials internally with staff and externally with users?
Easy - with LibGuides A-Z asset login credentials and internal notes features.
The login credentials is a relatively new feature, released in May 2017. Admins can use it to store login credentials for admin interfaces, SUSHI credentials, or login details for access to database statistics. The uses are endless!
Since only Admin-level users or A-Z asset managers can view login credentials, don't use it to store information that all librarians need.
You might be working with a database vendor where access is via a password. Definitely, not ideal - but beggars can't be choosers.
How can you share database login information with fellow staffers, securely?
Use the A-Z asset internal notes field! Internal notes never display to the public, and you don't have to be an admin-level user to access them either. This way, all staffers can view (and share) important database login details with patrons.
In our social-media fueled society, you can get lulled into the notion that all web content should be shared with everyone. I can retweet your tweet, share your Facebook post, and reuse your content as my own. And as much as we encourage sharing here at Springy HQ, there are just some guides that aren't meant for sharing with the greater LibGuides community.
Cue, sharing controls. For each individual LibGuide, you can control who can reuse it - from the entire LibGuides community to individuals within your own institution.
Guide Sharing = Community
Guide Sharing = Internal
Guide Sharing = No