Information Today, Inc. Corporate Site KMWorld CRM Media Streaming Media Faulkner Speech Technology DBTA/Unisphere
Other ITI Websites
American Library Directory Boardwalk Empire Database Trends and Applications DestinationCRM Faulkner Information Services Fulltext Sources Online InfoToday Europe KMWorld Literary Market Place Plexus Publishing Smart Customer Service Speech Technology Streaming Media Streaming Media Europe Streaming Media Producer Unisphere Research

Vendors: For commercial reprints in print or digital form, contact LaShawn Fugate (

Magazines > Computers in Libraries > June 2018

Back Index Forward
Vol. 38 No. 5 — June 2018

Top 10 Security Risk Factors for Public and Academic Libraries
by Steve Albrecht

Security issues of all kinds are at the top of library leaders’ minds. Here are the ones I’ve heard the most about lately in my role as a library security advisor. Most of these are people-related issues, but some also involve technology security at the same time.

1. Aggressive homeless people who are suffering from mental illness and dealing with substance abuse problems

These three issues (homeless people who are mentally ill, high on drugs or alcohol—or both—and are continually confrontational with staff members or other patrons) create what could be called the problem patron security triangle. The bad news is that these people are a handful and often will require a security or police escort out of the building. The good news is they are mostly rare. They aren’t an 80/20 problem; they’re more like a 95/5 issue. But even if only 5% of homeless patrons are predatory (aggressively panhandling, confronting people who won’t give them money, or who won’t move out of their way), mentally ill (particularly when stricken with untreated schizophrenic or psychotic symptoms), and struggling with substance abuse (especially alcohol and methamphetamine)—they can be overwhelming to staffers who are not used to dealing with this combination.

One of these issues with a single patron is hard enough to deal with; in combination, multiple homeless patrons—banded together in a loose consortium of folks who make a constant mess, harass patrons and staffers, and won’t leave the library if asked—can be overwhelming to a staff member who really doesn’t want to address the wave of problematic behaviors these people with multiple problems can create.

Dealing with homeless people requires firm empathy. Staffers need to treat these folks with dignity and respect—and many homeless people are highly attuned to negative body language or demeaning tones by most everyone they encounter—and enforce their code of conduct and safe use policies. The best approach is to be firm, fair, consistent, reasonable, and assertive.

For specific help on what can be library staffers’ most vexing patron control and compliance issues, see Ryan J. Dowd’s new book, The Librarian’s Guide to Homelessness: An Empathy-Driven Approach to Solving Problems, Preventing Conflict, and Serving Everyone. Dowd is the longtime executive director of Hesed House, one of Illinois’ biggest homeless shelters. His book offers a multitude of explanations as to why homeless people behave as they do, and he provides a wealth of ideas as to how to best interact with them.

2. Ransomware attackers

On Jan. 30, 2018, a library internet technician at Spartanburg County Public Libraries in South Carolina noticed a ransomware attack that shut the entire system down for several days. The attacker demanded a payment of $36,000 in bitcoins to restore the full service. This is similar to a ransomware attack that plagued the St. Louis Public Library in January 2017. Cyberhackers shut down the 700 computers at 16 branches for several days. Like in the South Carolina case, the St. Louis attacker asked for a ransom payment in bitcoins. This suggests the attacks are from hackers from foreign countries.

These attacks are common enough that the FBI often gets called in to investigate them. Not paying the ransom demand is the only approach, because to pay it only invites more attacks. The library response to these types of shutdowns should involve its IT department working with federal law enforcement. Preventing the issue requires a working partnership with IT and library leaders and having constantly updated internal system maintenance procedures, spyware protections, and external access control methods that are monitored with security vigilance. 

3. Infection carriers and bringers of malware

Libraries around the country don’t seem to have a uniform policy for the use of thumb drives. Some libraries use closed systems, which don’t give patrons a way to insert thumb drives (suspicious or otherwise) into the hardware drives. Other libraries allow patrons to use thumb drives to copy material; connect with their networks, printers, and scanners; and access their own work. Working with their IT departments, libraries need to make hard but appropriate decisions about how much public access to their network systems and hardware is too much. 

4. Pornography enthusiasts

When it comes to protecting minors or shielding non-consenting adults from adult content, libraries fall into four distinct camps:

  • Strict internet filtering (for pornography and other inappropriate websites) with in-place policies and strict staffer vigilance for violators
  • Strict internet filtering with in-place policies, but with limited or no staff member vigilance—sort of a patron-driven, self-policing model
  • No internet filtering, but with in-place policies and strict staffer vigilance about confronting rule violators, including kicking them off the internet or even out of the library
  • No internet filtering, no in-place policies, and no staff member intervention 

The first group says, “This is our library, and we have the right to control internet content as we see fit. We get direction from our library board or our elected officials as to how and why we need to limit access to sites that feature pornography, child pornography, violence, and other content most reasonable people (especially parents with small children passing by) would find objectionable.”

The second group says, “We will filter content, but we don’t want to turn our staffers into the internet police department. We will let the machines and the software do most of the work, freeing up our staff time for other things.”

The third group says, “We will not filter internet content, but our staff will pay careful attention to what all users show on their screens. We will aggressively enforce our no pornography/graphic imagery policy and ask patrons to stop using our machines or leave the library.”

The last group says, “Freedom of choice is a right; our open society means we provide open access to all information available on the internet, regardless of whether anyone else finds the content objectionable.” 

The idea that adult males (and it’s always males) would choose to watch pornography in a public place is perplexing. The solution often lies in screen visibility. Many libraries place their internet-connected PCs on tables where the screens face outward toward the open areas. Some libraries, which don’t filter porn or address it through policies, have had good success with turning the tables and putting users with their backs to the facility walls. This way, the screens face toward them and not out to the public. Other libraries that don’t filter put shaded privacy screens over their PCs or place wooden dividers between each computer station.

5. Internet hogs

Providing public access computers is a key way that libraries serve their communities. But resources are always limited, and when patrons can’t get to a free machine, arguments can erupt that disrupt the library and could even escalate into violence. There is a type of library patron who seems obsessed with using the internet, right down to having his or her favorite chair or screen, which creates the potential risk for a confrontational situation. Unless addressed, it results in a bad experience for the patron who is waiting. Some library staffers report the daily “10 o’clock 50-yard dash,” as certain users push and shove their way into the facility and sprint for their special self-designated machine. This leads to problems when other users want to get online and can’t because the person won’t leave and continues to log on each hour after his or her time runs out. A fair and consistent application of the internet use policy by staffers must be in place.

6. Entitled students

Antagonistic patrons are another risk factor that, unfortunately, too many librarians have to face. These types of patrons at academic, college, or university libraries often have two modes: “My tuition pays your salary, so I can rudely order you around” or “My tuition pays your salary, so I don’t have to follow your code of conduct or library use policies.” Reminding chronic rule violators that even they can be banned from the library for repeated problems might work. Talking with the dean of students or the student’s academic advisor can help as well.

7. Entitled faculty members

These patrons are similar to the aforementioned entitled students, but thanks to tenure, inflated egos, and narcissistic entitlement, they place research demands on library staffers that can’t be met immediately or treat them rudely and unprofessionally. How do you enforce the rules for an employee who cannot be disciplined or fired? Sometimes, it may help to speak directly with the offending professor’s department head or dean to see if he or she can help to create a better, more collegial relationship. 

8. Sexually harassing behavior toward library staffers

The #MeToo movement continues to reveal examples of sexually harassing behaviors in the media, entertainment, sports, and business worlds. Female employees at libraries have long told similar stories about certain patrons who insist on making comments about a staffer’s physical appearance or making sexual remarks even after they are told to stop; flirting or asking a staffer out repeatedly; staring at a staff member for hours; stalking a staff member (using her library’s own internet, ironically), which is a felony in all 50 states; or even touching a staffer in a sexually assaultive way. These types of offenders need severe consequences, which may have to go beyond just stern warnings from the library director or kicking them out and involve calls for interventions (and even arrests and prosecutions) by the police. 

9. Service animal versus emotional support animals

While no one can argue that persons with disabilities should not be allowed to bring their service animals with them to the library, the definition of what constitutes a service animal is up for grabs and could lead to conflicts between librarians and patrons. Current social media is filled with photos and stories of passengers trying to bring snakes, ducks, and even a peacock on board commercial airliners. This issue appears to be one librarians are struggling with because so many patrons know the laws about emotional support animals. Many people buy little vests and certificates for their pets online, knowing most restaurants or other public places won’t challenge their “authority” to take them along. Staffers report patrons bringing in dogs, cats, rats, snakes, ferrets, and birds.

When a patron tries to bring in an animal that is clearly not a service animal, the library staff is usually only allowed to ask, “What service does that animal provide for you?” The well-schooled patron will say, “This animal provides me with emotional comfort.” The conversation ends there because to inquire further would seem to violate healthcare privacy laws. Many libraries split the difference, allowing patrons to bring in emotional support animals only after asking these important questions: “Can you guarantee that this animal will not make a mess, make noise, escape, or harm anyone? Can you guarantee that this animal will be under your complete control at all times? And if not, will you agree that you have to leave the library with it?” 

10. Opioid users

This last issue is perhaps the most troubling of all. The opioid crisis in the U.S. is so bad that for the first time, more people are dying from opioid overdoses than car accidents. I’ve observed that many opioid users who prefer heroin (cheaper and easier to get) to opioid pills choose the library restrooms or the stacks to shoot up. This puzzled me until I parsed out how opioid users sometimes think. If they accidentally overdose in a public part of the library, it’s likely someone will quickly find them and call paramedics. Furthermore, since some libraries have offered voluntary staff training in the use of Narcan, an opioid overdose-reversal drug that does not require a prescription, some heroin addicts believe they will be saved by a staffer who administers the up-the-nostril dosage even before the ambulance gets there.

Having staff members give Narcan to patrons who have overdosed is admirable and empathetic (no one wants someone to die in the library), but it’s a complex solution. There are issues about providing training and safety equipment (gloves and masks), as well as realizing that when Narcan is successful, the overdosed person often regains consciousness angry and vomiting. There are serious concerns about staffers’ exposure to blood-borne pathogens, the MRSA virus, hepatitis, AIDS/HIV, and the possibility of needle sticks. 

The best response is to not let opioid users go in the library bathrooms or stacks to shoot up in the first place. This requires more staff member vigilance and observations, security patrols (if available), more police patrols, and putting the word out on the street that the library is not a good place to use needle drugs.

Steve Albrecht  is a Colorado Springs, Colo.-based author, speaker, and library security trainer. His book, Library Security: Better Communication, Safer Facilities, was published by ALA in 2015. Follow him on Twitter (@DrSteveAlbrecht).