 Good morning and welcome to this week's edition of Encompass Live. I am your host, Krista Porter, here at the Nebraska Library Commission. Encompass Live is the commission's weekly webinar series where we cover a variety of topics that may be of interest to libraries. We broadcast the show live every Wednesday morning at 10 a.m. central time, but if you're unable to dress on Wednesdays, that's fine. We do record the show as we are doing today, and it will be available in our archives for you to watch later at your convenience. Both our live show and the recordings are free and open to anyone to watch. So please do share with your friends, family, neighbors, colleagues, anyone you think might be interested in any of the topics we have on Encompass Live. For those of you who might not be from Nebraska, the Nebraska Library Commission is the state agency for libraries, so similar to your state library. So we provide services and training and resources to all types of libraries in the state, so you will find shows on Encompass Live for all types of libraries. Public, academic, K-12, corrections, museums, archives, really anything and everything, really your only criteria is that something to do with libraries. We do book reviews, interviews, mini training sessions, demos of services and products, all sorts of things. We sometimes have Nebraska Library Commission staff come on the show and talk about services and programming and things we're doing through the Nebraska Library Commission, but we also bring in guest speakers, and that's what we have today. Today with us is my friend and colleague, Robin Hastings. Good morning, Robin. Good morning. And she is just from just south of us, Neckles, the North East Kansas Library System. And she is going to talk to us about creating a culture of privacy and security. Very important in libraries always, but I think even getting more important as more bad actors or bad things going on out there and people trying to do bad things. Maybe safe about all that, both at home, but in your library for your staff and your patrons. So I'm going to hand this over to you, Robin, to tell us how we can do this in our libraries. Awesome. Thank you, Christa. Yeah, I am from, as she said, the Northeast Kansas Library System, which is due south of Omaha, about two hours. And I have a copy of this slides with all the information and the notes and everything at that bit.ly link. It is the original version that I did and computers and libraries earlier this year. I didn't make many changes and mostly in the notes. So while the branding may be a little different, that bit.ly link or the QR code there will get you to a copy of these slides if you want them. I will also have this on the final slide. So if you are not yet sure whether or not you want the information and make that decision next, then yeah. And if you don't catch, I'll just mention to people, if you don't catch the links here or the QR code, we will also link to it in the. On the show archives, we put up the archive, the recording will have a link out to this as well. Cool, cool. So lots of chances to get this information later as well. So no further ado, we're going to talk about today creating a culture of privacy and security. We're going to talk a little bit about how to achieve privacy and security, but mostly the thrust of this is knowing how to create that culture in general. How to create policies that support your culture and then figuring out what kind of culture you have and knowing how to improve it so that you are getting the entire staff involved in creating privacy and security for your patrons. Privacy matters. It is a very important library value that we have confidentiality for our patrons. And so it is pretty important for everybody in the library and whether you are a director or a trustee or a staff member, middle management, interested bystander, whatever role you play in your library, there is a role for you in creating a culture of privacy and security. And this proactive preventative paranoia, my friend Maurice Coleman came up with that statement and I have stolen it, shamelessly. It's a good way to think about what, how you want to do all your work as as a librarian because as we go through this session, we'll talk about some of the things that that can happen in libraries. Yeah, the two of them seem nice and good but paranoia you need to have a little bit of that. Yeah, just a little bit I mean, my, my husband's favorite phrase is just because I believe someone's following me doesn't mean there isn't someone following me just because I'm paranoid doesn't mean there's someone, not someone that's it. And I wanted to kind of go a little bit into the differences here I'm going to talk about things that you do to ensure privacy and security for your, your libraries. And there's a difference between equality, the left side of the cartoon and equity you may have to do things, more things for certain populations, then you do for others and that's okay. I just wanted to be sure that I'm, you know, what you have to do for folks to ensure their privacy and security in your library is, is okay, just wanted to get that going. So, the reason we worry about privacy and security in libraries is that intellectual freedom comes from privacy. Without it you have a chilling effect if people feel that their request will be made public what they're reading what reference questions are asking that kind of thing. They will, that will keep them from asking, maybe things that they don't want out in public. And so it will, it will give a chilling effect to their request so this is supposed to be icicles for that chilling effect I don't, I don't know how that comes across on your screens but I'm not an artist so anyway. It also gives them, if they know that when they come to the library and they check things out. It's confidential that gives them confidence in their library they can use it without thinking basically without double double consideration of what they're checking out what they're asking that kind of thing. The fourth amendment is a, a, it's a thing and if we don't use it will lose it right so the fourth amendment gives people the promise of security and privacy in their papers. And that includes, and I think I will mention this later. All 50 states have some kind of confidentiality requirement for libraries. And so, you know, we need to make sure that we're, we're upholding that or we'll end up losing it. Like I mentioned in the last slide the equity option if, if people are from marginalized populations and they are using your library. Some of them may need more privacy than others. They may require more confidentiality than others. And that equity where everybody has a, everybody's being thought of as deserving of privacy and confidentiality that meets their needs is real important. And finally personal safety. A lot of times, especially in very small libraries. People will call and say, Hey, my daughter supposed to be there. Can I, you know, talk to her. Can you, is she there, basically, and you can give out that information over the phone. But unless you know for a fact that's her mother, you might be giving that information to a predator, or to someone who has bad intentions. So making that a policy, you just don't give out that information is part of providing safety for everyone in the library, including, like I said, children, vulnerable folks, just making sure that that is, is not something that you're, you're giving out, basically, it helps with the personal safety. Yeah, you're talking about the confidential rules and whatnot. And just for those people who are here from Nebraska, which I see there are a lot. We do have a Nebraska state statute about giving out revealing the identity of library patrons. Yeah, I think I think states have a statute of some sort like that. And the libraries are specifically listed in statute in Nebraska statute 84 dash 712.5 section 13. In case you want to look it up that specifically mentions public libraries, not revealing the identity of library patron, unless publicly already in like open court or open meeting, you know, but in general, you do not reveal by state statute, anything that, about any information or provide anything that will identify your patrons. Exactly. So that is, like I said, 48 states have some sort of statute on the in the books on that. The other two that don't have attorney general opinions, that state that library data must be kept confidential. All 50 states have something. Yeah. So your role in creating policies and privacy and security culture in your library depends on your role in the library. So like your, if you're a board member, you are going to work on writing policies that are comprehensive, show your commitment to the patrons privacy. And I will have slides examples later about what kind of policies are our best best practices kind of things and administrators help the boards write the policy obviously and then make sure all staff know the policies. In management, you're going to basically disseminate the policy, you're going to make sure that every cent, everyone understands their part in that policy, and get inputs and ideas from frontline staff sometimes you try something and it just doesn't work frontline staff are going to be the folks who are going to tell you about that. And the court, of course, those frontline staff folks. You guys understand and implement the policy, you report back to your management about where you find things are weak or non existent and any issues that folks might be having. So any questions. Feel free to interrupt. Yep, anytime you think of something in the question section and I will jump in and interrupt Robin with your questions. So, how do you promote ensure these privacy best practices well culture. It is a change of mindset in the library itself. So you're going to be modeling the actions you want to become as part of your culture so if you expect people to use password managers and two factor authentication and privacy protecting practices in general that you want your staff to embody. You need to be doing that as well and whether that you are bored, you know, staff, whatever your role is. It's important for everybody to be modeling proper behavior. But even with the right policies in place. If you're not following those policies and the culture is one of kind of, yeah, that's what we do pay lip service. That's going to be a problem. So that is that is something that is important for everyone in the library to do. So the informal definition of what a culture is. It's up on the screen short shared goals and values how employees work together, those policies and procedures that are written down and followed, and then how decisions are made in the organization. That's kind of an informal definition. The formal definition here, the number two definition in the Oxford languages dictionary that's used by Google. I've got customs bolded here it's not bolded in the original, but I've got bolded here because that is. That's kind of what the custom that your staff the customs that your staff follow really do help to make that that culture so how do your staff interact with patrons do they always demonstrate with their actions the privacy commitments your library has made. If you're not a random visitor walking into your library know that you value their privacy and work to keep it safe and protected. Things like chatting over the surf desk about a book that it's patrons checking out can be problematic staff chatting about patrons and their issues at the Cirque desk in front of other patrons is definitely problematic. Those kind of things tend to be culture. Those are of sharing information in public in the public Cirque desk that kind of thing. Those are definitely culture issues that can be changed it just requires requires a little bit of work and leaders often think they know what they're doing they are doing what they need to be doing to make this stuff happen. I always agree. A lot of times when you see surveys, the leadership's like oh yeah we're great and the staff like so. No I was just agreeing yeah yeah. So, one of the things that you can do if you're a library leader is make sure to recognize folks who are doing the right thing. If you see it in action that will help you guys. Just be one more thing that you all can do as leaders to encourage this, this culture that is being built at your library recognition is important. Like I said earlier everybody at the library has a role. The board's role is to guide the definition of culture to set the mission and values that create a culture. So your vision statement your mission statement those can be set with an eye to setting that culture up at your library. Provide guidance to the director for encouraging culture job descriptions should reflect work that aligns with the culture you want to create that kind of thing so the board can have a role there. Your director can have a role hopefully your director doesn't look like this. In the clip art open clip art site that I got this from it's called tyrannical task master. So, I see that yep. So, nice directors not tyrannical ones can set employee goals as you're talking to your employees each year and doing those evaluations that align with culture create operational processes that reflect the culture you want to see. Model those actions that you want to see in your culture if you're requiring everybody to use a password manager and you don't people notice those things. And then recognize the staff that an actor cultural norms again recognition is a really important part of enforcing cultural change. So management if you're a department head or a supervisor of staff, your role is to ensure that the staff that you manage have the tools to make those cultural expectations happen. So if you require everybody to use a password manager, you probably need to make sure that everybody is using that the same password manager you have a password manager that they can, they can use and we at Neckles, we use last pass because I can share passwords with folks on my team. And that makes life a whole lot easier when you are working with stuff. So, you can help with staff's habit formation sometimes this privacy and security stuff is just a matter of getting into the habit of doing the things that you need to do so you can set the context you can help them repeating that this needs to be done, and you can reward them. Again that that recognition is important. Those three elements can really be used to help make privacy and security a habit for your staff. And then there's like a lot of things that we do it takes set up in the beginning and it takes time but once you've got it done. It's so, so easy and actually useful and helpful to you. Exactly. It's just what you do. Yeah. And then ensuring that policies, like removing access for staff that have left, making sure that those policies are carried out promptly. Those kind of things are what those of you who are in management can do. As for the staff, like I said providing input to management and the director about culture building programs whether they're working, how patrons are responding, helping to create those habits that you all are trying to build being, you know, a team player there and then you are also as staff, generally the first line of defense for a lot of the fishing social engineering kinds of attacks. So make sure you're vigilant as you do your work you're not clicking on random links and doing things that might compromise the security of your network which lets bad people in and then they have access. I did. I had a, she was actually the director of HR but a person at my former library who was not super technologically aware and I did quite a bit of training on, you know, looking out for those fishing and things. And then she came to my office one day and she was like Robin can you come look at this email. And I said sure. So I got up and I looked at the email because I kept telling people, if you have a question asked don't just click. And she said this doesn't look right to me and I read it. And it was an email telling her to download an IR new IRS form to for her HR work. And the URL ended with dot DE, which is Germany, and there is no way that the IRS is storing on a German website, it's just not, not going to happen. She couldn't identify what was wrong specifically with that, but it didn't feel right to her. I think that's because we worked really hard at that library to just pound into people's brains that if it if it doesn't feel right if you even if you can't identify exactly what's wrong. The staff need to be aware and thinking about what they're doing not just randomly automatically clicking every link that comes by so. It's okay to ask your gut it's it's okay it's okay to ask yeah. Absolutely. Absolutely. Yeah I get so much well I didn't want to bother you. It's why I get paid if you don't bother me they stop paying me so. Right. I've been talking a lot about setting up culture. And what does the culture that you want. How does that compare to the culture that you have. That's the gap that you're going to try and bridge with this culture building program. So, hiring is an important part of culture. Sometimes you want to hire for add hire for an addition to your, your staff as opposed to just for fit. That's that's a good way to start adjusting culture. And it's starting to become a theme I think at this point of recognizing employees that do the work to forward the culture is a big thing so. And I mentioned earlier that policies are a big part of culture and some of the best practices for policies that can help sustain create or sustain a culture. Get staff input have technical experts look through it if possible do some risk management and we're going to talk a little bit about that here in the next slide. Consider codifying update schedules put them in job descriptions or in policies procedures. Have them written out so that you know things are getting updated like your computers and your your various pieces of software that you use. Make sure it's it's being done on a regular basis and assign it to a role not necessarily a person people come and go but generally you hire new people for a role and that role is it just makes sure that somebody has a responsibility for it and it doesn't get lost as people as turn over happens. Include vendor relations and requirements in your policies and at the very end of this session today we'll talk about that. And then set standards for privacy actions required by all of your staff stuff like password strength requirements and and things like that that you expect so those are kind of the things you want to think about as you're looking at policies that are going to help construct your culture. I mentioned the risk. Thinking about risk. This is my friend Blake Carver of lyricists used this in a presentation and I have again shamelessly stolen it. It is kind of a way to consider which risks are the ones you really need to concentrate on and of course the risks you want to concentrate on are those one a their risks that are likely to happen and they're catastrophic. Those are the kinds of things that you really really want to be aware of that might happen and have a plan to fix when they do happen servers will die. That's just it happens and sometimes when it happens it can be catastrophic if you don't have backups. If you have backups and you do things you know create that that sort of thing on a regular basis then whether you get hacked or whether the hardware dies whatever kills the server is not going to be the end of the world because you'll have those backups in place. And that kind of the idea of cyber resilience and again it doesn't matter whether the hardware fails or someone gets into your server and. Deletes everything you've you've had on there or whatever the idea of cyber resilience. It's figuring out the risks figuring out how to keep the library running even when things go wrong and having policies around backups and the concept of locks lots of copies keep stuff safe. If you have a backup that you are also backing up that is is you know it's lots of copies basically so that's just kind of a concept that you want to consider take a second to get a drink my jug or coffee. My doctor asked me if I had how much caffeine I drank and I was just one cup of coffee. So anyway she was not amused. So privacy policies policies are in general a written expression of a principle and that is a direct quote from Martin Garner the LA office of information freedom. So these policies that you are creating are written expressions of the principle of privacy that is in your culture or that you want to be in your culture one of the two. So first thing to do is make sure you have a policy if you don't have a policy you need to create one and if you have no idea you need to look around and ask because. That is something that is. It's just kind of without a policy you just don't have a real good basis for making sure that your library is following best practices on policies on privacy and security policies so there is a link to. A sample policy that I think is useful in the slides if you are interested in finding one I you might have noticed already I'm a big fan of borrowing and not reinventing the wheel there's no reason to create your own here. So there is that and then we're going to talk a little bit here just for a second before we go on to the next thing about the privacy versus confidentiality because libraries are a limited public forum. We cannot promise privacy. Like people get in their homes right so they're in public when they're in the library we can do a lot to help mitigate some of the issues of privacy. I you know there's those first amendment auditors that come out a lot of folks have policies that do not allow those auditors to record computer screens or the checkout desk. They can walk around and record the stacks and the building but they cannot record people without those people's express permission those kind of policies mitigate the fact that you are in a public place and technically. People can record in public places that's just that's just how what how it goes the thing with those kinds of limitations and those policies is they have to be. Neutral in in content so you can't say these people can't record but these people can because I like them and I don't like them. It has to be neutral and it can only really talk about time place and manner so you can set times that people cannot. Video you can set places can't they can't go in the staff area they can't like I said record computers or or checkout desks and the manner they can't bother people while they're recording. So the idea of privacy in libraries is you know we're public place that however does not mean we do not work really really hard to make sure that confidentiality is protected and that is again why we have those limits on privacy. So that's just wanted to take a moment to to talk about that kind of that kind of thing video taping and pictures and all that. I think laws vary by state but in general we are a limited public forum and that means that when people walk through the doors they cannot be guaranteed perfect privacy like they have in their homes so. Security policies same thing as privacy policies you should have one if you don't you should get one and again I have an example one in the slides. So you can certainly take a look at that and see if you can make use of that and if you have no idea you could check. Because it's a good idea to know whether or not you have those policies and to familiarize with yourself with them if you're a staff member and you have no real role in creating policy. That's okay you should still be aware of the policies and you should know what your board and your administration have decided is important for your library and and just be able to to. Do that if you're creating a new policy so the best practices you want to include how your library protects patron data you want to include tech details it for security you want to have. You want to be as detailed as possible and make sure that people are aware that you do virus scans once a week or with this particular program that kind of thing that means you're going to have to change it occasionally but. It's a good idea if the IT manager drops dead gets hit by bus. Wins the lottery and moves to the Caribbean and throws away their phone you want to be able to continue working without too much of a speed bump. And that is again with the roles I mentioned earlier instead of saying you know Jonathan is in charge of doing backups and and Robin does virus scanning once a week you indicate roles the IT manager does backup the the assistant does virus scanning you know that kind of thing and. And. Something else you can include is who's authorized to use what systems in your library. Too much. Access can can poke holes in your security so it's a good idea to to have that information there. So you want to test your security policy regularly look at it at least once a year to review it to make sure it's still valid. And have in your policy how you manage a security breach. What who's informed what your policies are what your procedures are. This is can be part of your disaster planning to because quite frankly a lot of times security breaches can be disasters. Tell you a story. I was I was the IT manager at a mid-sized public library in Missouri and actually I this was before I became the manager I was assistant at this point because the. FBI showed up with a warrant and unplugged our file server and took it with them and my boss the IT manager he ran upstairs to figure out what you know how to how to handle the legal stuff and I was left to find a computer that would work as the server server and put the backup from last night on it and get everybody running again. It's not. Not uncommon for libraries to get hacked because we are soft targets and quite often we have a lot of space on our machines and big bandwidth what the bad guys had done is they cracked into our server and they had dumped a bunch of. Software and that didn't require codes and pirated movies and so they were pointing people to our software or hardware to download their software and movies and that was because we had the space we had extra space on our file server and we had really good bandwidth. And when the FBI was checking I don't know as we ever got that server back, but it's, we did manage to come back because we had policies and procedures in place, because while we seem like it seems like libraries are kind of an odd choice for hackers. We are not. We are. We are usually better resourced and less secured a good way to put it than businesses and something else. People are generally the primary vector for attacks. Most people don't actually hack into a computer. They hack into a person. So it's really tough actually to hack into a computer. There are software out there that can help folks do it. We'll talk about that here in a second. But there for the most part, your administrative assistant, your frontline staff, they're, they're a lot softer targets. People call and do say, hey, I'm from IT. I need your password real quick to fix something. And people give it to them. And then now bad guys are in your system and they didn't have to run a bunch of software to hack in. So there are ways to harden your people, just like you harden software. We use Ninjio, N-I-N-G-J, sorry, J-I-O. Again, link to Aaron Lides here at Neckles. And it's a monthly episode, five minutes, four or five minutes cartoon. And it talks about a recent actual hack that has happened, how it happened and how they could have fixed it. And it's not free, but it was not terribly expensive to make it available to our entire region. So it was nice. SANS newsletters. SANS stands for security and network system and network security, something like that. I forget exactly what. But SANS is a well-known respected organization. They put out newsletters, one of which is actually aimed towards non-technical people. And so that's actually, I think, how Elizabeth, from my story a minute ago, was able to identify that fishy email because I was making those SANS newsletters available to everybody on staff and encouraging them to read it and enforcing them. So I mentioned my friend Blake earlier, Blake Carver. He talks about some security games that he likes to use. One of them is it's gone. He walks in and he takes away a piece of hardware or something that can be hacked or damaged. And the staff has to figure out how to work around it. Like I had to find a new computer and put the backup on it and do all that. He makes that into kind of a, I don't know, game doesn't sound like the right thing, but maybe a test where... It's kind of like doing a fire drill test. Sure. We'll see what we'll do with this actually happened rather than just talking about it in theory. Exactly. That's a great way to put it, Krista. It's a fire drill. I'm going to make note of that, by the way. I stole from my friend Krista. And then the other game that he talks about is Evil Patron. That's where your IT folks get to put on their black hats and look around the network to see where your vulnerabilities are. I have a shark on this slide because there is a program called Wire Shark. It is freely available. Anybody can download it. And what it does is it sniffs the traffic that's going on around you in your network. If it's not encrypted, it will show you what people are doing. And it's... I was at a Lib Tech conference up in Minneapolis, Minnesota, several years ago, and Andromeda Yelton was up at the top, you know, the key noting, doing her speech. And she was doing her talk and she had on the... She didn't have slides on the projection screen beside her. She had a whole bunch of stuff. It was kind of flipping by kind of quick. So it took a few minutes for people to start going, oh, wait a minute. Whoa. And everybody kind of was like, oh, there's... You know, you could hear in the audience, people pointing out everything we were tweeting, e-mailing, web browsing, anything we were doing other than sitting and listening to her was being shown up there. She had Wire Shark going and there was no security on the network in the college, I think we were at. And she was basically displaying everything we were tweeting and everything we were e-mailing, stuff that we thought was private. She was picking it up and displaying it. You can sit in your library with a laptop and Wire Shark on that laptop and see everything that's going on in your library and any bad guy can, too. So there's ways to secure your network from people doing this, but even if you don't secure your network, strongly recommend that folks do secure their browsing VPNs or however. But that was a very eye-opening moment. It was probably eight years ago, maybe more, and I still visibly remember looking up and going, whoa. So your privacy audit, similar to your security audit, is where you go around and you have kind of a checklist. So where is user data collected in your library? What information is collected? Do you need all of it? Who has access to that data? Do volunteers who maybe aren't trained on privacy and security have access to it? How do you store your data? Is that storage secure? Do vendors have access to your data? Again, we'll be talking about vendors in a little bit, but there are lots of things you can do. There's a link on the slides to ALA's privacy checklist. They have several levels of privacy that you can go through. I strongly encourage you to use at least the base level of privacy and go as far as you can in protecting folks' privacy in your library. But those links are there and you can take them and create a team and go through each checklist and whatever priority level is right for you and identify what needs to be improved, improve it, and then repeat that process so that you are, they're supposed to be, there it is, it's slow, sorry, rinse and repeat. Basically, just keep going through it until you have a private library. So that's something that you can do as a privacy audit to make sure that things are done in your library. So I mentioned, we would finish up the section here, the talk with talking about vendors and privacy. This is something that not a lot of libraries think about, but we hand off a whole bunch of information to vendors. And sometimes we're not real good about making sure that they are as committed to our patrons' privacy as we are. So there's that, you know, the privacy, and then there's the security. Honestly, I don't remember the name of the vendor who did this, but at that library in Missouri, he came to give us a demo, some library software. And he plugged, this was probably prior to having good wireless because he plugged into our network, like physically plugged a cable into our wall and then into his laptop, at which point every single one of my public computers got the code red virus. He handed it off to everybody. Yeah. So make sure that they are as privacy and security minded as your, I don't, I don't remember who the vendor was because we did not go with them. They lost that sale. Yeah. Like, what are you doing? I spent like the next week cleaning computers. It was insane. But some of the things that you can do to when you're thinking about vendors and you're looking through, if you are in a position to be signing those contracts, you want to look for big terms lack of transparency in the contract, things that they're not defining that might have multiple meetings. Lack of info about what happens to data at the end of the contract. Do they keep your data? Do they give it back? Where is it stored? You do not want vendors claiming ownership of your data in any way, shape, or form. That's a big red flag for me. And similarly, they reserve the right to sell that data. Huge red flag, monster red flag there. Using terms like aggregated anonymized, de-identified, without defining those pretty specifically as to how they do that. Using an URL for privacy policy. I have seen this happen where you sign a contract that has a URL for privacy policy instead of having the privacy policy printed out and included as part of the contract. And after the contract is signed, at some point, the privacy policy changes and you've signed it. You're kind of committed at that point. So that's something that you want included in full text in the contract. And then vendor monitors patron use of products. Sometimes you have to. I mean, if you're doing Google Analytics, Google is monitoring your patron's use of your website. There's just no way to get around it. That's what you're asking them to do, quite frankly. But there are other things. If your ILS is not, and actually I don't know of any ILS is because mostly they're done by libraries and libraries are good about this. But if your ILS was monitoring your checkouts, these are things that you would want to know about and you would want to be sure were out of the contract. Not allowing them to do that. So to review everybody in the library, no matter what your role has a job when it comes to protecting patron data and privacy and ensuring the security of your patrons. Because patron privacy is a core value of our profession. It is something that we all should be working towards. And it's a requirement by law in nearly every U.S. state. And because librarians create an atmosphere that is conducive to intellectual freedom and you can't have intellectual freedom if you don't have confidentiality. So there is that. The what policies and strong security promote patron privacy. A lot of alliteration in that one. We can write good policies. We can create a culture of privacy and security in the library. Those are the ways that we can make this happen. And when, well, we're pretty much done here. We can ask our questions and then you can go forth and do all of this stuff as soon as you want the earlier the better. Now, now is the time to do. Now is the time. That's right. So that is bringing us back to that proactive preventative paranoia is a good thing. And it's something that you should all be building into the culture in your libraries. So, there you go. Awesome. More information and like Krista said, there will be stuff sent out. So did we have many questions. Right. Yeah, this the link to the slides there. I've already got that here so that it's all available. My screen here. Yes, so thank you so much Robin this was a lot of a lot of the food for thought as I'd say I think something some libraries have thought about I'm sure we I know we do have libraries that do some of these things, maybe not everything and aware of everything. Like I said here in Nebraska we do have the state statutes that are how libraries supposed to be run. And we did do an encompass live about Nebraska state laws last month. So definitely want to you want to go look at that for more information about all of our state laws. If anybody has any questions yeah type them into the questions section of your go to webinar interface anything you want to know about any situation you've had at your library that you were concerned about. Get your questions and we have plenty of time. Yeah, that like five minutes left here of our session today so you have plenty of time if you do have any questions or concerns or anything that you were wondering about. So please do type them in. We did have a question about dealing with those First Amendment audits that are happening in libraries. It seems like it's a fine, a fine line, I guess of they think they can come in and do anything they want and go anywhere they want we've seen videos of them going into staff areas and being told no you're not allowed in the staff area it's a staff area hence the sign on the door. But it can be very intimidating. Where is the. So the question is where is the line to we now need to call security or the police, as opposed to we have these policies and you need to be, you know, the person is just standing there saying I'm just going to stand here anyways. Most libraries have patron behavior policies. And almost all of the audits I've seen at least violate those they bother people. And then when they are violating your policies no matter what they're doing it's not that they're recording because they're they're exercising their first amendment rights they're bothering people and that is something that you can get them out if they won't go call the cops or security or whatever it is. That's the line that I tend to mention yeah that that that you have you have a behavior it's not you know they they're trying to get a rise out of you and just like some of these hacking things to it's also sometimes I mean you said they were doing that at your library to use your servers to host things that were being hosted. But sometimes it's just for the fun the I was able to make this happen thing. And they just want to react to them up you'll see that hey I did this and that's the same thing with those two I think the is we want to get a reaction out of these people and get them on film being you know. Yeah, most of these first amendment auditors their YouTube channels are monetized. So the more yeah views they get the more money they make and the more you freak out and give them that reaction. The better they'll do. Right. Yeah, and I think that goes back to what you're talking about the everyone in the in the at all levels in the library needs to know what all your policies are for everything. And know how to use them when someone does potentially break any of your policies you'll be able to say and have like here's a copy here's a printed out copy for your reference. And here's the thing you're doing that you're not supposed to we're going to have to ask you to leave today. You know, whatever your your procedure is but yeah that's yeah. And it's I like that to someone's mentioning that they like that idea of the that of Blake's idea of practicing you know pretending these things happen, you know, do a role playing. There's a thing you're real playing someone just role playing someone pretending to be one of these people so you don't get blindsided in like the kind of situations within his kind of stuff when your security breaks down, your computers go you're going to panic if you don't already have like, Oh, I know what to do we went through this I can do this. Yeah, we you know, as an IT person I know how to repair to, you know, pull stuff off of backup and put it on to a new thing. It's something I've had to do in the past but the IT manager could have done that too but he was totally freaked out and he was upstairs in the director's office, and it was nothing we had ever prepared for or had a policy for or. I coming in. Yeah, I don't think many libraries have the FBI is going to come to the door on there. Was it was stressful. So, so yeah, the the fire drill the role playing those are always I mean the more you do it the more comfortable you will be when it happens and something that is is at you know what the experience I have it will happen. When don't know where but it's going to happen and I know of no libraries that have never had any kind of issue even if it's little, you know, the 13 year olds are are getting past their computer security to get an extra hour of Minecraft library has some kind of of issue and knowing how to respond to it is important. And that's just thinking it policy policy policy that we can't emphasize that enough about everything in libraries. Don't wait until something happens to figure out what you need to do about it right up a policy. I talked real quickly about you know that should go in your disaster policy, I would be interested in knowing how many libraries have a disaster policy. It's, I actually wrote a book on using the cloud for creating a disaster policy. And in the research, I discovered cars drive into libraries, a lot, like way more than you would think. Okay. So that's a disaster quite frankly you've you've got a car inside the library they busted through your your window and you know it one of my libraries here in Northeast Kansas strip mall guy hit the gas instead of the breaks and went right through the window. It tore up their technology. I mean it took the wall down. And so everything that they had in that wall the electricity the cabling, everything had to be redone. It was, it's way more of a disaster than you think. And with all the different natural disasters happening. I mean, yeah, we've got the flooding up in Vermont and the wildfires everywhere. I mean here in Nebraska we had flayed back in 2019. And it was a huge undertaking for everybody, figuring out what to do. And if we did have policies and Right now in Kansas, we actually I think got to 130 was our our heat index in Lawrence on Monday. If your air conditioning goes out when the 130 degrees, that's a disaster. You're losing yours. I keep checking it every day because we've got this excessive heat warning through through tomorrow's right. And yep, we hit that 100 it was it's just you guys I'd like no, no. Yeah. So, and technology can be a disaster. We had a library here in Lawrence, the library here in Lawrence our public library got hit with a ransomware. Yes, backups had not been checked recently they didn't have any backups, essentially. They lucked out they paid the ransomware with Bitcoin and Bitcoin increased in value so much between when they bought it when they paid it that they were able to. They made money. Essentially that is not generally what happens and it is not best practice to pay the ransom dude. You don't you don't want to you don't need to you need you're prepared you're you're fine. Exactly if you've got backups you can say okay and you wipe everything clean and you put your backups on and you go on and and you're not funding bad guys but but yeah it's it that was a disaster for them they were out of commission for a while. Until they got their data back and it's a disaster just like a fire or or her cane or tornado or anything else that happens. Alright, so I don't see any other any other additional questions just in the last few minutes we've been chatting. Does anybody have any last minute desperate questions you want to ask of Robin or anything you want to discuss, get it into your question section. I'm going to while I'm waiting to see if we do have anything I'm going to start just my little show wrap up. So thank you so much Robin for coming on today it was great to have you here and good to see you see your face. Well thanks for inviting me. Yeah, and like as I said in the beginning this is a session that was done at the computers and libraries conference, which is held in DC Washington DC area every spring. So if you're interested in anything like that it's a highly recommended conference, I think it's a small conference not a lot not a huge group of people. And if you're techie oriented or computer oriented, it's definitely a thing to you. They do a companion, I call it a companion conference internet librarian which is done in the fall, which is now appears to have gone fully virtual. The no longer version which is fortunate. It was in Monterey, California, California. Yeah, they always say it's West Coast which is really nice for everybody to go if you're on this half of the country you go to DC if you're in this happy over here. And for us the middle we can go anywhere. Exactly, exactly. Yeah, but internet librarian in October I think is on as a virtual one now so look into that too if you're looking for tech things. So, yeah, so here's the session page for today show. So as I said I've got the link here to the slides that were used today so I will this will be included in our recording archive when I show you that. Here is our main page for Encompass Live if you type Encompass Live into whatever is your search engine of choice. We are the only thing called that on the internet so far. Interesting. Yeah, I haven't copyrighted or trademarked or whatever I would do but hey it's still nobody wants to fill anything else this so I'm happy. These are upcoming shows but here is our show archives. If you look there, most recent ones are at the top of the page so today's will be up there probably by the end of the day tomorrow as long as go to webinar and YouTube cooperate with me. I will post up there everyone who attended today's show and registered for today's show get an email from me letting you know when it's available. And there will be a link. Let's see last week's yeah, we two links link to the recording on our YouTube channel and a link to the Google slides that are on Friday just like this one from last two weeks ago. While I'm here I'll show you there's a search feature here if you want to see if we've done a show on any particular topic. You can search for it here. We have our full show archives here and I am not going to scroll all the way down because as you can see it's pretty huge. This actually goes back to when we first premiered and compass live which was in January 2009. So we are in our 14th year of the show. Oh my gosh. But we have a place to host these so do pay. So we always have them available for you to watch for for historical purposes and whatnot, but do pay attention to the original broadcast date of anything. Some things will be fine and good and useful and stand the test of time but some things will become old or outdated resources or services may have changed drastically. People might not work at the same library they worked at when they presented for us. So just pay attention to that date when you watch any of our old shows. But as I said this is something libraries do we keep things for archival historical purposes and as long as we have a place to keep them which right now is all in our YouTube channel. The library commission YouTube channel. We will always do that and have that there for you. We also have a Facebook page you can see I got a link here that open up over here. If you'd like to use Facebook give us a like we post reminders she's reminded to log into today's show. Little meet our presenter and then when the recordings are available we'll announce on here as well. So if you do like use YouTube you can do that we also still post things out to Twitter and Instagram and and comp live is our little abbreviated hashtag for the show. So we're out there on the socials cheese. All right, I don't see any other questions I think we'll wrap it up. Thank you everybody. Thank you Rob and for being here is good to see you. Thank you for inviting me. It's always fun. Yeah, I can be back in a couple months talk about some other stuff too so we'll see you on the calendar again. I hope you join us next week our topic. And I want to make it make sure everyone sees this next week it's last Wednesday of the month which means it's pretty sweet tech day, which is when our technology innovation librarian Amanda sweet always comes in the show and does something tech related. You might be interested in these Robin. But I want to note next week's show is at a different time it's at a special time 3pm Central Time instead of 10am. That is because we are bringing in guest speakers live from New Zealand. And if it was 10am for us it would be like 2am or something for them. So the show is going to be at 3pm from three to 4pm Central Time next Wednesday. And it will be talking about Kaiser education which is about doing coding and teaching coding to kids. So please do join us there for next week's show. And if you know here they will also be a drawing anyone who is at the live show will be entered into a drawing to win one of their coding robots a Kaibot and things that go associated with that. So just for the people who log in live will grab everyone's emails throw them into a way of picking random email. I don't know they've done this before. Ranelle and Bruce have done this and other sessions they've done. But so we are very excited to have them with us next week so just be aware so I've got all everything here in bright red 3pm 3pm. I won't be here in the morning I'll be here in the afternoon. Alright so that wraps it up for today's show. Thank you everybody. Thanks again Robin and hope you'll see you all on a future episode of Encompass Live. Hey. Bye. And stay cool if you're in an area anything like where we are. It's cost. Alright bye bye.