When Tyler Anderson first started working at the Scott County Public Library (SCPL) in Georgetown, Kentucky, cybercrime had begun to spike worldwide, and cybersecurity was becoming a serious issue for many public and private institutions. Bad actors were burying malware on webpages, and antivirus protection was just beginning to move into the cloud.
While cybersecurity was becoming a big problem for technology-rich companies and organizations, it was not yet an issue for a small-town library in the American Southeast.
Ten years later, as the ranks of professional cybercriminals have exploded and cyberattacks have become ubiquitous, Anderson and his library must think about cybersecurity every day. That’s one key reason they work with Quest.
When he first came to the library, Anderson was the youngest member of the staff. He recalls that it was around the time the Kindle was gaining in popularity, and a big box of e-readers that had been donated to the library was gathering dust.
“None of my colleagues knew how to use them,“ he says, “and they told me, ‘you’re young, you should know how to handle all this technology.’ So, one of my first jobs in the IT world was to write up instructions on how to use the e-readers and online library services.”
Like many institutions at that time, SCPL did not have an Information Technology Manager; however, they soon hired one, and Anderson went to work for her and then for her successor. A decade later, Anderson heads the library’s IT department.
When his former boss left, rather than hire a more-experienced, very expensive IT professional, the library decided to give him the job and to bring Quest on board to help with the growing number of technologies the library uses.
“I don’t have any formal technology training,“ Anderson says. “My master’s degree is in library sciences—I am technically a capital ‘L’ Librarian. So, it’s good to be able to call on Quest as our technology needs expand.”
Protecting Children and Patrons’ Privacy
In addition to helping protect SCPL from cyberattack, Quest helps the library serve the people who use its services every day. Like libraries everywhere, Scott County Public Library is one of the only places in the region that offers free computer use to its patrons. Georgetown, Kentucky is home to a Toyota plant, which draws a lot of people to the town that now has a population of around 35,000. When SCPL moved into a new building in 2000, it had room for 10 computer stations. In 2016, the library was renovated to make room for 50.
One of the library’s primary technology needs involves time management of those computers. To help provide this equipment to the public, the library participates in an FCC program known as E-Rate. To help ensure that computer use is allocated fairly, the program requires the library to set limits on how long a user can stay on a computer. It’s up to the library to set and enforce the actual limits. Anderson gets help with this via Quest’s Umbrella Infrastructure Support Services, which also include necessary and valuable security alert monitoring
Another key technology requirement involved protecting library patrons’ privacy. SCPL accomplished this objective with Quest’s help, by “virtualizing” all of the library’s public computers.
Virtual computing allows users to interact with applications and services located in the cloud as if they were on a local machine. With this functionality, the library can be certain that whatever data or webpages a patron accesses will not be available when their session on the computer ends.
“As soon as a patron logs off, the virtual machine is destroyed, so all of that user data is completely destroyed,” Anderson says. “When a new patron opens a session, a new virtual machine is built, and there’s no way anyone can access any data that any previous patron was using.“
Cyberattacks and ‘Minor’ Crises
Anderson reports that conversations on several listservs he frequents indicate that libraries are increasingly targets of ransomware attacks.
“It happens because we are seen as an easy target,” he says. “And it’s true that many libraries don’t take security very seriously—mainly because they don’t have the time and they don’t have the staff.”
SCPL does take cybersecurity seriously. Working with Julie Martens, their inside sales representative at Quest, they utilize immutable storage specifically to protect against ransomware attacks. Anderson and his one IT staffer back up all their servers every night locally and to the cloud via a Quest data center in another state. “Immutability” means that data cannot be deleted or modified in any way by anyone inside or outside the organization.
The library has also contracted for Quest’s CyberDefense Suite of services to ensure absolute protection. Anderson sleeps better at night knowing that his institution will not be brought down by cybercriminals, and he says he also appreciates that he can call Quest when smaller–but still serious—problems arise.
Not long ago, the library had some problems with its virtual computing functionality. The systems administrator who used to handle those kinds of issues no longer works for the library.
“That’s where it’s helpful to have the Umbrella Services,” Anderson says. “When we’ve gone down, we’ve been able to make a call and say, ‘can you guys get us up and running again?’ And they jump on it. Part of our system was a little outdated, but they were able to build a workaround to still get us up and running in no time.”
Anderson looks forward to continuing to work with the Quest team. “We recently completed our monthly check in with Julie and Emma, the Quest assigned service manager, which is always a good thing. We review any open tickets and discuss ongoing projects. It helps me a lot to know that we’re working together and staying on top of everything.”