8.1 A comforting—and false—sense of security

The result, which might take years to develop, is a mishmash called the Library Security Manual. In my experience, this monster takes the form of an enormous three-ring binder. Occasionally it appears online, where it is rendered toothless by any power outage or virus that circumvents your firewalls. Most often, the LSM holes up in a drawer in the staff room. No one pays any attention to it until something goes wrong, at which point library employees spend time hunting it down and leafing through it, only to discover that it is out of date, incomplete, or irrelevant.

Nevertheless, the LSM has served a definite purpose. It has given library employees a comforting if false sense of security. As long as a security problem does not become life-threatening, and employees use common sense to deal with minor matters, the LSM will do no harm. But if a problem is potentially dangerous, that binder can become an impediment to appropriate action.

For example, let’s assume that an obstreperous patron has arrived at the reference desk at your library. He is drunk. He utters threats and appears to be on the verge of attacking the librarian. In this instance, the LSM binder is close at hand. As the patron reaches for the knife in his pocket, the librarian opens the binder. She notes that it begins with a section on sprinkler leaks. Then it describes what to do in an earthquake. After that is an inventory of washroom keys, a bibliography on book theft, and a list of emergency telephone numbers last updated in 1992.

If this incident occurs anywhere in Canada except the seismic zones of British Columbia and parts of Quebec, why does the librarian need earthquake instructions? She doesn’t, but because much of the LSM has been copied from one produced for a Vancouver library, she now knows that it is unwise to run in or out of a building during a quake.

Our drunken patron has been waiting patiently, knife in hand, for the librarian to finish reading about the correct response to an earthquake. Does this scenario make sense? Is it reasonable to believe that the LSM would be useful in these circumstances, or that a drunk with a knife is willing to wait for the librarian to complete her review of the LSM?

8.2 Fostering a security culture

The lesson here is that you can’t rely on your LSM alone to keep you safe, especially if its security information is mixed in with disaster preparedness pointers, first aid tips, instructions for using a fire extinguisher, and feel-good policy statements that “put employee safety first!” What’s even more important is a heightened sense of awareness of security needs and procedures in your library. As more employees attain this awareness, the library will develop a security culture that renders fat binders obsolete.

What is the most effective process for developing a security culture? Start with an assessment of actual security risks in your library. Remember that you’re focusing on criminal and uncivil activities, and their effects on library employees and operations. In a North American public library, your assessment might include:

• Theft of personal property: purses, briefcases, laptops, overcoats

• Theft of books and other library materials

• Mutilation of library materials

• Vandalism, including tagging

• Breaking into restricted areas

• Eating and drinking violations

• Inappropriate behavior toward library employees and other patrons

• Inappropriate behavior in washrooms

• Flashing

• Uttering threats

• Carrying concealed weapons (e.g. knives)

• Stalking patrons and employees

• Distribution or use of banned substances

• Hiding in the library after closing time

• Hacking into library systems

• Robbery or threatening behavior in parking areas

8.3 Assessing and mitigating the risks

The frequency of specific kinds of incidents varies from library to library. If you’re close to a neighborhood where drug dealers conduct business, expect them to investigate your library for sales opportunities. When a fast food outlet opens down the street, you might find more burger wrappers and pop cans in your stacks. If the bar on your block offers irresistible happy hour deals, prepare to deal with the excessively happy.

You might not need to worry about these particular risks, but no library is absolutely secure. Inevitably there are exposures, particularly in our wired age where even small libraries have websites. Data tampering and loss is a major concern for all libraries. Fortunately data backup is a simple and easily managed process that any automated facility can implement.

Data backup is a form of mitigation. For each security risk, there will be mitigation measures. It may be difficult to eradicate a risk, but it is usually possible to mitigate it by instituting new procedures, installing security technology, or adopting a combination of these.

After your security assessment is complete and before you begin a mitigation program, you might wish to develop a library security policy. Keep it simple. It needn’t be more than a page. In it, you can state your library’s definition of security and your intention to maintain high security standards for all employees, patrons, assets, and facilities. Remember to make a distinction between security matters and occupational health and safety audits, disaster planning and crisis management. The latter are essential, but to mix them and security together is to muddy your library’s overall risk management.

Your mitigation program should address every security risk that you’ve identified in your assessment. Some risks have immediate mitigatory solutions. For example, you can decrease loitering in your washrooms and parking areas by setting up patrols and installing better lighting. Regular updating of firewalls and antivirus software is essential for systems security. Locking off restricted areas will discourage most intruders. Other risks are more difficult to mitigate. Tattle-Tape systems don’t always discourage book thieves. Many have learned how to remove the tape from book spines with tweezers. Others leave the library via staff doors and windows. Nevertheless, libraries can ban books and other materials from washrooms, and thus frustrate thieves who need a cubicle in which to remove that spine tape. Employees can be put on alert for known thieves, who do not like attention and will eventually avoid libraries that recognize them for what they are. These solutions are not perfect, but they are the first steps to manage risks and control losses.

8.4 Keeping up with changing needs

Often it is not possible to implement a mitigation program all at once. Developing a security culture takes time and money, which are not always instantly available. Thus it is often necessary to spread the implementation of new security technology and training programs over a couple of years or more. Too many libraries have treated security like a one-time purchase, which it is not.

Rather, it is an ongoing process. The security procedures that you adopt now will not be effective indefinitely. With the development of new library facilities, services, and technology, you will be forced to respond to different circumstances. Security risks at your sites might change, becoming greater or less prevalent. You must deal with your current circumstances whatever they include, and so regular updating of security procedures is necessary.

Updating is a task often left to consultants. In my consulting practice, the goal of auditing and updating a library’s security plan is to reduce its bulk. I have no use for enormous binders that nobody wants to read, and take pleasure in reducing vast heaps of verbiage to a slim file of point-form instructions. Even these are no replacement for intelligent action and the resolution of security problems in the library’s best interest.

And what about that risk of library looting in Kelowna? Highly unlikely. Looters prefer retail outlets. Besides, even Kelowna’s criminals will obey an evacuation order, especially if the blaze gets close.