Director Briefing - April 15, 2024

2024 FFRPL Grand Funds from Kelly

If you are interested in contributing your 2024 FFRPL grant funds you receive this year to the System's Overdrive T-Fund account, please complete the attached form and email it back to me. At the end of the year I will provide a summary of how many e-books and audiobooks your library purchased, which will need to be reported on the FFRPL Annual Report.

I will send an invoice once I receive your form.

Just a reminder to please set up a separate revenue (FFRPL Grant Revenue) and expense (FFRPL Grant Expense) account to help with tracking these funds to keep them separate from your normal operating expenses. Also, when reporting this money on the Annual Report, the grant money should be reported on 11.14 Gifts and Endowments and the expense will be reported on 12.7 Electronic Materials Expenditures.

If you have any questions, please let me (Kelly) know. OverDrive Tummonds Fund Commitment Form 2024

Mediated Computer Purchasing from Bob

This month we have a price increase for Staff desktops and laptops. Based on feedback from several libraries we have upgraded the memory (RAM) on staff desktops and Laptops to 16 GB. It has become clear that 8GB of RAM is not enough for Windows 11 and can cause severe slowdowns.

Based on the difference in RAM costs we have brought back the Low-end Dell option for OPAC and Self Check computers.

For the time being we are leaving public computers at 8GB. The average patron has shorter sessions running fewer applications simultaneously.

The new order form is dated 4/09/2024.

https://docs.owwl.org/Members/MediatedComputerPurchasing

Please share with staff members that order computers and let me know if you have any questions.

April 2024: Good Things, Small Packages

New NYLA Voice piece from Suzanne.

En route to the PLA 2024 Conference in Columbus, Ohio I was listening to the book Glossy: Ambition, Beauty, and the Inside Story of Emily Weiss’s Glossier by Marisa Meltzer. An interesting recount of the rise and near-fall of a woman-founded direct-to-consumer cosmetic brand, it is chock-full of takeaways about leadership, communications, workplace culture, and adapting to change. Amid the thought-provoking narrative (ex: Yes! The term “Girl Boss” IS ridiculous and needs to be retired.), I was especially keen on the above quote, specifically, “It’s either a good date or a good story.” Read More.

Director Briefing Distribution List

To respond to some requests that have come in, email me if you would like your Board President, Assistant Director, or other key staff member to be included on the Director Briefing email list.

March 2024 Usage Statistics from Kathryn

You can now find the March 2024 usage statistics for OverDrive and our databases in OWWL Docs:

https://docs.owwl.org/Members/EResourcesStatistics

RRLC is Now Accepting Nominations

Library of the Year

This year, the nominations for the RRLC Library of the Year Award come from you, library staff! Nominations must be self-submitted by library staff and from any RRLC public, school, academic, or special library. Library staff may submit one nomination per library.

Learn More and Nominate Your Library!

Library All Star

Do you know of a library staff member that deserves recognition for their outstanding service? Staff at RRLC member libraries are invited to nominate their colleagues to be chosen as a RRLC 2024 Library All Star!

Learn More and Nominate Your Library All Star!

Library Award winners will be chosen by the RRLC Board of Trustees in June. Awardees will be honored and invited to attend the RRLC legislative event this coming fall.

All nominations must be received by 11:59pm on April 24, 2024. Email RRLC@rrlc.org with any questions!

This Week at the OSC:

Accounting and Reporting Manual (ARM)

Accounting and Reporting Manual (ARM) for Counties, Cities, Towns, Villages, Libraries and Soil and Water Conservation Districts in New York State

The Accounting and Reporting Manual (ARM) is a comprehensive accounting and financial reporting guide for Counties, Cities, Towns, Villages, Libraries and Soil and Water Conservation Districts in New York State. It has been updated to reflect changes in accounting guidance. Additionally, County, City, Town and Village account codes and definitions have been removed from the ARM and are available in the online Chart of Accounts Query.

April is Financial Literacy Month

Every dollar counts to New York’s households and that’s why State Comptroller DiNapoli is committed to expanding financial literacy by spreading the word on how to better manage money and expenses. Comptroller DiNapoli is also advocating for New York’s students to be able to take a personal finance class in high school and for it to be a requirement for graduation. To this end, the Comptroller’s office has met with the State Department of Education, school superintendents and the Board of Regents who is now considering the measure. Akron High School, near Buffalo, is one of the few high schools with a semester-long personal finance course and was recently featured on WKBW.

“Financial literacy can be an important step toward getting a better job, improving one’s quality of life, and attaining financial stability,’’ said Comptroller DiNapoli. Read More.

HBR: Tip of the Day

Are You Micromanaging Your Team?

Are you a micromanager? Especially if you’re a new manager building your confidence and leadership style, check in with yourself and ask these three questions to ensure you’re not leading with a grip.

Am I always giving my team advice? There’s nothing wrong with giving your team members advice in situations that truly require it (high-stakes projects, urgent issues, or new processes that require more hands-on guidance). But in most cases, your goal should be to help people develop their own approaches. Use your expertise to ask teaching-oriented questions that will help your direct reports grow.

Do I need to approve every decision my team makes? Don’t be a bottleneck. Make a list of high-stakes decisions you need to oversee or approve and lower-stakes items you can delegate to trusted employees. Remember: Delegating isn’t just saving you time—it’s giving your employees a chance to learn.

Do I approach feedback as a one-way street? Use your one-on-one check-ins to turn feedback discussions into a dialogue. Give your reports a chance to evaluate themselves before sharing your evaluation. And be proactive about asking your team for feedback on your leadership.

This tip is adapted from "Are You A Micromanager?" by Julia Milner

2024 Woman of the Year for the 133rd District: Fernanda Astiz

Fernanda from Mount Morris has been recognized by the New York State Assembly and Governor Kathy Hochul as 2024 Woman of the Year for the 133rd District.

Congratulations, Fernanda!

Account and Password Security from Dan

Dan sent a comprehensive email on account and password security at the start of the month. Here's a refresher:

Accounts

Anyone who uses Evergreen must have their own account.

You should use your own account when you use Evergreen.

Bonus for directors: You should inform us when you need new staff accounts and when accounts should be deactivated. Please try to be on top of letting us know when staff leave; all you need to do is fill out the Account Maintenance Request Form on OWWL Docs. Having inactive staff accounts on the books is one of the most frequent practices that subjects of OSC audits get dinged on. Starting this past January, you've started receiving a monthly report that lists staff Evergreen accounts at your library that haven't had any activity in a while. If you haven't received this report, congratulations! You're probably doing everything right. You can also double-check your library's staff Evergreen accounts using the ad-hoc Staff Listing report.

Passwords

You should have secure passwords for your accounts. We have a full list of password requirements and resources available on OWWL Docs. The most important parts are below:

Passwords used to access systems that contain patron PII (Personally Identifiable Information) shall be:

- Randomly generated;

- at least 12 characters long;

- unique; and

- should contain some level of complexity.

The passwords you use for your accounts should never have been used anywhere else (personal accounts, past jobs, etc.). Even your OWWL Mail and Evergreen passwords should be different.

You may want to consider using a diceware password. These can be relatively easy to remember, especially if you make up a story about the words that you randomly generate. We have more resources linked on the page above. Here's an example of a diceware password: nearest-gopher-uplifting-rotten-cape

Finally, you should never save your password on a shared computer browser's password manager. We have more information about how to disable password saving on OWWL Docs.

Oops, I haven't been following the policy

That’s OK! This is a great opportunity to update your passwords and practices. If one of your passwords does not comply with the above policy, you should set a new password.

To reset your OWWL Mail password: Click on your name at the top right of OWWL Mail, then select "Change Password."

If you have forgotten your OWWL Mail password: Your director should email support@owwl.org and should note the email address and that the password has been forgotten.

To reset your Evergreen password: Follow the same procedures as for "Logging on for the first time" on OWWL Docs .

If you have forgotten your Evergreen password: You can use the same procedures as for "Logging on for the first time" on OWWL Docs *. These procedures are exactly the same for resetting your Evergreen password OR if you have forgotten your Evergreen password.

These password reset procedures aren't just for now; they're for anytime you may need to reset your password.

Why is this important?

Here are just a few of the higher profile incidents involving library service disruptions or library data breaches from the past year:

- Investigation into full extent of ransomware attack on Toronto Public Library still underway . "In final report to its board, library says cardholder data may have been accessed in affected file server"

- Douglas County Libraries hacked by overseas criminal group

- British Library hack: Customer data offered for sale on dark web

- Dallas Public Library system back up weeks after ransomware attack

- Wi-Fi, e-books and other library services are back after November cyberattack, Long Beach says . "Weeks after a cyberattack disrupted many of Long Beach’s systems, digital services at all of the city’s libraries are back up and running, according to an announcement today."

These are disconcerting, especially given the context of our current cultural climate. While our profession remains one of the most trusted in the country , it is difficult to ignore that libraries have increasingly become a political target, resulting in what the ALA has described as a surge in censorship attempts. Given this climate, please consider:

- An incident disrupting our services or involving unauthorized access to patron data has the potential to erode trust in your libraries and in the System. None of us needs that right now.

- Because libraries as an institution have seemingly become a political target, there is now a greater potential for us to be a target for hackers with an agenda and not just a hack of opportunity.

- It seems more vital now than ever to protect the privacy of our patrons, especially those who are accessing materials that are targets of censorship attempts.

You may not think that your username and password credentials are that important, and may even think that not that much damage could be done with your logins. What you need to know is that a sophisticated enough attacker who has any staff member's Evergreen credentials could potentially access our entire patron database programmatically, may be able to delete all of a library's holdings with a few lines of code, and could certainly find even more exciting ways to wreak havoc. We're just as likely to end up having a security incident as Douglas County, or Long Beach, or any of the dozens of other libraries and consortia that have suffered data breaches over the past year, so a "this kind of thing wouldn't happen to us" mindset should be avoided. We don't want to be a headline for the wrong reasons.

The policies and controls put in place primarily in the OWWL Library System's Systems Access and Confidentiality of Library Records Policy have all been based on practices recommended by the American Library Association, the National Institute of Standards and Technology, and other standards organizations. We did not make anything up from thin air; it's all based on recommendations, legal requirements, and trying to stay a step ahead of the Office of the New York State Comptroller. We have tried to come up with policies that are as easy as possible to work with while still adhering to basic necessary practices to maintain secure systems. These policies were not a labor of love: They are not fun for anyone, and they are a drag for us to implement. At the same time, the practices defined by these policies are essential to ensuring that we're doing the bare minimum to protect our patrons' privacy.

Thank you

Thanks for reading and considering all of this. This is something we need your help with because our security as an entire system, and the privacy of all of our patrons, is only as strong as the weakest password and security practices.

Please let us know how we can help you, too. Kelsy regularly runs systemwide trainings on passwords, and can also offer library-by-library training on passwords. Email support@owwl.org to request a training at a time that works best for your staff.

If you have other ideas for how we can help make the System’s account and password policies more manageable for your library, or if you have any questions, please email support@owwl.org.