Director Briefing - July 7, 2025

Reach Out, Read On: Alternative Delivery Grant | Now Available

As shared last week in Local Book Delivery Programs: Funding Opportunity in Development, we’ve been reviewing the long-term sustainability of the System’s Books by Mail service. Based on feedback from member libraries and an internal review of costs, usage, and overall impact, we’ve made the decision to conclude the OWWL Library System’s Books by Mail and Books to Go programs on September 24, 2025.

We’re proud of the pilot program’s reach and grateful for the opportunity it gave us to connect with homebound and geographically isolated patrons. But as a centralized service, Books by Mail has limitations—especially when compared to the responsiveness, creativity, and local expertise our libraries already bring to outreach.

This isn’t the end of delivery—it’s the beginning of something new.

We’re excited to announce the launch of a new grant opportunity to support your local efforts:

Reach Out, Read On: Alternative Delivery Grant

Application Deadline: September 1, 2025

This one-time seed or pilot grant is intended to help libraries test or expand new ways of getting library materials directly to patrons. Projects must serve at least one of New York State’s nine targeted outreach populations. Funds may be used for things like postage, mileage reimbursement, promotional materials, or limited temporary staffing.

Eligible project ideas might include:

• Book delivery for homebound patrons
• Bulk lending to residential facilities or daycares
• Drop-offs at food pantries or senior centers
• Neighborhood-specific or community-based delivery models

We’re here to help workshop ideas, talk through logistics, or connect you with sample materials. Just reach out to Piety if you’re interested.

Action Item: Please remove all Books by Mail promotional materials or website links from your library’s digital and print communications.

Thank you for helping us pilot this service and for continuing to find meaningful ways to reach your communities. We’re looking forward to seeing the local solutions you develop next.

If the application does not populate above, visit the direct link here: https://forms.gle/LMmkMnxG1nT6qizJ7

Library Card Order – Due July 18

Kelly will be placing a library card order by the end of this month. Please check your current supply and plan accordingly. The next order will not be placed until January 2026.

Please use the following link to place your order: https://docs.owwl.org/Members/LibraryCardPurchase

We are offering the Booklet logo again if you are interested. I’ve attached logos of both card designs we offer.

The order form has been updated, so please make sure you select the correct logo for any of the following options:

• Cards
• Fobs
• Combo (card + fob)

You are welcome to order both designs if you would like.

I am currently waiting on Bristol ID to provide updated pricing. The order form will be updated as soon as that information is available.

Please submit your order no later than Friday, July 18.

If you have any questions, please don’t hesitate to reach out!

Reminder: Oath of Office for July-June FY Libraries

Pursuant to New York State Public Officer's Law §10 , all public library Trustees must take and file an Oath of Office within 30 days of the start of their term. If an oath isn't properly taken and filed on time, the Trustee's position is considered vacated (per NYS Public Officer's Law §30(1)(h)). This applies to new Trustees as well as to incumbent Trustees beginning a consecutive term.

If a Trustee started their term on July 1, 2025, their oath of office must be filed before Thursday, July 31, 2025, or they will no longer be on your Board.

Please let me know if you have any concerns about oaths of office. There are various ways to correct issues if they come up.

While oaths of office are not required for Trustees of association libraries, it is a good practice to take and file them, regardless, as a public demonstration of accountability and transparency.

NYLA Library Skills Academy

For anyone who would like an overview of libraries, including your staff, NYLA provides the Library Skills Academy annually. The cost is $200 for NYLA members, $240 for nonmembers.

Library Skills Academy is open to individuals already working or newly hired in libraries, or people interested in working in public and academic libraries.

This eight week online program runs Tuesday, August 19 - October 7, 2025 with sessions such as: Public/Customer Service, Technical Services, Introduction to Program Development, Outreach, Promotions, and Advocacy, among others!

Visit their website to learn more: https://www.nyla.org/library-skills-academy

Phishing Notice

There has been an uptick in phishing emails in the last week. Kelsy sent out the below warning:

Example 1:

As you can see from this screenshot, the cybercriminal was able to "spoof" this email so it looks like it came from Sheila's email account (and also sent to her email account). Not many cybercriminals bother with this step, but I thought it was a good reminder that we can't always trust the sending email address and should look for other signs of phishing. In this case, those signs are:

• The generic greeting ("Dear palmyralibrarydirector@owwl.org")
• The strange capitalization of "Kindly" and "You"
• A sense of urgency ("If no action is taken within 24 hours") followed by a consequence ("you will be logged out of your mailbox")
• The random "All Rights Reserved" thrown in at the end

Example 2:

The other reports received today were the same message but sent from different email addresses.

In these cases, the cybercriminal did not attempt to spoof the sending email address, so we can see that these emails actually came from domains in Chile (.cl) and Spain (.es). Legitimate communication from OWWL will always come from an @owwl.org email address.

We also want to clarify that we do not "queue" files. If you are logged into Zimbra and open an email with an attachment, you can view or download that attachment without needing to log in again.

These phishing emails included an attachment called "Zimbra Web Client Sign … .htm". This is a good reminder: never click on or download attachments unless you recognize the sender and are expecting the file. This was likely an attempt by a cybercriminal to gather Zimbra login credentials (usernames and passwords).

If you receive any similar emails, please mark them as spam to help the Zimbra filters.

As always, feel free to forward any email you are unsure about to support@owwl.org and we're happy to take a look.

LibCal | Multi-Factor Authentication Required December 2025

For our LibCal libraries, multi-factor authentication will be required starting December 1, 2025.

Multi-factor authentication (MFA) is a way to make accounts more secure. At each log-in, LibCal users will need to input their username, password, and a unique code sent to a secondary account (such as an email or phone) that "expires" after a short period of time.

This means:

1. All staff who use LibCal will need their own account. The process for setting up individual accounts takes about one minute.
2. All LibCal accounts must set up multi-factor authentication (MFA) before December 2025. However, the sooner the better, so everyone can get comfortable with the process.

Your MFA options are to use an authenticator app OR have LibCal send a code to the email associated with your account during each log-in.

To set up MFA for an existing account, see this blogpost for more information. The direct link to set up MFA is here: https://pls-net.libapps.com/libapps/account/mfa

Contact Piety to set up individual accounts for your staff members, or if you have any LibCal questions.

This Week in OSC Audits

Each week, the Office of the State Comptroller (OSC) releases audits that, while focused on school districts, fire departments, or municipalities, offer important insights for libraries—especially regarding financial oversight, procurement, and compliance. This week’s reports highlight key areas that library boards and directors should review.

Key Takeaways for Libraries

Conflicts of Interest Must Be Properly Disclosed The Livonia Central School District audit revealed that a board member did not disclose a conflict of interest while approving payments to a family member.

• Library Application: Trustees and staff must complete annual conflict of interest disclosure forms and abstain from discussions or votes where personal or family relationships may present a conflict. Review and update your Conflict of Interest Policy annually and keep documentation on file.

Competitive Procurement Must Be Documented The Churchville-Chili Central School District audit found over $420,000 in purchases that lacked required quotes or bidding documentation.

• Library Application: Libraries must follow General Municipal Law and their own Procurement Policy for all purchases. Maintain written records of quotes, bids, or piggyback agreements, and provide justification when competitive bidding is not required.

Corrective Actions Must Be Followed Through In the North Amityville Fire Company follow-up audit, OSC found that although a corrective action plan was filed, many of the proposed steps were never implemented.

• Library Application: If your library has received recommendations from an audit or internal review, make sure they are actually carried out. Assign responsibility, document actions taken, and revisit progress regularly.

Environmental Health Requirements Cannot Be Ignored The Moravia Central School District audit found failures to test and report lead levels in drinking water.

• Library Application: Libraries in municipal or school buildings should confirm water testing is being handled. Independent facilities may need to comply directly with NYS Department of Health regulations for public water safety—especially if children use your building regularly.

Suggested Library Actions

• Review your Conflict of Interest Policy and ensure annual disclosures are on file.
• Revisit your Procurement Policy and confirm current practices comply with GML §103.
• Follow up on any audit or consultant recommendations—don’t let them sit on the shelf.
• Verify building safety compliance, including lead testing, especially if your library owns the facility.

These simple practices help build public trust and ensure strong, accountable operations.