Dear Dr. Steve - Our Code of Conduct prohibits patrons from sleeping in the library. Our staff is quite lenient on this issue and they usually just “verbally nudge people awake” and remind them about the rule. There are some patrons who come here just to sleep and when staff wakes them up from an obvious deep sleep they say, “I wasn’t sleeping! I was praying or meditating and you disrupted me!”

This seems like a highly prepared answer, of course, and it kind of catches staff off guard, like it really was their fault for disrupting this patron’s worship or mediation. What should we do?

Dr. Steve Albrecht: “This does sound like an answer that patrons who have been told repeatedly not to sleep have carefully crafted to shift the focus from their behavior on to the staff who is “harassing” them. In my world, this is known as an “excuse,” not a valid reason, and as such, we should treat it like any other excuse by not arguing back and forth as to who was doing what, but by “putting a fence around the excuse,” and moving on to the solutions.

Here are the steps, using my ARC tool:

• Acknowledge what they just said, without having to agree or disagree that was what they were doing: “Oh, okay. I thought you were sleeping. I can see how that might be confusing for both of us.”
• Reaffirm/Remind them of the no-sleeping policy, even if you have told them many times before: “I think we might have already talked about this, and if so, I just wanted to tell you again, you cannot sleep in the library.”
• Commit/Conclude: “I know you want to follow the library rules, right? So you can use and enjoy the library without being asked to leave, right? Can I get your promise to follow that guideline for me, so you can stay? Thanks.” 

Here’s a fun exercise, one that will help you connect to a wider variety of your patrons: 

Step 1 - Create a list of the Top Three most common languages spoken in and around your library, by the patrons you serve. (Just one language is too easy; four is too hard.)

Step 2 - Do your usual “skilled library professional research” and develop a list of the most common phrases in those languages. Memorize them and have them at the ready (or on a cheat sheet) when you encounter patrons who speak those languages besides English. 

Thanks to a total of six years of classes through high school, college, and graduate school, I speak Spanish fluently. (Living most of my life in San Diego helped me practice every day.) In terms of skill level from best to needs-improvement, for me, it’s reading, speaking, writing, and hearing it. That last issue is my biggest challenge, since native speakers talk quickly, especially when they hear me speak Spanish and think I understand them fully. I have to say, “Por favor, mas despacio,” more times than I’d like.

Thanks to being an Albrecht (a name in Germany as common as Smith is here), I can speak enough German to get by there. It came in plenty handy on our river cruise through Holland, Germany, France, and Switzerland this past May. “Entschuldigen, wo sind die Brezeln?” or “Excuse me, where are the pretzels?” 

With my mother’s side being from Finland, I can say, “Good day,” “How is it going?,” and “What’s happening?” plus a few dozen swear words. Finnish, to quote a part of a line from Philip Seymour Hoffman’s office rant scene in “Charlie Wilson’s War,” is not that handy here in Missouri. 

My dad speaks German, Spanish, Japanese (including being able to write a few dozen kanji symbols), and even a little Mandarin Chinese. He’s a good enough speaker/listener to travel to those countries regularly and stay comfortably hoteled, fed, and explained to, by native speakers. 

Many years ago, I had a challenging coaching session with an employee from Thailand who was in jeopardy of being fired, due to his conflict with another employee. I memorized how to say, “How are you? My name is Steve” in Thai. (Phonetically, it’s “Sa-Wat-Dee-Khrap, Pom-Chue-Steve.”) When he heard me, he smiled, bowed, and thanked me for my effort to connect with him in his language, however briefly. We worked it out, he kept his job, and I picked up a few new phrases from him as well.

The old adage that people from other countries actually like it when you try to speak a few phrases of their language is universally true. It just helps to demonstrate your respect for their heritage, it can lower the emotional temperature in a potentially conflicted situation, and it shows you care enough to have done the research and memorized the words. 

The most common languages spoken in many US neighborhoods are Spanish, Chinese, German, Arabic, Hindi, Tagalog, and French. Of course, where you are geographically is the biggest indicator. Some of these languages are quite challenging, so start memorizing these phrases in the three languages you pick:

Hello/Goodbye
How is your day going?
I’m learning this language. 
How can I help you?
Can you teach me some common phrases?
How do I say, “Please speak slowly?”
Thanks/Thank you/You’re welcome.

Our connection with people is built on mutual communication that is respectful and that shows listening skills on both sides. A little patience, a little practice, and a little courage to try what you are learning can really set the most positive tone with the patrons you serve.

Hyvää lomaa! (Happy holidays in Finnish.)

An AskDrSteve@Library20.com submission about getting all-staff buy-in for emergency-related training:

“We do bi-monthly trainings via PowerPoint for safety topics (Medical Emergencies, Tornado/Severe Weather, Code Adam, Active Threat, Personal Safety/Building Evacuation, and Bomb Threats).

"We had some employees complain about having to 'do the same stupid training each year.' I update any changes each time I send out the PowerPoint. I understand that in an emergency, the only way you are going to have any idea what to do is to go over the options repeatedly. Is there any way to get more buy-in, or do I just figure that some people just like to complain?

"Thank you so much for your presentation! I've got some things to work on."

From Dr. Steve Albrecht:

“Thanks for your note on my session. I would say that hearing about emergency, crisis, or rare events planning and policies is like going to the doctor and hearing him or her tell us to eat healthy and exercise: same song, same verse, every time. Some employees don't like to hear about subjects that are or make them uncomfortable, so they complain about the repetition as a way to cope with their anxiety. I say keep on keeping on; you're on the right track. Under stress, we do what we have learned, and the shorter the instructions (Run-Hide-Fight, for example) the easier they are to remember and do.

You'll get no kudos for being the voice of reality until there is an event and people do what you have told them.

Regards,

Dr. Steve

After doing a keynote speech for a state library association last week, one of the directors in attendance came up and asked me, “What is a similar type of business to a public library?”

I didn’t need much time to answer because I have been thinking about that very same thing for several years. I said, “Starbucks.” He seemed surprised at first and then he quickly agreed.

I said, “Libraries are a publicly-accessed, community-based business with locations in most cities and counties. They are open long hours and on weekends. It can get quite busy, noisy, and even stressful in a library at certain times, just like at Starbucks. Plus, like them, we get our customers from all walks of life, all ages, races, genders, colors, income levels, disabilities, and orientations. They all want a place to either get a flavorful cup of coffee, get in out of the weather, rest a bit before moving on, use the bathroom, learn something, read something, hear some music, meet someone they already know, or make a new friend, in a safe, open, visible, welcoming place.”

That some libraries have a cool cafe inside or a coffee kiosk out front makes the parallel even more true. I see plenty of pre-teens and teens getting icy drinks in Starbucks, and lots of kids with their parents, especially on the weekends, just like at the library during after-school hours or busy homework or finals times.

Just like at the library, some Starbucks customers come in early and set up their workstations (or nesting areas), with laptops, mini printers, papers, books, and headphones. They count on the free Wi-Fi to work, do a job search, study, or entertain themselves. They could be there from opening to closing. They have their favorite spot inside the coffee shop and the library and can get a little (or a lot stressed) if there is already someone in their place, using the available power plug. Conflicts between library patrons, like an argument between Starbucks customers (“You cut in line! You took the last Everything bagel!”) are similar.

And because the library and Starbucks accept all who enter, both places can occasionally get eccentric, unruly, impatient, demanding, drunk, or threatening people. Most libraries, like most Starbucks, are not overstaffed, meaning a small number of shorthanded employees may have to handle a lot of challenging tasks (quickly and accurately) and people (some of whom can have mental health or sobriety issues), which makes them uncooperative when asked to leave.

Clearly, Starbucks and libraries have had their share of homeless people asking for money outside the doors and inside their facilities. Both places have had thefts of customers’ personal properties. Both places have had vandalism incidents.

Starbucks has had to deal with opiate drug users using their restrooms to shoot up (way too many YouTube videos illustrate this problem, especially when they put their drug-taking equipment on the baby diaper-changing tables). Like some libraries, some Starbucks locations have had to call paramedics to assist with life-saving measures for fentanyl overdosers.

Back to the positives for both: Starbucks and the libraries have theme days, nights, weeks, and months (often having to do with PSLs - Pumpkin Spice Lattes), where they honor specific community members. Some Starbucks have programs, musical artists perform, and encourage groups to come (church members, road cyclists, soccer teams) and use their stores as a safe, easy-to-find, comfortable, gathering place. And just like the libraries, they see themselves as longtime members and ongoing participants of a part of a city or town, large or small, for years to come. (Have you ever seen a Starbucks close for lack of business? One location in my city has at least eight cars in the drive-through line every time I pass it.)

To run a safe and secure location, each Starbucks has customer service training for their employees and rules of safe use for the customers, like libraries have staff training and a Code of Conduct.

Did I leave out any other parallels between the library and Starbucks? Please post your thoughts in the Comments and think about the similarities the next time you get a PSL in a cup with the green Siren Mermaid on it. (You can read more about her https://stories.starbucks.com/stories/2016/who-is-starbucks-siren.)

[Patrons watching pornography in the library can range from an irritating behavioral problem to an actual federal crime. So what do we do to enforce our Internet and Wi-Fi policies? Dr. Albrecht has written this article for the September 2023 issue of Computers in Libraries magazine. Our thanks to Executive Editor Dick Kaser, for allowing us to publish it here. The oroginal is at https://www.infotoday.com/cilmag/sep23/Albrecht--What-You-Need-to-Learn-About-Porn-and-Patron-Safety.shtml.]

One of the more vexing issues in public libraries is the viewing of pornographic photos and videos by patrons. Either these images are searched and viewed on the library’s network using a library-provided desktop, laptop, or tablet; the patron looks at them on their own laptop, tablet, or phone (using the library’s Wi-Fi connection); or the patron brings their own imagery on their own device and doesn’t require internet access. It’s even possible that the patron brings pornographic magazines into the library.

Several issues arise when it comes to this behavior. Is it a “reasonable use/free speech application” by the patron—meaning viewing pornography is not addressed or cannot be enforced by the library’s internet usage policy or code of conduct? Does it not bother other patrons or staffers, meaning its business impact on the library (always a good measure to use when evaluating patron behaviors) is minimal? Or does it irritate patrons or other library employees? Might it lead to a physical confrontation with a parent who has brought their kids to the library on a Saturday and doesn’t want them walking by and seeing what is on this person’s screen?

From an internet usage perspective, does the patron’s ability to look at internet porn mean that they have defeated the filtering software installed by the library’s IT department or vendor—and therefore violated policy? (The sophistication of some of the filtering programs seems to range from quite vigilant to easy to defeat.)

Why It Happens

Why do people watch porn in the library? The short answer is because they can, especially if that content is not filtered. The longer answers are more complex. It’s likely that they enjoy the thrill of doing something prurient, or they like the attention, even if it’s negative, from staffers or other patrons. It’s even more probable that they enjoy being provocative, want to annoy others, and like pushing decency boundaries, especially in a public place.

It’s possible that they are homeless, don’t have internet access, and/or can’t watch it at their home or workplace. Maybe they are not allowed to, or they fear the consequences of being discovered. It could be that they don’t have a cellphone, tablet, or laptop—and the library does. They could have an addiction to pornography, a specific sexual paraphilia, or a mental illness connected to compulsivity. These typically male patrons tend to be both chronologically and sexually immature.

The rationalizations and excuses made to staffers, when confronted, include:

“I’m not bothering anyone. Leave me alone!”

“It’s my First Amendment right to look at what I want.”

“It was an accident.”

“I can’t help it. I have an addiction.”

“It’s no big deal. People are too uptight.”

“I’m doing research. I was just curious.”

“I’ll turn the screen away.”

“Tell people not to look at my screen.”

Defining Child Pornography

Probably the most concerning issue is legal and moral: How do we respond, as library professionals, if we suspect the patron is viewing (and is therefore in possession of) what appears to be video or photo images of child pornography? We already know pornography is legal and child pornography is not. Unfortunately, the age difference in the imagery is not always clear.

The U.S. Department of Justice website states, “Child pornography is a form of child sexual exploitation. Federal law defines child pornography as any visual depiction of sexually explicit conduct involving a minor (persons less than 18 years old). Images of child pornography are also referred to as child sexual abuse images. Federal law prohibits the production, distribution, importation, reception, or possession of any image of child pornography. A violation of federal child pornography laws is a serious crime, and convicted offenders face fines [and] severe statutory penalties …” (rb.gy/60x38). All states have child porn prosecution laws equivalent to the federal statute. The usual federal response is to seek to prosecute suspects with 500-plus images—an “egregious offender”—in which the punishment is 10 years in prison. Other states may have lower possession numbers that will result in a prosecution.

If we divide internet pornography into two zones—sites that are accessible by anyone (with or without using a search engine) and those that are hidden—it’s less likely that the porn site industry leaders (who get millions of daily visitors) will have obvious child pornography images. This is not because they are excessively noble or vigilant about every photo or video they upload, but because the consequences of child pornography possession and distribution to their thriving, multimillion dollar companies would be severe: prosecution, mainstream and social media coverage, public shaming, being sued by victims or victim advocacy groups, and being forced out of business. These adults-only sites want to keep child pornography away so they can continue to flourish economically. Instead, the illegal content typically dwells at the hidden level. Those who know how to navigate to these sites may want to use library computers to do so.

Statistics on the internet as to the prevalence of pornography sites by overall percentage vary wildly, but the best estimate seems to be that about 4% of all internet sites (about 8 million) are X-rated in content. There may be child pornography imagery on these sites, of course, but it appears to have migrated from the deep web to the dark web. According to the data security firm CrowdStrike, “Simply put, the deep web is any part of the net that is not indexed by search engines. This includes websites that gate their content behind paywalls, password-protected websites, and even the contents of your email. The dark web, on the other hand, uses encryption software to provide even greater security” (rb.gy/nhib3).

While national governments around the world do their best to discover encrypted images, the use of video and image steganography software makes this both difficult and an ongoing battle. Steganography is the process of concealing information within another message or physical object to avoid detection, like how the Greeks used invisible ink to send coded messages more than 2 millennia ago. To transmit child pornography, perpetrators send seemingly innocent photos or videos, which are then downloaded, decoded, and opened via an electronic key that only the sender and receiver have.

Approaches to Internet Policies and Enforcement

For most municipal libraries, there are five common approaches for how they allow patrons to access the internet, either through the library’s devices or its Wi-Fi, or if the patrons use their own devices:

1. They filter the internet and enforce their policies on screen content.
2. They filter and don’t enforce their policies on screen content, allowing their software (and the bypassing skills of the patrons) to decide what is available.
3. They don’t filter content and enforce their policies on screen content using staff vigilance.
4. They don’t filter and don’t enforce their policies.
5. They only filter PCs in the children’s section, not the rest of the library

Internet use policies might naturally differ at law libraries, medical or research libraries, or even college and university libraries, but there is no reason to assume that the problem does not exist there. It’s understandable that most library staffers would rather not have a discussion with patrons who are both out of compliance and viewing pornography. It takes courage to confront behavior that is against policy or out of compliance with the code of conduct in general and viewing pornography specifically.

Best Practices for Prevention and Safe Staff Interventions

Here are some tips for dealing with the situation:

✓ Set early behavioral boundaries based on both your internet use policies and code of conduct.

✓ If possible, warn teenagers in the library that sharing pornographic imagery through their texts, phones, tablets, or laptops can be a crime for both the sender and recipient. (Not an easy conversation to have, but it may be a necessary one to save them a lot of legal grief.)

✓ Use a simple deterrent phrase: “You can’t do that if you want to stay here.” Speak in polite but assertive, low tones. Give one warning, and then enforce your policies, including banning chronic violators of the time limit per your policies. (No consequences mean continuation and escalation.)

✓ Update your internet use policies and code of conduct, as necessary, to match the requirements of new federal or state laws. Train and remind staffers to enforce the policies, getting help to change the ratio of confrontation, if needed.

✓ If you filter the internet in your library (including the children’s room), discuss the effectiveness of your current filtering software with your IT department or vendors.

✓ What about changing the room design in which the internet computers are used? Flip some of the internet-access PC screens around to face the wall, instead of facing them out into the open stacks. Install privacy screens or desk dividers.

✓ For cases of either sexual behavior in the library or suspected child pornography, call your local police station. The responding officers or deputies may not know much about state or federal child pornography laws, but they will be familiar with crimes related to sexual behaviors in public places (and may know the patron by criminal history).

✓ It may be necessary for a local, state, or federal law enforcement officer to impound a library-owned computer, tablet, or laptop as evidence. To assist the continuity of the investigation, take all desktop PCs off Wi-Fi, and put any portable devices that have had access to the internet into airplane mode before giving them to the appropriate law enforcement agency for a forensic review. This helps the evidence technicians do their job more effectively.

The Internet Crimes Against Children Task Force Program

For more advice on these concerns, contact your regional Internet Crimes Against Children (ICAC) Task Force Program center for advice, staff training, and, if necessary, an investigative response after making a police report for a patron suspected of possessing or viewing child pornography.

There are 61 task force programs in the U.S., staffed by more than 5,400 federal, state, and local law enforcement professionals. All 50 states have at least one ICAC Task Force Program agency; some states (such as California, Texas, Florida, and New York) have several offices. Their mission is to investigate child pornography and child abuse imagery and locate, arrest, and prosecute the creators and possessors, both in the U.S. and around the world. They provide training, information, and resources to the public and law enforcement. You can get more information at icactaskforce.org.

Libraries receiving discounts under the E-Rate program have been required since 2000 to comply with Federal Communications Commission (FCC) regulations that impose certain requirements on schools or public libraries that receive the E-Rate discount on internet services. These rules were updated in 2011. Among the requirements is the establishment of an internet safety policy that includes technological measures such as blocking and filtering software on devices that are accessible by children to protect them from images that are obscene, constitute child pornography, or are harmful to minors. Other conditions apply, and full details are available at rb.gy/c8v5m.

Dr. Albrecht was interviewed by Steve Thomas, the host and producer of "Circulating Ideas."

"Steve chats with Steve Albrecht, author of The Safe Library: Keeping Users, Staff, and Collections Secure, about how he transitioned from working with law enforcement to libraries, the importance of having a security plan, learning to why assertiveness is the key to maintaining a safe environment, and the culture of cops that librarians need to understand."

https://circulatingideas.com/2023/08/15/245-the-safe-library/

A transcript is included.

By Dr. Steve Albrecht

There are patrons that you serve on a daily or near-daily basis, who see you almost as much as they see their local coffee shop barista. They just love or really like the library and they may really like you. The question is: Can you or should you ever become personal, outside-of-work friends with a patron? Maybe this has already happened with you in your career and it has developed into a nice friendship. Maybe you tried to develop a friendship outside the library and it either never got off the ground or it ended badly. (I’m not talking about developing or initiating a dating relationship with a patron; that’s a complex subject for another day. And while dating equal-level co-workers has a number of potential hazards, dating a subordinate is usually prohibited by HR policy and bad for business.)

Perhaps it’s best to start with defining some categories of people in your life: your lifelong best friend, who knows all about you and vice versa; your really close friends, who you shared lot of your life and who you spend most of your time with; good friends, who you don’t see or talk to enough, because of mutual busyness or geographic distance, but when you do reconnect, talk by phone, or meet for coffee, it’s like old times; work colleagues, whom you may or may not socialize with on occasion outside of work; friends of your spouse or partner, who you know but don’t hang out with alone; acquaintances, who you know from your neighborhood, your school days, or in passing, that you say hello to or make polite conversation with, but never see otherwise.

A predictive rule of thumb: if you have been to their house more than once, met their spouse/partner and kids; done things socially (movies, picnics, ballgames, concerts, coffee, cocktails, lunches and dinners) or they have done likewise with you, they are probably a good friend. If they are the type of person where you ignore their call on your cellphone, probably not so much.

Not every person in your life has to be a bestie; but it helps to be realistic about the number and type of relationships you can put energy toward, with the time you have. In The Tipping Point, bestseller Malcolm Gladwell cited the British evolutionary anthropologist Robin Dunbar, who suggested five seemed to be the top-end magic number of close friendships most of us can manage. That comes from Dunbar’s research into human relations which says most of us have five intimate friends; 15 good friends (which includes the first five); 50 friends (the 5 plus the 15 plus 30 more); and 150 all total. People who say they have “hundreds of Facebook `friends’” are usually not really engaging with any of them.

As a library employee, becoming friends with a patron outside of work is usually based on shared interests, often centered around the love of books, movies, or video games. Or the book subject in question is an activity you both like - hiking, kayaking, knitting, owning dogs or cats, book club meetings, cooking, eating out at new restaurants, antiques, softball, going to the theater, etc.

The two keys to my discussion here are safety and boundaries. If you want to develop friendships with patrons, start small, pick safe locations and activities, and see how that goes. One initial boundary is that you do not invite that person to your home until you’re certain they are stable, reasonable, and not going to become too intrusive. Some people are good at hiding their neediness at the start of a friendship. Next thing you know, you’re taking them to doctor appointments, loaning them gas money, and trying hard not to give them relationship advice. They should never ask you to put your professional stature at the library at risk or monopolize your personal time.

On a recent drive from the airport to my home, I discovered through small talk that my Uber driver grew up in San Diego at the same time I did. We hit it off immediately and became the type of guys who meet for coffee, go to an occasional movie or ballgame in our new town, and talk about the Good Old Days in our former city. Our “acquaintanceship” is on a good level, just as it is.

Maybe you have the same type of casual, easy connections with a patron or two? Enjoy, with eyes wide open.

By Dr. Steve Albrecht
Originally published in Computers In Libraries Magazine, June 2023

Over the last 6 years, libraries in St. Louis; Boston; Northampton, Pa.; Syracuse, N.Y.; Contra Costa, Calif.; Spartanburg, S.C.; and Butler County, Pa. have all had to deal with outages and disruptions to their servers and data caused by ransomware attacks. In July 2019 and again in April 2022, the Westchester County, N.Y., library system was hit with ransomware attacks. In a news release for the 2022 incident, the library told patrons, “The Westchester Library System informed us yesterday that the public internet terminals’ hard drives need to be wiped. … Considering that there are 500 terminals in 38 different libraries the process will take 1 1/2 to 2 weeks” (bit.ly/401Yi3q). In August 2022, the venerable library supplier Baker & Taylor was hit by a ransomware attack (bit.ly/3YMIzV5).

By this point in our internet lives, we have all seen stories of supposedly secure federal, state, or local government or corporate sites hacked; the hijacking of social media accounts of celebrities; and intrusions of even “unbreakable” password storage sites and smartphone applications. We have moved beyond the need for constant vigilance, deterrence software, and toothless end-user policies. Why is it that even as recently as 2022, the most common passwords—and therefore the easiest and fastest to learn—are still “password,” “123456,” “guest,” and “qwerty?” Have we learned nothing about how easy it is for software programs to guess any password under 12 letters, numbers, or symbols? If a 16-year-old kid from Estonia using a simple brute-force password-cracking program can get into the network of a Fortune 500 company, something is seriously wrong with our cyber-protection strategies.

The Need for Library IT Professionals to Step Up

I have conducted dozens of security site assessment reports for libraries. As part of these projects, I spend time speaking with the IT/information systems (IS) directors, managers, supervisors, and technical employees, asking pointed questions about the strength of their cyber-protections. We talk about software updates; backing up data off-site or to the cloud; preventing hacking; dealing with denial-of-service (DOS) attacks; and even how to train, remind, and encourage all library employees and their patrons to comply with cybersecurity policies and not make things easy for the cyber-predators to steal data, shut down operations, or hold the library’s OSs, payroll functions, or internet access for ransom.

The problem with this approach is that unlike physical security devices that I can see or security operations that I can observe, I can only take the word of the library’s IT/IS experts that all they have told me is true and “everything is fine.” This is their area of security expertise, not mine. This makes me uncomfortable. Not only do I not know what I don’t know, but it’s more likely they feel uncomfortable revealing their real security concerns to me about actual or potential weaknesses in their systems. Their lack of openness to me about real vulnerabilities—including issues senior library management would likely not know or fully understand either, but would want to—does a disservice to us all. It’s time we ask our IT/IS security colleagues in our library systems to own up to their concerns and ask for and get the financial help and—bureaucracy-limiting—support they need to make ongoing improvements, instead of the usual response of trying to clean up the cyberhack after it has happened.

Going After Our Power Grids

We are hearing more about the rising number of attacks on unsecured/unsupervised power stations, as happened in December 2022 in North Carolina and in June 2022 in Washington state. Both left thousands without power for many days. According to a January 2023 article by investigative journalists from the Oregon Public Broadcasting service and the Seattle radio station KUOW, the western power grid—which serves 11 U.S. states and the provinces of British Columbia and Alberta in Canada—“has had more incidents of vandalism, sabotage, and physical attacks during the first 8 months of 2022 then the rest of North America combined” (bit.ly/404Mr4W).

We have also seen disturbing cyberattacks on hospital systems, which have affected their ability to give quality, life-saving care. Most of the cyberattacks on healthcare facilities have attempted to shut down their electronic medical records/electronic health records (EMR/EHR). This has forced the victimized healthcare facilities to revert to pen-and-paper recordkeeping for patient care during the time these systems were hijacked. CNN ran a Dec. 20, 2022, story about this, titled “Brooklyn Hospital Network Reverts to Paper Charts for Weeks After Cyberattack” (cnn.it/3ZP4Xin), and The Washington Post’s “An ‘Unprecedented’ Hospital System Hack Disrupts Health-Care Services,” from Oct. 6, 2022, describes a cyberattack that hit a large healthcare provider with 140 hospitals and 1,000-plus patient care sites in 21 states (wapo.st/3Woc2U1).

One of the most valuable uses of EMR/EHR computer systems is that they help to cut down on human errors in the receipt of medical services, which is a problem that still leads to thousands of patient deaths per year. (This number is in constant dispute by medical researchers, patient advocates, and defenders of their various healthcare providers and systems. Even one medical error leading to a death is too many, and the reliance on computers in healthcare makes hacking and DOS attacks life-threatening events.)

Time for a New Model for Measuring Workplace Violence?

“Workplace violence is the act or threat of violence, ranging from verbal abuse to physical assaults directed toward persons at work or on duty,” according to the National Institute for Occupational Safety and Health (NIOSH). There are four perpetrator types:

• Criminal intent (i.e., involving criminals)
• Customer/client (i.e., taxpayers, students, patrons, patients, passengers, etc.)
• Worker to worker (current or former)
• Domestic violence (involving an employee, for example)

These labels are often used in the policy language of most research, government publications, and law enforcement agencies; K–12 schools; colleges and universities; churches; malls; concerts; and public gathering places, such as libraries. The four perpetrator types help academics and government researchers, security practitioners, first responders, human resources professionals, and those who seek to identify the connection between the attacker and an act. Our constant goal is that by understanding this nexus, we can develop ways to stop them, enhance the security, and improve the way we interact with each group, either as potential perpetrators or as potential victims. (How we treat people—as library patrons or customers who use our facilities and services—can make an enormous difference in their desire for revenge, a major factor that encourages or deters them from making threats or using violence.)

We can now define a cyber-driven workplace violence incident as one that can cause the injury or death of many people because the electronic or internet systems we rely on have been compromised, shut down, or held hostage. It’s time to make the case that a new fifth workplace violence perpetrator type should be cyberattacks, which cause fear, injuries, or the potential for actual deaths. We need more awareness-building through continuous education; better cyber-vigilance, starting in our K–12 schools; and advanced deterrence and denial software and hardware tools to combat what is clearly a growing threat to our peace and our lives. The bad guys should not have more advanced tools and techniques than our government, intelligence, and military agencies. We should not have to worry about the necessities that make civilized life possible—constant electricity, clean water, hygienic sanitation, and healthcare facilities—being extorted and forced into operating as if it were the 1950s.

A DOS attack or a successful ransomware attack isn’t just an inconvenience—it has the potential to be life-threatening. While it may be true that some of our fiercest foreign enemies lack technical sophistication, they can certainly buy the brainpower they need from other countries who hate us too. We continue to see so much in open source news about hacking attacks from China, Russia, North Korea, and Iran, as well as numerous others from unidentified attackers or anonymous nation-state actors. (Imagine what is not publicized by our own military or intelligence services and those of our allies.)

At a Jan. 26, 2023, U.S. Department of Justice and FBI press conference, Deputy U.S. Attorney General Lisa Monaco said, “Using lawful means, we hacked the hackers.” This referred to the government’s takedown of a notorious cybercrime and ransomware network known as Hive. “The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 countries, and has collected more than $100 million in ransomware payments,” according to Reuters. A Canadian researcher working for a cybersecurity company called Hive “one of the most active groups around, if not the most active” (reut.rs/3ZNCBEy). Let’s hope this is the start of our stronger offense, not just a defensive posture, wherein we wait to be cyberattacked.

A Worst-Case Cyber-Scenario

It’s too painful to even think about a darkness falling over this nation, literally. Imagine digital terrorists shutting down the country, using keystrokes from thousands of miles away, not weapons of mass destruction. Let’s consider a worst-case scenario, in which 10–20 midsize American cities have their electric power grids taken down. How could this happen? By targeting their power stations, transformers, and electrical towers—not with bombs that destroy them, but with cyberattacks on the software that runs them. With no electricity, no internet, no basic human needs for water and hygiene met, and no civil protection, our society would crumble into lawlessness and despair—and quickly.

Consider the chaotic environment created if several major U.S. cities were to go completely without power for a week: Hospitals run out of diesel fuel for their backup generators; banks can’t open their vaults or dispense cash from ATMs; burglar alarms stop working after their batteries die; food spoils in homes, grocery stores, and restaurants; no gas from local gas stations can get delivered or pumped; no one can charge their cellphones; water pumps and wells won’t work; sewer treatment stops; there’s no heat in the winter or A/C in the summer; and emergency communications systems at fire stations, police stations, airports, aircraft control towers, and emergency operations centers stop functioning when their backup generators go down.

Think this won’t happen in our lifetime? Southwest Airlines had a major software shutdown over the 2022 holiday season that crippled its operations and reputation. The Federal Aviation Administration’s national air traffic control system known as NOTAM (Notice to Air Missions) had a 90-minute shutdown in January 2023 that created the largest single-event aviation ground stop since the 9/11 attacks. Had enough doom and gloom with just these two non-life-threatening scenarios? If our lives are put at risk, we will enter a Digital Stone Age.

What will happen if they do knock out our power grids, power plants (nuclear, gas, coal), mass server sites, water supplies, sewer treatments, and hospitals? And our libraries? It’s time to make our case for a new fifth type of workplace violence perpetrator: the cyberattacker. Libraries are a component of our national heritage and identity and are part of the strength of our communities. Library leaders and staffers need to do their part, every day, to keep internet and intranet access safe in their facilities.

How Vulnerable Are You? Questions to Ask IT

Library leaders need to have an honest discussion with the IT/information systems (IS) professionals responsible for keeping the library's network, servers, hardware, and software systems protected and in working order. This includes these questions:

• Even if our data is backed up nightly to an off-site location or a cloud-based system, if we were to get hacked, what is the potential for data loss in time? Is 24 hours' worth of data gone? Less? More?
• Have we ever conducted a worst-case scenario drill? If so, what was the scope, and what did the outcome tell us we still need to do?
• Do we make regular changes in our network access systems, so that we don't trade security for convenience with our passwords and with whom we allow to access our servers?
• Is there a complete removal process for server access that IT/IS uses when one of its employees leaves, even under pleasant circumstances? Since many library employees at all levels worked from home during the pandemic, have we removed all remote access capabilities since then? If not, who still has them and why?
• Does the IT director or manager have a physical sign-in/sign-out procedure each time any employee goes into our server room? Have we considered installing a camera over the server room door to be able to see who enters?
• What type of fire control system do we use for our server room? Since halon is usually no longer used, do we have a CO2 or FM-200-type fire suppression system?
• How often is the air conditioning system in the server room serviced?
• If money was not an issue, what systems, procedures, or policies would you put in place to fully protect our server systems? Can we buy, install, or change portions of those perfect-world solutions to create better best practices?
• What three things do you want all library employees to do when it comes to protecting our IT/IS systems?
• What three things do we need staffers to remind all patrons to do to help us protect our IT/IS systems?

By Dr. Steve Albrecht

The Society For Human Resources (SHRM.org) is one of the largest professional organizations for HR professionals. As a member (and board certified by them since 1995), I come across articles and ideas that can benefit library leaders and library staffers. One approach, covered in their HR Forms section for members, refers to the value of asking ”Stay Interview Questions.” This is a bit of an early-warning coaching conversation, that touches base with an employee who might be thinking of leaving your library. This person could be a new hire, who is trying to decide if the job is actually right for her or him, or it could be a longtime employee who feels burned out, “top-stepped out” (no other promotional levels to reach or strive for), or on the fence about a career change, a move to a new city, or retiring early.

Your use of these questions - which you can customize to match your management style and conversational goals - can help you discover what you and your library may need to do differently to help retain this employee; give you a sense of this person’s personal and professional goals; and help you make staffing decisions if it’s clear she or he has a leaving date in mind.

Some of these questions may reveal some issues about how employees get along, or don’t; about how work gets signed, delegated, or completed; and it may even bring serious, hidden issues to light that you need to address. This could include harassment problems; the perception of fairness in your hiring, promotion, and discipline processes; and underlying concerns about the health of your work culture.

From the SHRM website (https://shorturl.at/lsTX8):

“The following are questions you may ask during a stay interview. You should have several open-ended questions on hand. It’s important to listen and gather ideas from the employee about how you and your organization can retain him or her.

• What do you look forward to when you come to work each day?
• What do you like most or least about working here?
• What keeps you working here?
• If you could change something about your job, what would that be?
• What would make your job more satisfying?
• How do you like to be recognized?
• What talents are not being used in your current role?
• What would you like to learn here?
• What motivates (or demotivates) you?
• What can I do to best support you?
• What can I do more of or less of as your manager?
• What might tempt you to leave?”

Think of this process as the better, earlier, wiser antidote to the so-called “Exit Interview,” where the library leader or the HR manager discovers the reason(s) why the employee is leaving only after it is far too late to do anything about them.

Dear Dr. Steve,

Please forgive me if this question has already been addressed in a previous article or blog post. I recently got hired as a library security manager for our library system's 18 locations, and one of the things our executive team has asked me to focus on is training our staff in response to active attack/active shooter events.

While I've been blessed to have attended a fair amount of training for active shooter response and am currently certified through ALERRT to teach civilian response to active shooter events, I've noticed that the majority of response models don't seem to account for the difficulties libraries face. In businesses, employees are able to be trained in appropriate lockdown procedures and have access to securable rooms; in schools, teachers and staff are directly accountable for non-employees (i.e. students) and are able to (hopefully) secure them with some ease in classrooms.

Libraries, obviously, don't perfectly fit these neat models in that we might have hundreds of patrons in our largest locations at any given time, none of whom are trained in our lockdown procedures or have access to staff only areas that are more easily secured, and none of whom (besides perhaps young children during story hour and teens in the young adult rooms) are being directly supervised by staff and are thus able to be easily corralled into a safe room or exit.

In our library system, we do have unarmed contracted security at our largest locations, and my inclination is to train/utilize them primarily to facilitate the escape or sheltering of patrons as much as is practical (your input on whether that seems potentially feasible or not would be greatly appreciated). What measures are you aware of that other library systems are using to increase specifically patron survivability in the unlikely event of an active attack event?

Robert

Dear Robert,

Your question is a good one and it goes to several larger issues, which are, "How do we get the public to listen to us during a real library emergency, and how can we get them to understand that their first duty of care is to take care of themselves and not just wait for our staff or our Security, LE, Fire, or other first-responders to tell them exactly what to do?”

If you use a church service, movie theater, or a concert as examples, we should train Security and event staff to know the warning signs for emergencies (what they hear and see), so they can get into position immediately to help others evacuate or shelter in place in the best place possible (knowing it may not be able to be a "safe room").

Further, all staff and Security training at the library should remind themselves that their first duty of care is to take care of themselves, meaning they can't help others if they aren't safe first. Take no unnecessary risks and do only what you can do, then get out of harm's way yourself.

When the public is put into life-threatening stress situations, they can forget everything: the address of their building; how to dial 9-1-1; what to tell dispatchers; descriptions of events and bad guys, etc. Therefore, staff and Security training must use simple commands, said over and over, to individuals or groups. If we can get them to shelter, do that, If we can get them out of all the exit doors, do that.

There is an expectation by the public that your staff and Security will be trained, but that they can only do so much. In a theater fire, they are not expected to stay until the building goes up, and they may not be able to get everyone out because people don't listen, hear, or know how to get to safety because they freeze or run the wrong way.

The only good news is that most school kids have done lockdown drills many times and most adults have had least heard of the Run-Hide-Fight concept by now. Having trained your Fire Wardens/Evacuation Staff, who have access to bullhorns, flashlights, the PA system, and can lead patrons to exit pathways to safety, is your best response.

Regards,

Dr. Steve

By Dr. Steve Albrecht

At a recent library service, safety, and security training workshop I did, a library employee told me she would never call the police to her library because, "Once the police put that person's name into their system, it never comes out, and it will ruin their life." Despite my best attempts to convince there that wasn't always true, she remained unswayed. So let's look at the process cops use when they talk to someone who they believe may be involved in a crime (like stealing or fighting) or an illegal activity (being high on illegal drugs). Note that we are using examples of patrons who may have committed a crime.  

Police officers have thousands of conversations with people who may or may not be doing suspicious things, every day. These most often start out as a "consensual conversation," meaning the person is free to: walk away, not answer any questions, not engage, or make eye contact, or speak at all. If the officer has no legal reason to detain the person, he or she is free to go, without being physically stopped.

During the "consensual conversation," the officer can ask the person's name and other demographic or identifying information. The person may or may not decide to answer, which is legal as well. If the person does answer, officers often put this information on a form called a "Field Interview (FI) slip." This form will have spaces for the person's name, address, age, date of birth, height, weight, gender, hair/eye color, race, scars, tattoos, Social Security Number, and the reason for the stop. The reason for the stop on the FI form is usually called the "Crime Potential," meaning it's what the officer believes the person may have done before his or her arrival - burglary, vandalism, gang activity, theft, prostitution, drugs, robbery, car theft, etc.

If the officer has a legal reason to detain this person, it turns into a stop called a detention. At this point, the officer suspects criminal activity but is not ready or does not have enough information or evidence to make an arrest. During a detention, the officer can conduct a "patdown" on top of the person's clothes for "hard objects," which is any item that feels like it could be a weapon (firearm, stun gun, knife, can of pepper spray, stick). The officer cannot dig into the person's pockets, purse, or backpack for anything other than a hard object which could be a weapon.

A legal detention is supposed to have a time limit of about 20 minutes. If the officer cannot develop probable cause to make an arrest, he or she has to let the person go free.

Examples of detentions include when an officer evaluates someone for being drunk in public; drunk driving; being under the influence of drugs; running him or her for warrants or doing a records check for a driver's license suspension (both through the police radio system).

The officer may evaluate the person for a mental health concern, because he or she is a danger to self or others, or is gravely disabled (unable to care for himself or herself safely).

The officer can take a person believed to have a mental health issue to a mental health hospital or a hospital emergency room, under a legal stop known as a "mental health detention." If the clinicians decide to keep the person, the officer can leave the facility. If the clinicians decide not to admit the person for care and treatment, the officer must return the person to the exact spot where they were originally detained.

Another form of detention is called a "curbstone lineup." Here, the officer detains the person at a location, so that another cop can bring a witness to a crime to the scene, to make an identification that the person was involved in a crime.

The officers bring witnesses to potential suspects, not the other way around, because "movement equals an arrest." If the witness cannot identify the person, the officer frees him or her from the detention. If the witness identifies the person, the police use that as "probable cause to make an arrest.” (Officers and deputies can make an arrest for a felony, either committed in their presence or not, based on probable cause. For misdemeanors not committed in their presence, they need an eyewitness to make a citizen’s arrest, then they will take custody of the subject.)

Once the officer decides he or she has enough evidence to make an "arrest, with probable cause," the person is handcuffed and searched, before being put into the back of a police car. This time, the search is made "incident to an arrest," meaning the police can search the person's body, clothes, and belongings for both weapons and contraband. This is done because the county jail will not allow weapons or contraband within its walls. Contraband is defined as legal or illegal drugs, cigarettes, lighters, matches, bullets, fireworks, pornography, cellphones, money, jewelry, and any object that could be used or traded in jail.

At this point, the person cannot "resist a legal, lawful arrest." If he or she does, the officer is legally allowed to use the "minimum amount of force to safely make the arrest." The person can complain later to a lawyer, or to a police supervisor, or to the department's Internal Affairs Unit, or to the community's Police Oversight Board, if he or she feels wrongly arrested. 

"The cops didn't read him his rights! I've seen TV shows and movies! I know they have to recite him his Miranda warning!" Again, not always.

The Miranda Warning is what is called a two-pronged test: 1. The person has to be in custody (under arrest and not free to leave) and 2. The police must plan to interview the person and use what he or she says against him or her, by recording or writing his or her statement. The person can "waive their rights" and speak to the officer if he or she chooses to do so. Or he or she can choose to "invoke" and not say anything.

Here's an example where the officer doesn't have to read the person the Miranda warning: The person is stopped for being drunk in public (detention, moving to probable cause for an arrest). The person is handcuffed, searched, and taken to jail. No Miranda reading is necessary because only the first part of the two-prong test is in play. The person is under arrest and not free to leave, but the officer doesn't (care) or plan to ask him or her about how or why they got drunk.

Let's look at the permanent record issue. Casual conversations don't go into the police records database. FI slips, traffic warnings and citations, traffic accident reports, runaway juvenile reports, death reports, crime reports, and arrest reports do. The span of time these reports are kept in a law enforcement database and then later deleted varies from agency to agency, but it’s not forever. Lots of people are in police records systems that have nothing to do with their committing a crime: witnesses at a car accident; being a crime victim; having their car towed away for illegal parking or an expired registration over one year; being the parents of a person who call to have their son/daughter taken to a mental health facility for an evaluation.

Just because a citizen is in a local police or sheriff’s department computer system is not a hindrance to any part of their life. All first-responder agencies record incoming 9-1-1 calls too. These facts should not prevent library employees from calling for police, fire, or paramedic help if they are needed for an actual or pending emergency or crime.  

By Dr. Steve Albrecht

One of the hardest jobs I ever held was working as a Ramp Agent for a major airline at a small airport. I loaded and unloaded passenger bags, which meant operating conveyor belts, and crawling into baggage compartments on regional jets that were freezing in the winter, broiling in the summer, and not tall enough to stand up in. I walked planes out to the taxiways and waved arriving planes into the parking position, using the fun orange wands. I drove trucks known as tugs, hooked up planes--using heavy tow bars--for departure pushback, and picked up FOD (Foreign Object Debris) off the tarmac before the planes arrived.

A lot of this work was driven by the use of a checklist, which every employee carried on a lanyard around his or her neck. This two-sided laminated card (for arriving planes and departing planes) was referred to by all ground employees, from the newest to the most senior. We went through both verbal checklists every single time before a plane arrived or as we prepared it to leave. You might say, “I’m sure the longtime employees didn’t even have to read the card out loud. They knew it backward and forward.” No and yes; they did have it fully memorized but they also read it to the whole group, and got a verbal response as to who was going to do what, every single flight. Safety First. Nothing Left to Chance. Step by Step Matters.

Lots of important jobs use checklists: pilots during takeoffs and landings; chefs and cooks in restaurants, to make sure the ingredients are included and the preparation process gets followed; and especially surgeons, as was so well-captured by Dr. Atul Gawande, a physician and surgeon, in his bestseller, The Checklist Manifesto: How to Get Things Right (Picador Books, 2011).

Does your library use a printed checklist for closing time procedures? You might think your facility is too small, or too well-organized to need such a device. “We don’t need a written checklist. We all know what to do. The staff always gets it right. We’ve never left a child locked in the building! Well, there was that one time when we found the kid who managed to get into our break room and fell asleep on our couch after eating all our snacks.”

We can assume ourselves right into a lawsuit or a local or national media event. The bigger your library, the more floors, the more nooks and crannies, stairwells, elevators, media rooms, classrooms, storage rooms, break rooms, and public and staff restrooms you have, the more you have to be thorough in your end-of-the-day/night closing procedures.

Let’s consider what should be on your staff checklist. Some of these you may already do; others need to get added to a written form, kept on a clipboard, and checked by the PIC, so that all staff completes them at the end of each shift.

• Create a systematic process. If you have multiple floors, have some staff start at the top and work down to the bottom floor and some staff work from the bottom to the top floor.
• Walk through every room that needs to be locked and fully verify it’s empty. This includes looking into closets, storage rooms, and cabinets, where a child could hide. (Think like a kid or a developmentally-disabled young adult and consider where you would play hide if you were trying to avoid an adult: toy boxes, large empty storage boxes, unused/unlocked rooms.)
• Make certain every closet, storage room, under-sink, break room, or utility room with any HazMat in it (cleaning supplies, chemicals, glues, paints, bug spray, etc.) is closed, preferably locked, and secured.
• All rooms that house the library server or any telephone or electrical equipment need to be checked and re-locked.
• Make certain all public computers, laptops, or tablets are logged off. If possible, store the portable electronics in a lockable room, like the PC lab.
• If applicable, position any elevators on the ground floor and turn them off.
• Check to see no students or children remain in any rooms designed for their use.
• Verify that all public, children’s, and employee restrooms are completely empty. This means opening the stall doors too.
• If possible, secure and lock the employee break room. Make sure all coffee pots, microwave ovens, or stoves are off and any refrigerator and freezer doors are checked and then tightly closed.
• Make certain all office equipment is turned off: laminators, printers, copiers, postage meters, etc.
• If your library is large enough to have a loading dock or warehouse area, walk through to make certain all vehicle keys are secured, all theft prevention cages are locked, and no one is hiding in the vicinity. (Look up to make certain no one has climbed the access ladder to the roof and is waiting until you leave. Rare, but possible.)
• If your library collects cash or credit card data, make certain all monies, petty cash, or checks are placed into a floor safe before leaving. If you use a cash drawer, place it empty on the counter.
• If your library uses portable security radios, store them in their battery chargers.
• Check the security camera monitor(s) to see that all the interior and exterior camera views are operable and visible, especially in the darkness around the building.
• Check that any installed fire alarm systems are in operation.
• Turn off all non-essential lights.
• Arm the burglar alarm system, if applicable. It can’t help if it’s not on. (For some burglar alarm systems, it’s possible to lock the facility with the staff inside and then activate the “Intrusion Alarm Only” function of the alarm, meaning it will ring audibly and/or notify the police or the alarm motoring company if some breaks in while staff is still inside. The system can be re-armed as staff leaves the building.)
• Leave as a group; walk each other to your cars or ask the library security officer to do that, if applicable. (If sketchy people loiter in the parking lot after closing time, ask the local police to have an officer sit in the lot for a few minutes each night until all staff has left. This step is possible if it’s requested on a nightly basis and they aren’t busy.)
• Report any exterior lighting outages along the building perimeter, walkways, sidewalks, and in the parking lots. This includes testing the emergency lighting system occasionally as well.
• (If applicable, make certain the Library Cat is found, fed, watered, and given a clean litter box before leaving.)

When speaking about the Russians during the Cold War, President Ronald Reagan said, “Trust but verify.” Be thorough when you close the library.

Some patrons come into the library drunk, some come in high on meth or opiates, like heroin or fentanyl. Maybe they don't cause any behavioral or security problems for you or other patrons. But what if they do?

Watch Dr. Steve Albrecht's 30-minute video interview with internationally-known trainer for bars, nightclubs, and restaurants, Robert Smith, CEO and President of Nightclub Security Consultants.

By Dr. Steve Albrecht

Let’s start by defining the “professional library security incident report” as:

“a document created by an investigative process that captures the scene of a security incident at your library; that serves as a historical record; and that accurately describes the facts, identifies evidence, any victims, witnesses, and the actual or suspected participants. It should include their actions and statements, which might initiate a human resources response, or demonstrate the need for security improvements, process improvements, or policy changes at the library. These reports can help limit our liability and demonstrate security professionalism. Professional security reports demonstrate our knowledge of the law, the library Code of Conduct, security policies, and patron behavioral issues. It can help us see how crimes, medical incidents, accidents, and patron behavioral problems should be investigated, documented, and managed.”

That’s a long way of saying they have value and should be valued by the library organization.

Security Incident Reports (SIRs) have legal, historical, evidential, and statistical importance. They help Library Directors and/or library security managers or the site supervisors for contract security officers to prove or disprove what happened at a specific time and place. They make it easier for library leaders to make policy decisions, operational changes, and enhance staffing, hiring, protection, and service to the organization, staff, patrons, and the community.

Report writing is a learned skill. Security employees or staff who complete SIRs will need guidance, templates, ongoing training, and help to create the best representation of what may have happened, on the actual page.

Many eyes will read what gets written on a library SIR. Inside the organization, this could include the Library Director, security directors, guard force supervisors, HR representatives, library board attorneys, risk managers, county safety officers, and city/county media relations. Outside the organization, this list gets even longer and could include insurance adjusters, police, prosecutors, judges and juries, expert witnesses, plaintiffs’ attorneys, or civil or criminal defense attorneys.

Consider the following writing tips for all employees who have to write a Security Incident Report, starting with the most helpful, important rule:

Use the Triple-A Rule to improve your reports:

Keep your Average Sentence Length to about 15 to 20 words. Longer or shorter is okay but this word number guideline always leads to the highest comprehension by the reader. It’s easy to stay at this 15-to-20 words per sentence mark if you stick to one idea or activity per sentence.

Avoid Jargon. Write like you talk and don’t talk like a cop or a bureaucrat on paper. It’s not a vehicle; it’s a car. Stop writing “approximately” and just say “about.” Don’t say “I utilized” when “I used” is better.

Write in the active voice. Don’t write, “The paramedics were called and treatment was provided to the injured patron, who was then taken to the hospital.” Write it with the subject and the action right up front: “We called paramedics for the injured patron. They treated her at the scene, before taking her to the hospital.” Active voice sentences have more power and tend to be shorter.

• Memorize the correct version of these common grammar usage errors and keep them out of your reports: their, they’re, or there; you’re or your; then or than; it’s or its; to or too; further or farther.
• If your incident notes are an inaccurate mess, fix that immediately. See how other employees create well-organized notes and copy their approach.
• Develop shortcuts for notetaking. If applicable, note the times of arrival for everyone after the incident/accident took place. Circle these letters so you know later who did what, when: V for victim, W for witness, S for Suspect/Subject, M for me (you said it, asked it, or did it), L for Library, P for Patron, LE for Police/Sheriff, F for Firefighter, EMT for Paramedics, SG for Security Guard, E for Employee.
• Little details can have a lot of importance. People involved in Security Incident Reports may try to claim things later that didn’t happen, get payment for damage that wasn’t there, or file questionable or even false court or insurance claims. Get the names and IDs of all on-scene first responders, the lighting conditions at an accident scene, and the names and contact information for all witnesses. Quote exactly if someone refused medical treatment at the scene.
• Know when to ask more open-ended questions (used to get the person to tell his or her story) and fewer closed-ended questions (used to get yes/no answers). “And then what happened?” is an open-ended question. “Is that all you can remember about the event?” is a closed-ended question. Both are necessary, but you’ll get more information using open-ended questions.
• Know the elements of a crime and make certain those are described as being met in your report. Crimes require intent on the part of the doer. Some events are not crimes: an expensive watch that gets left in the library public restroom and is not there when the owner returns is not a theft case, it’s a lost item.
• Know the important difference between an eyewitness and an “ear witness.” Some people saw things; other people heard about things from others. It’s a critical distinction in security incidents and subsequent reports.
• Understand who is the audience reading your report; one of your objectives is to pass along key messages in a manner the reader will easily understand.
• Readers of your report may include law enforcement, legal counsel, internal auditors, insurance representatives, HR, directors, managers, and supervisors.
• Ensure we have sufficient detail in the report, consider using models like the four C’s and the five W’s plus H: Complete, Clear, Concise, and Correct along with the What, When, Where, Who, Why, and How.
• Your report is a reflection of your professionalism, so turn on spell and grammar checks if using a computerized application to write your report. Read and re-read your report before submitting it, and consider both the structure of your report as well as its content. If a layperson cannot understand your report, then adjust as necessary to make the report more easily understood.

The stakes are high for poorly written Security Incident Reports. As any attorney will tell us, “You can’t go back in time and `add it in after it happened.’” Choose your words well.

My thanks for the help with this piece goes to Dubai-based security practitioner John Cowling, a fine Aussie gent. He specializes in corporate security, transportation protection, and crisis management.

By Dr. Steve Albrecht

Consider the scope of your library career, however short or long. There have been huge changes in the profession just from 2020 to today. There are lots of examples in your working life with the public that have probably included good and bad situations, routine and highly-abnormal events, crime and emergencies, and highly maddening and truly touching moments.

There have been Memorable Patrons: Good and Memorable Patrons: (Kind of Horribly) Bad.

You have had awesome co-workers and supportive bosses. You have had lazy, eccentric, or passive-aggressive co-workers and micro-manager or missing-manager bosses.

What were your big wins and big accomplishments, around library content, programs, displays, or policy improvements?

What were your small but important victories, back when you started your library career? What are they today?

Where do they happen and how do you make them happen?

What fun, free stuff does your library provide to patrons, that came from your ideas?

Some probable happenstances in your library career:

• Helping a child get his or her first library card.
• Helping an adult learn to read through a literacy program.
• Helping pre-teens, tweenagers, and teenagers find the “cool things” to read, view, and see in the library.
• Helping an anxious or older adult master technology: the Internet, creating their own web sites, using laptops, tablets, and smartphones.
• Helping an unemployed patron apply for and get a job.
• Helping patrons get government services and benefits.
• Entertaining little kids and seniors, with captivating programs.
• Bringing in featured speakers and authors; dealing with the controversies this sometimes creates.
• Running the bookmobile, the annual book sale, and helping the Friends of the Library store.
• Building cool and interesting displays.
• Filling in for sick colleagues.
• Keeping the library open and running through the pandemic.
• Operating the library’s Warm Zones and Cool Zones for seniors and the homeless during winter and summer weather.
• Working with challenging, rude, entitled patrons.
• Dealing with patrons who are experiencing homelessness, mental health crises, a trauma-filled background, or substance abuse issues.
• Dealing with repeated patron behavioral problems.
• Dealing with serious security issues and crimes, with courage.
• Doing additional tasks without complaint.
• Working at other branches or at community events, to support the overall library mission.
• Volunteering to represent the library at various community events.
• Repairing library equipment, furniture, and devices.
• Fixing all types of technical issues and problems.
• Keeping the library IT systems healthy and running.
• Coming to work, on time, in all kinds of weather.
• Coping with the whims and requests from politicians, electeds, city council members, county board of supervisors, library boards, attorneys, and appointed officials.
• Cleaning up after public events.
• Coping with the horrible things left in the book drop, on the shelves, in the elevators and on the stairwells, and on the floors and counters of the public restrooms.
• Doing your usual and unusual duties
• Celebrating important events in the lives of your colleagues.

Sometimes it can help your life mood and work morale by taking a moment to consider all of the fun and not-so-fun things that have happened in your library, with you as a paid witness. Okay. Enough considering. Now get back to work!

By Dr. Steve Albrecht

Some people know right away they want to be in charge at their jobs, often as soon as they get them or soon after. They see their personal career path ahead of them and their current job may be right where they want to be - already in a director, manager, or supervisor position - or they know how they want to go about getting into one of those leadership roles. Other employees just like doing what they were hired to do and have no desire to ever become a supervisor or manager. This is no sin and certainly not a reflection on them. Successful organizations need that right mix of employees who want to take on leadership, “managership,” and frontline supervisory roles, along with employees who just want to do the work they were hired to do. 

The plain truth is that becoming a boss means that you actually move further away from the original work you were once hired to do and more into supervising other people doing their work. If you hired on as a Drill Press Operator 3 and worked your way up through the ranks to be the Drill Press Operator Supervisor, guess what you mostly stop doing? Drilling holes.

As you step away from your original role, your work becomes more about solving employee performance or behavior issues, addressing patron behavioral problems, or handling patron service and information concerns. Depending on the size of your library and its workforce (and how shorthanded you are), you may be asked to contribute to policy change discussions, budget details, or take on new projects that have a lot of moving parts and complexities. 

You may have to initiate discipline against your former co-workers or craft a performance evaluation for them. You may have to supervise colleagues who are also your good friends or tell the ones who are not fans of yours how, when, and where to do their jobs. Challenges abound.

Employees who choose to stay in their same job for many years often say some version of, “I don’t want all the hassles that come with being a supervisor. The extra pay is not worth the extra work. I don’t like telling people who are my friends what to do. I don’t want to have any `homework’ to do or think about after my shift is over.” And that approach is fine, as long as every employee who does want to promote is given the information, steps, and fair opportunity to do so if they want to.

So how should you go about preparing your successful move from a staff position to the PIC position?

Know the full job description and all of the job duties. Compare your current status - overall work experience (every job you’ve had and how might those have prepared you for this one), supervisory experience (if any), certifications, and work history in different libraries. 

Be honest and accurate in your assessment of your strengths and weaknesses as a potential supervisor. Are there some areas that you may feel might hold you back from taking the job and/or being successful at it? No one likes conflict with patrons or co-workers, but can you step forward and handle those scenarios with courage? Do you prefer to work off the library floor, away from the public? Will you feel comfortable handling potential medical or facility emergencies? Are you willing to be called after work hours if you are in charge of the facility over the weekend?

Do you enjoy the challenge of problem-solving on behalf of the patrons and your co-workers? Do you feel comfortable writing after-action reports, planning projects, delegating work to others, and supervising their success, quality, and deadlines? Can you write fair and honest performance evaluations? Is your personal life set up so you can come in on nights, weekends, or your days off to address certain situations? 

Ask to do that job for a day, a week, or a month. Meet with your supervisor and discuss your career plans. Ask him or her for help with two distinct points: Can you be given more responsibility and delegated tasks, especially in those areas where you need more exposure, knowledge (through both training and hands-on learning), or experience? Can you either shadow the current PICs, to see how they do the work, or can you be put into the PIC role for a test run - a day, a week, a month?

Giving a speech at a university in 1854, French microbiologist and chemist Louis Pasteur said, “Chance favors the prepared mind.” His contributions to the sciences of vaccination, microbial fermentation, and pasteurization are unmatched. To move to the next level in your career, prepare by putting yourself in the right position. 

By Dr. Steve Albrecht

In most cities, firefighters, paramedics, and EMTs go on three types of calls most often: car accidents, which may involve the use of tourniquets; opiate or fentanyl drug overdoses (usually involving people under age 30); and cardiac arrests (usually involving people over 50). These last two events will almost always require them to perform CPR and hook the person up to a portable defibrillator, known as an AED machine.

If you learned how to do CPR many decades ago - like me - you’re probably doing it wrong if you had to do it today. Modern CPR is all about doing chest compressions, correctly, quickly, and at the right speed and depth. Rescue breathing is no longer part of the cardiac arrest response. (Back in the 80s when I first learned it, they taught us to to give the cardiac victim a solid whack on the chest if we witnessed them go down. Known as a ”precordial thump,” it was supposed to help restart a still heart. We DO NOT do those anymore, thank goodness. “Hey! Why did you just punch me in the ribs? I was taking a nap on the couch!”)

The move away from rescue breathing - putting your mouth over the patient’s mouth, pinching his or her nose shut, and expanding his or her lungs with a short one-second breath - which fell out of favor during the AIDS/HIV crisis and during the COVID pandemic, was also because research suggested it was not as effective as doing chest compressions. It’s still recommended for people who have had drug overdoses or for kids who have drowned or have choked on an object and who are not breathing once the object is dislodged. You’re not giving a full lung-exploding breath, just one second of air, done twice, then go immediately back to CPR compressions.

Modern CPR realizes that oxygen to the lungs is not as important as blood to the brain and other vital organs. Chest compressions, done at a brisk rate of 100 to 120 compressions per minute (and allowing the heart to refill with blood by doing a complete up and down movement), can save the person’s life and brain function. There are CPR apps you can put on your smartphone, that will give you a tone to help match the compression rate. The usual model CPR people use is to do chest compressions at a rate matching the tempo of the Bee Gee’s 1977 hit song, “Stayin’ Alive.” (“Row, Row, Row Your Boat” also works.)

Automatic Electronic Defibrilators

These machines are found in many logical places: gyms, government buildings, malls, sports stadiums, and concert arenas, just to name a few. Besides the device itself, the boxes (or bags) that contain the kit include scissors - to cut the patient’s clothing away, no time for modesty here; it’s about trying to save a life. The kit may also include gauze, to wipe away the person’s sweat, to help the pads stick better, and a small razor, in case you’ll need to shave away a lot of body hair, again, to help the pads stick better.

The two AED peel and stick pads are clearly marked. For adults, one goes on the high right side of the person’s chest; the other goes across and around the person’s lower left chest area. For infants and small children, one pad goes on the child’s mid-back and one across the child’s chest.
Some AEDs are automatic, meaning the machine warns everyone to not touch the patient prior to delivering the shock itself. Others are semi-automatic, meaning you have to push the shock button yourself, on the machine’s command.

Once you turn on the machine, it will walk you through the necessary steps, including where to place the two sticky pads (after peeling off the plastic backing first), when to start CPR compressions, when to stop and let the machine take heart rate readings - to either prepare you to press the button to give another shock if the patient is in ventricular fibrilliation (a/k/a “vfib”) or continue CPR until fire, paramedics, or EMTs arrive.

Good Samaritan’s Laws are the same in all 50 states. As long as you are not intentionally doing harm, you cannot be held liable for any medical outcomes. As the EMT who taught my recertification class put it, “There are no 'CPR Police.' Do the best you can with the compressions, follow the instructions of the AED until help arrives and you will be fine. Something you do for the person is better than doing nothing for the person.”

Some questions for library leaders:

• Does your library have an AED machine?
• If you’re in a multi-story building, is there one on each floor?
• Has all staff been trained in CPR techniques for adults, children, and infants and AED machine use?

You can get free initial and refresher trainings for your staff by contacting your local fire agency, local hospital, local Red Cross office, or your nearest American Heart Association office.

By Dr. Steve Albrecht

Perhaps you‘ve seen the recent story where a library in Englewood, Colorado - a suburb near Denver - had to close for a serious cleaning because people who smoked meth in the building contaminated the restrooms. This follows a similar problem at a Boulder, CO library. According to an online news report in the Colorado Sun, from January 17, 2023 (https://bit.ly/3XEFBCg), both libraries have had to do a serious de-contamination of the walls, counters, fixtures, and exhaust fans.

The article says that this microscopic, unseen exposure is a real health risk: “Health officials say meth residue can be an irritant, causing symptoms like an itchy throat, a runny nose and bloodshot eyes.” The problem here is that like similar chemical reactions, you wouldn’t know you have been exposed until you feel the symptoms.

For help in this issue, I have turned to my Drug Recognition Expert (DRE) colleague, Keith Graves. Keith is a retired police sergeant from northern California, an internationally-known drug use and abuse trainer, and a longtime member of the California Narcotics Officers Association.

Keith says to be able to identify any substance on the interior walls of a facility, a trained technician “takes an alcohol-type swab and swabs the walls. The swab is then sent to a lab and it will quantify how much meth is present in that one section.” He says this process is actually more common than we might first think: “In some states, meth testing inside a home is mandatory before a sale of that home.”

For libraries and their employees, Keith says, “I think there is some validity to this. Everyone is going into the bathroom to smoke meth, but they aren't testing for fentanyl, which is just as bad. There are so many contaminants in meth that the smoke seeps into the walls and on to the bathroom fixtures. I do see a health concern.”

“A good example is the `Drug Endangered Children’ program. When we see a child in a meth user’s home, we swab the walls and show the courts and Child Protective Services that there was meth on the walls. We take those kids into protective custody because they were endangered by the meth in the atmosphere and on the walls and furniture. It’s the same exposure issue at the library.”

So what does meth smoke residue smell like? It’s hard to explain odors perfectly in words, but in general, burnt meth smells like ammonia, melted plastic, cat urine (Uh oh. Time to check my two cats for meth use), rotten eggs, metallic chemicals, solvents, or glass cleaner.

While I don’t have nearly as much drug knowledge as Keith Graves, I see and hear things and stay up to date on drug abuse issues because I still teach programs for public-sector employees known as “safety sensitive.” This designation means they hold a Commercial Motor Vehicle license (usually to drive semi-trucks or specialized construction vehicles), or they carry passengers, placarded HazMat materials, or are members of certain transportation or first-responder professions, like airline pilots, air traffic controllers, bus drivers, trolley or subway drivers, ship operators, police officers, and firefighters.

The Colorado meth exposures is the first I have ever heard of this problem in a library. That doesn’t mean it hasn’t happened or isn’t happening, just that it’s thankfully rare, both in the health effects for employees and patrons and in the media coverage. We don’t want your local media to start writing articles demanding testing at all libraries without proof that it’s needed.

This type of field-to-lab testing process can be expensive. And it’s not that we trade the health and safety of our employees and patrons just because of the cost, but we need to be realistic about whether there has been meth contamination or we’re only guessing there has. So, pay attention but don’t lose focus on the fact that this is still an extremely rare event.

What should library leaders and staffers do about this new problem? And we hope that it’s new because it’s not a widespread issue, where lots of libraries or public-use facilities are suddenly coming forward to talk about the problem.

Of course, our best proof of meth contamination is our employees or other patrons have seen and reported meth users smoking in our restrooms (or worse, the hidden spots in our library); the police have made arrests for meth use in our restrooms; paramedics have responded to our facility to medically evaluate a meth user having a psychotic incident (chronic use of the drug causes brain injuries that mirror schizophrenic symptoms); or - here’s a not-so-fun one - a meth user has filmed himself or herself smoking meth in our library and posted it online. (Starbucks has seen too many videos of people shooting drugs in their restrooms.)

These incidents would tell the library leaders to initiate a call to a bonafide testing/clean-up vendor to mitigate the problem.

Until any of these happens at your library, my best advice would be to do what we always do: observe and monitor any non-normal activities in our public restrooms (using regular staff checks, preferably with two staffers doing them together); pay attention to any kind of smoking behavior inside the library (regular cigarettes, marijuana joints, vaping); and continue to have the public-contact areas of your facility professionally and regularly cleaned.

By Dr. Steve Albrecht

Most personal and professional stressors involve either a person or a situation.

We’re either upset, anxious, or disappointed in someone or an event - past, present, or future - that seems overwhelming. It’s the impact the person makes on our work or home or the intensity or irritation of the event that affects us. It can be hard, in those moments, to see that we can go in many different directions, other than the one that seems like it’s the only viable one at that time. In other words, we have several choices in life and work. They may not always be perfect, but they are there for our use, often sitting just below the surface of what seems like the only and obvious path.

Consider this collection of options, known as the List of Eight Choices. They can give us hope, a renewed feeling of optimism that we don’t have to accept someone or something as it is, because “that’s just the way things are.” At first glance, some of these choices may not be our best alternative, but they are an alternative, perhaps better than our current approach. What we may not like as a possibility at the beginning may turn out, after some careful reflection or after putting the choice into play, to be a pretty good solution after all.

Consider this List of Eight Choices and we will apply them to a work stressor:

1. Leave the person or the situation.
2. Live with the person or the situation.
3. Change the person or the situation.
4. Change our perception of the person or the situation.
5. Change our behavior around the person or the situation.
6. Change both our perceptions and our behavior around the person or the situation.
7. Ignore the person or the situation.
8. Fake it (until we can make it) around the person or the situation.

Before we reject some of these choices as not reasonable for the stressors in our work or personal life, let’s apply them. Let’s say our work stressor is an older patron who is regularly rude to us. This person is sarcastic, dismissive of our efforts, and just has a toxic personality. We cringe when this person enters our library and yet, because of the nature of our job, we have to serve him or her. Let’s apply our List of Eight Choices:

1. (Leave the person or the situation.) Have another colleague work with the patron. Trade off our rotten experience with this person and take one of theirs.
2. (Live with the person or the situation.) “I don’t choose who walks in here. I can only do my best to provide good service and not take it personally if the patron is perpetually unhappy.”
3. (Change the person or the situation.) Hard to do, admittedly.
4. (Change our perception of the person or the situation.) Maybe the patron is dealing with a serious life issue, which has made this person angry, sad, defensive, and anxious? Look upon the patron with what the mindfulness meditation teachers call “loving kindness.”
5. (Change our behavior around the person or the situation.) Kill them with extra kindness. Give them an extra helping of politeness. Be a better listener. Try to see if they have a sense of humor.
6. (Change both our perceptions and our behavior around the person or the situation.) This is the hardest challenge and probably the most useful one. “I will see this person in a new way and I will act differently around this person. The first approach will help me see this patron in a better light; the second will give me a wide variety of approaches, to find the one that works best.”
7. (Ignore the person or the situation.) “Here he or she comes! Here I go! Off on my break, to help another patron, or go do a project for my boss.”
8. (Fake it [until we can make it] around the person or the situation.) “I’m going to use my acting skills and act friendly, approachable, sincere, motivated, and enthusiastic about helping this patron, despite how he or she treats me. At the end of my interaction with him or her, my boss and colleagues will want to nominate me for an Academy Award!”

The point of the List of Eight Choices is enhanced control. We can do more (or less) and give ourselves many more opportunities to be different, think differently, or act differently. It can be freeing to consider we have more than one choice.

Give these eight a try for your next challenging work situation. And guess what? These eight work well for your personal stressors too.