The document outlines the recovery of usage data following a cyber incident in July 2023 that compromised access to shared drives. The team was able to rebuild their data for SCONUL reporting using various resources and systems, including JUSP and LibGuides, within weeks of the breach. Lessons learned include transitioning to cloud-based information storage and consolidating access to multiple resource data in one place for efficiency.

1. Rebuilding
Data
______________________________

2. Working Practices
Prior to the cyber incident in July 2023,
we gathered our usage data from JUSP
and individual publisher’s platforms,
recorded it on spreadsheets, and
stored it in folders on a shared drive
that could be accessed by library staff
via their university login.
The data was used for SCONUL
reporting, to inform purchasing and
renewal decisions, and to track trends
over time.

3. Cyber Incident
When the data breach was discovered, we were
unable to access our systems, including shared
drives, and our connections/links with other
institutions were suspended until our systems had
been checked and made safe, in line with
standard practice. When we were able to log in
again a few weeks later, our shared drives were no
longer available.
As the SCONUL strategic dataset was due in
November, and we had renewal decisions to
make, we had to start the process of recovering
our usage data as quickly as possible.

4. The Recovery Process
+ Without being able to check our shared drives, we had to find out what usage
data we’d had stored.
+ Our working practice had been to collect the various metrics and store these in
folders for each resource, as well as entering the monthly figures on a main
spreadsheet displaying each database and the metric collected, recording the
pattern over the course of the year.
+ I was able to find a main spreadsheet for 2021 that I’d sent to myself via email
during one of the lockdown periods, which let me see all the platforms we’d
collected figures from at that time.

5. Rebuilding
+ JUSP was invaluable to the rebuilding process, as we could quickly and easily access
statistics for several of our subscriptions over the years.
+ License Subscriptions Manager was very useful in detailing recently subscribed
resources, as was KB+ and our LibGuides A-Z, so after we were cleared for access by
our IT department, it was a case of checking platforms where our resources were
stored, to rebuild the information we needed.
+ The remaining statistics not available on JUSP were collected individually, using
standard admin access routes into the various publisher platforms, Sams Sigma,
Atypon, etc.
+ As the reporting for SCONUL is retrospective, we also had to gather statistics for the
previous year, 2022, so that we could report for the academic period 2022-2023.

6. Where we are now
+ Although we no longer have data going
back as far as 2010, within several weeks
of the incident we had rebuilt the data we
needed to complete our obligations for
SCONUL reporting, and our Collections
team could access usage statistics to
inform purchasing/renewal of resources.

7. What we’ve learned
+ We now store our shared information in
cloud-based systems, accessed via staff
login.
+ Where we can access our SUSHI details
for a resource, we set this up in JUSP, as
having access to multiple resources in one
place enabled quick and accurate
collection of data. As a back-up, we have
also set this up in LibMetrix.