Ransomware Can Hold Your Records “Hostage”

In another unfortunate trend for Ohio in 2024, Wood County had experienced a ransomware attack that has prevented them from accessing their electronic records management system. As seen in the article found here, while the attack is not impacting public services, the county is resorting to using pen and paper to record emergency calls as well as preventing them from accessing historical police records.

Just like water or a fire damaging paper records, your electronic records are vulnerable to disasters and disruptions to business like these cyberattacks. There are several things your office should keep in mind:

  1. Understand where your records are on your network as well as who has permission to those files. ARMA International has a great article on defining data maps found here. This will also help identify where your vital records are, those records integral to your business operations and should be recovered quickly.
  2. Have your IT routinely backup your electronic records as well as run updates to system software/antiviruses/network firewalls.
  3. Provide mandatory cybersecurity training to your office staff to educate them on identifying fraudulent requests and the steps to report on them.
  4. Clean up electronic records that have met their applicable records retention schedules and are no longer needed. The less files there are on your network, the less files that could be potentially stolen from your office.
  5. Finally, establish continuity of operations plan (COOP) in place to define the policies and procedures to respond to an emergency or disaster. Have a COOP plan in place will allow a swifter restart of your operations. FEMA has a brief brochure describing a COOP plan found here.

National Archives Resources

The National Archives and Records Administration (NARA) has released a bulletin for federal agencies on managing records of collaboration platforms, such as Microsoft 365 and Google Workspace.  Collaboration platforms can include a wide range of tools, such as chat, email, and file sharing and project management features that may have records management and retention implications.   The bulletin shares the records management considerations that agencies should keep in mind when using such a platform.  More information is available at https://records-express.blogs.archives.gov/2023/09/29/new-nara-bulletin-on-collaboration-platforms/.

Another resource offered by NARA is its Electronic Records Accessioning Support Tools.  These tools can assist in preparing records for transfer and include Junk File Finder to identify empty folders and backup files and the Funny Filename Finder, a recently added tool which can identify filenames with invalid characters.  These tools are available at https://github.com/usnationalarchives/Electronic-Records-Accessioning-Support-Tools.

Thinking about digitizing your records?  In October NARA released its Digitization Quality Management Guide to assist agencies with their quality control of digitization projects.  The guide is available at https://www.archives.gov/files/records-mgmt/policy/digitization-quality-mgmt-guide.pdf.  If considering a digitization project also don’t forget about the OhioERC’s document imaging guidance!

“Hey Siri, manage my records:” the records management implications of emerging cognitive technologies

Human decision-making is being supported or replaced by several emerging cognitive technologies, including Internet of Things, Robotic Process Automation, Machine Learning and Artificial Intelligence. Recently, the National Archives and Records Administration issued a white paper that provides a review and analysis of these cognitive technologies and their potential impact on records management.

The white paper focuses on the following emerging cognitive technologies:

Internet of Things: The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting and sharing data. Devices like Alexa and Siri can be used to operate lights, lock doors, add calendar items, answer questions, and more. In 2016, the City of San Diego approved a plant to retrofit streetlights with processors and data storage to gather data and analytics to improve parking, traffic and safety.

Robotic Process Automation: Robotic Process Automation is a technology platform that enables a software robot (“bot”) to interact with applications. The white paper offers an example of a bot that assists members of the public asking for information about a topic. The bot opens a chat, scans the content, opens the agency’s reference request system, populates the requester’s contact information, makes a best guess at the purpose of the request, and provides resources to help the requester find the information they seek.

Machine Learning and Artificial Intelligence: Machine learning refers to a software programming technique that uses algorithms to autonomously improve decisions through analysis. Artificial intelligence is described as teaching machines to learn and solve problems so they can make yes or no decisions. The white paper discusses the use of these tools by governmental entities to classify emails to allow the public to search and more easily access certain government officials’ emails.

In addition to exploring the cultural and societal considerations associated with the use of cognitive technologies, the white paper explores the records management implications associated with their use and reminds readers of the following:

  • While the volume of data created by these technologies can be staggering, the data must be managed by agencies within a records management framework.
  • The length of retention continues to be driven by business needs and legal requirements.
  • These technologies may impact existing policies and standards, such as ensuring records management controls requirements for electronic information systems, and ensuring they adequately maintain the authenticity and integrity of records.

Although the white paper focuses primarily on federal records, it highlights the need for forethought from any public entity interested in incorporating these technologies into their business practices.