How to surround every point your assets touch with security:
Step 1: Assess the Threats
Audit how you and your suppliers manage translations currently. Watch out for the transfer of your data through highly insecure methods (such as email or insecure FTP sites), storage or processing of data using unauthorized devices (PCs, tablets, personal servers, insecure LSP infrastructure), or tools (online chat, file transfer systems), as well as retention of your documents and data once a project is complete.
Step 2: Look for Vulnerabilities
Translation companies are privy to massive amounts of confidential and sensitive corporate/customer data making them prime targets for hackers. By tracking how your Language Service Provider (LSP) manages, transfers and controls access to your content, across all steps in the process, you will be able to identify your exposure to data breach or theft and assess the security protocols that they have (or do not have) in place to protect you.
Step 3: Vet Your Suppliers
Firstly, check that they have the right security protocols and credentials in place; for example: Internal information security policies (ISPs); Information security risk assessments; SOC 2 Type II auditing, ISO 27001 compliance, and HITRUST certification to ensure appropriate information and document safeguarding; ISO 9001 and 17100 for quality management and industry authentication; GDPR and CPRA compliance for personal data protection; PCI DSS for secure payments
Ask how they ensure the availability of the content, including disruption and disaster recovery measures, in the case of a major disruption. You want to ensure that your documents and data are fully backed up for the life of the project, and that access can be controlled via IP and workstation restrictions for the most sensitive documents.
Step 4: Centralize
Confining content to a single environment (accessible online via a protected user interface) is more efficient, as well as more secure. A single secure platform enables all data, users, and workstations to be logged and audited for every translation task, but also allows for extensive customization where required by a business, as well as automation of common tasks. Minimize the risk of a data breach as a result of unauthorized document retention by working with an LSP that allows you to choose your own retention period for example.
Step 5: Control Access
Control and track who has access to your platform using admin rights/tracking of assets, granular security controls, document recovery, and secure password control. For instance, IP restrictions to authenticate users, hierarchical security settings (password length, password history, password complexity, number of allowed failed login attempts) that match the complexity of your internal security policies; and role-based access controls (RBAC) to assign access to specific teams, departments, and organizations.
Step 6: Classify Content by Risk
Highly sensitive content should benefit from added levels of security; for example, restricting where people work or blocking copying and pasting, if there is a high risk of theft or industrial espionage. Restricted workstations can limit everything from the ability to copy to internet access, and the use of software applications. This helps to ensure there are minimal opportunities for data loss or theft while work is being performed.
Step 7: Apply Global Rules Locally
Embedding corporate governance measures locally will ensure that the platform and its rules are not bypassed, but workflows should also be audited regularly – it is easy to fall back on old patterns, especially when deadlines are tight. Choosing a provider that not only understands the importance of cybersecurity but actively invests in it, can represent the di˝erence between success and failure. If your LSP cannot match your internal standards for security, privacy, confidentiality, compliance availability, and integrity, then now is the time to switch.
Companies, such as law firms, that have yet to experience a data breach may not even be aware of how their sensitive data is being managed or shared, or the potential implications a breach could have for their business.
Take a Proactive Approach and Limit Exposure.