Companies that have yet to experience a data theft or breach may not have an appreciation for its potential financial ramifications. However, with the average cost of a data breach estimated to be USD 3.86 million, not including long-term damage to trust and reputation, taking a reactive approach to limit exposure is no longer an option. ISI Language Solutions explains why cybersecurity compliance should also extend to translations.
Given the sensitive nature of the corporate and legal tasks that Language Service Providers (LSPs) are engaged to deliver, you would think data and process security would be crucial concerns. All too often, however, security compliance is considered secondary to productivity in our industry with confidential and sensitive data routinely shared and stored on insecure personal computers/servers/devices in a range of different countries.
A single multilingual project can be worked on by more than 50+ unique people, from the local language translators to editors, proofreaders, project managers, and quality control. If each of those workers is using a personal email address or saving their work onto a personal device, you are reliant on whatever security measures they have on those email accounts or computers. You also have no control over what happens to that data once the project is complete. In all likelihood, your data is simply retained by those contractors on their emails and computer devices, where it remains vulnerable to hacking, theft, or loss.
If companies are to effectively protect their data, there will be compliance for their LSP in their cybersecurity policies. Thereby including, assessing, and controlling how their content is being managed, moved, controlled, and accessed by all members of the translation supply chain.
Back to basics
The first step is to consider a security audit of your provider’s current IT systems and processes to identify how and where data and documents could potentially be compromised. Here are some questions we recommend asking your current vendor:
- What are their current procedures for the transfer of data and documents, including how information is stored on devices that do not belong to the company (e.g., the personal devices of contractors)?
- Do they retain your documents and data after a project has been completed?
- What are their backup and security policies; for example, when it comes to disaster recovery, data encryption, and password control?
- How is access to confidential and sensitive data tracked and logged on their systems?
- What technology do they use to control and restrict IP and workstation access?
- How often do they undertake vulnerability assessments and penetration testing, and can they share their latest reports?
If you are working with vendors that do not have security protocols in place to control communication and collaboration, then your private and confidential information could be exposed to theft or loss. Choosing the right vendors – i.e., an LSP with the right security protocols and certifications in place – will yield dividends in terms of management of work, improved security infrastructure, and a more security-conscious, trained network of linguists in general.