Cybersecurity and Translation Data

Why you should care about safeguarding your data

Last updated: November 20, 2023 5:21AM

When selecting a language service provider (LSP), a few questions immediately come to mind. How much will my translation cost? How quickly will I receive the final product? Will the resulting translation be of high quality? All of these concerns are of the utmost importance. But, another consideration that is equally important, and arguably even more crucial, is determining what steps your LSP is taking to safeguard your data.

If you’re not asking your LSP about data security, you are exposing yourself to the potential loss of intellectual property, company secrets or other highly sensitive material. When this type of information becomes public or gets into the wrong hands, the results can be devastating to a company.

What Could Go Wrong When Using Free, Online Translation Apps?

If you rely on a free, online translation tool for your company’s data, think twice, particularly if your data is sensitive or private. After all, professional translators require payment. If there is no cost for translation, how can these free apps afford to provide security? They often can’t.

There have been numerous warnings about the subsequent loss of control over data submitted to free, third-party apps. For instance, petroleum company Statoil learned its lesson in 2017. In that case, a free, online app loaded employees’ personally identifiable data into Google Search without Statoil’s knowledge.

Entrusting your translation projects to a professional LSP is a good, first step to ensure your data is secure. But there’s a caveat; not all LSPs are committed to cybersecurity and data protection. So, you need to do some homework and ask the right questions.

How Are You Delivering Your Material for Translation?

Customers will send data to an LSP in multiple ways. Three things should be achieved during delivery:

No one should be able to steal data.

Data should be uploaded to a place that only authorized people are able to access.

Data should not be able to be copied.

The LSP and the customer should work together to determine the delivery method of data. For highly sensitive material, the onus is on the LSP to provide an option that consists of a secure portal, or website. This type of delivery method will prevent data from being intercepted during transmission. It should also be designed to ensure there are no internal intrusions once material is in the portal. It is the customer’s responsibility to use the portal and refrain from asking the LSP to take data through an unsecure method.

Once data is in this portal, safeguards should involve multiple layers of controls. These controls may include strong authentication, rules-based access management, and the ability to integrate with the customer’s access management system. The idea is to limit access to people actively working on the project and to store the data so it cannot be easily taken by anyone else. Fewer people working on the data will minimize the security risk.

How is the Translation Work Being Done?

Translators should be required to sign in with credentials in order to receive access to the data, and then be required to work in the portal when the data warrants. For highly sensitive data, the translator’s work should be tracked on the LSP’s servers and special tools should be used. Resources, such as translation management software, help prevent data from being removed from the portal. And, for the utmost confidential material, data should be provided to translators in small chunks. This will ensure the entirety of the content is never fully disclosed.

Ultimately, translators should be able to work in an environment where data is maintained in the LSP’s systems and protected within the LSP’s security framework. Different levels of security can be applied to the translation model. This will be dictated by how sensitive the data is and how much protection is needed.

How is the Translation Work Delivered Back to You?

The LSP should deliver the completed translation to the client the same way it was received. For sensitive material, that delivery process would be through the secure portal. Make sure the data is secure and encrypted.

What Policies and Standards Will Protect Data?

Your LSP’s processes will go a long way towards protecting your data. For instance, the people touching the data are often linguists who may not fully understand security. Make sure your LSP informs linguists about the importance of protecting data and requires them to follow security policies put in place by the LSP.

Additionally, your LSP’s employees should be trained on how to handle data so it is secure. Finally, ask your LSP if the metadata of your project is obscured. Does the operations team use code names for projects as part of their process? They should.

What Tools Should Dedicated IT and Security Teams Use?

A company that entrusts their data to an LSP should know whether their vendor is equipped to maintain their own IT systems and handle an unforeseen security violation. Does the LSP use specialized technology like a security incident and event management tool? This type of tool provides an almost real-time capability to detect a malicious event, which enables security professionals to respond in a timely manner. Does the LSP have a vulnerability management system to track weaknesses in servers and other assets?

You can effectively assess your LSP by simply finding out if it has dedicated IT and security teams. It takes a considerable amount of resources to support these types of teams. Not all LSPs are in a position to operate them.

How Can Best Practices by Your LSP Minimize Threats to Your Data?

It’s impossible to completely eliminate all external and internal threats. However, you can rest easier knowing that you are focusing on securing your data and using an LSP that engages in best cybersecurity practices. Buyers should look to their own security team for input when selecting an LSP. And, the LSP should be willing to talk about their processes, practices, and strategies to secure data. Ultimately, your LSP should stand by what it says by entering into a contract that details its security responsibilities to you.