The five biggest translation security risks – and how to avoid them

When getting content translated, you automatically reveal information about yourself and your company. This information is always personal, often sensitive and rarely meant for the general public. So you need to take a few steps to make sure your data doesn’t end up in the wrong hands. We’ll show you the most common security pitfalls and how to deal with them.

1. Machine translation with insufficient data protection

Do you use Google Translate, DeepL or similar services? Then you’d better take a closer look at their GTCs. For the free versions, you usually automatically agree to the transfer of your data – giving third parties the right to share or index the content you entered for their own purposes. What this can mean in the most extreme cases is shown by the example of in 2017: the Norwegian oil giant Statoil translated texts using the website’s machine translation solution and found its own content a short time later via Google search, entirely unchanged. A flood of sensitive data has entered public circulation this way, from tax forms for a global pharma company to employee feedback for a well-known investment bank. Including names and phone numbers.

The solution:

To be on the safe side with machine translation, you should get a pro account. While you usually have to pay for these, they give you much better data protection: your content will be transferred in encrypted form and won’t be permanently stored or used to train the company’s language models. Data sovereignty will also remain with you or your company, no matter if you translate in the text box in your browser, by uploading a file, or via an MS Office add-in.

As an extra service, your language services provider can not only offer a final check by a linguist, but can also leverage existing translations from your company’s translation memory to enhance the machine output. That means previously translated passages will be translated in exactly the same way, and you also have more control over your company’s data. We call this MT+, and it can be used to provide measurably better results.

2. Unprotected servers and communication software

The biggest threat facing servers and software at the moment is ransomware. This involves malicious programs that intruders use to prevent owners from accessing or using their own data – or in the worst case, to lock them out of their own system entirely. That’s why a security issue discovered in Log4j is currently causing people around the world sleepless nights.

Ensuring good protection against ransomware is also a key consideration when it comes to translation. The biggest risks here are outdated technology, a lack of oversight and inadequate security training. Sending translated documents as email attachments is as much of a danger as content management systems that aren’t updated regularly.

The solution:

At a minimum, you should ensure that all the data you send and store is encrypted using modern technology – the most basic level is 256-bit SSL. Regular penetration tests and vulnerability scans of your system will identify weak spots and unauthorized code entries – with advanced threat protection, artificial intelligence can trace suspicious behavior. IT security training should also be mandatory for all employees, alongside regular system updates. And if you want comprehensive protection, there are plenty more systems and processes. The ISO 27001 standard compiles them all into an international standard. Language services providers certified to this standard will meet the highest security requirements for your information management.

The most secure way to complete translations always involves using translation software or a platform like the Supertext Translation Hub. With these, you log in to a secure central point for collaborating on and managing translations. Packet filtering ensures that both incoming and outgoing data is secure, and you can also set up specially protected workflows for confidential documents if required. The server source code is stored on a special development platform and protected using multiple firewalls and regular security checks.

3. Misuse of login details

Secure login details have always been a key consideration when using the web, but people still make plenty of mistakes – like using easy passwords that can be cracked in under a second, or keeping suggested usernames such as “Administrator” without changing them. When both of these errors combine, accessing program and software accounts becomes child’s play.

Received wisdom used to say that passwords needed a minimum number of characters and a mix of numbers, lowercase letters and uppercase letters. The latest insights from Microsoft, however, suggest moving away from passwords that are complex and changed regularly. Both mean that passwords are easy to forget, so people write them down – a classic security risk.

The solution:

The recommendation is to use two-factor authentication that gives you an additional level of security. In the same way, single sign-on, which is a login for multiple platforms that works by authenticating users using a certificate, reduces the risk that people will enter the wrong password in the wrong place. The platform you use for your language services should also support automatic logout and should lock automatically when login details are entered incorrectly.

Modern software also supports assigning roles and the central management of access rights for various users – because each additional person and new program means new risks. Our top security tip: give your teams minimal access rights and limit these to a specific time period.

4. Unsecure or insufficient backups

Even when all the core cybersecurity measures are followed, an end device can break or be lost, or even fall victim to a system attack. What’s needed then is access to secure backups – up-to-date ones. You can run into issues if you don’t back up your files regularly or if the copies are temporarily stored in a badly protected cloud that is also vulnerable to ransomware that has found its way into your system or device.

The solution:

Only a backup separated from the internet on external local servers provides a fully protected version of your content. This is also the best way to store your terminology databases and translation memories. That means any existing texts and translations end up encrypted in your archive and, if needed, can be retrieved without any loss of data. Ideally, you can not only retrieve the latest copy, but also various backup versions. An additional business continuity management system (BCM) ensures that your systems can be restored in minutes in an emergency.

5. Untrained project participants

You can’t just rely on secure technology to identify security risks – you also need people, and they need to be keeping an active eye on what’s going on. Both internal and external project participants shouldn’t simply expect the system architecture to do the work of keeping things secure during the translation process, but should be trained in risk management and the relevant processes and should also keep a keen eye out for any critical content. And even the best confidentiality measures don’t mean a thing if people can simply stroll into your offices unannounced.

The solution:

Ensure your team has clearly defined responsibilities and determine who at your language services provider receives which information and who needs confidentiality agreements. Both project managers and freelancers should be made aware of security issues on an ongoing basis, so they can advise clients too if they spot something. When it comes to translators, careful recruitment and the ISO 17100 and 9001 standards guarantee clearly defined translation processes and ensure that the translators know how to properly use translation tools. IT user guidelines and a visitor policy for your offices can then regulate the use of devices and access to your premises.

Supertext is secure in 100+ languages. With ISO certifications for translation quality and information management and tailor-made processes for confidential information. And a team that is constantly trained and tested on security issues.

Read more about our security standards or get in touch with us.

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *