On recent rail journey I got talking to the information security team of a well-known retailer. We discussed how you don’t have to look far these days to find reports of data breaches. They’re everywhere – and they’re getting worse.
From the recent CEX cyber-attack to the Equifax data breach and General Data Protection Regulation coming into force in May 2018, security – especially securing PII – was front of mind of their Senior Management team.
There was talk of preventing cyber-attacks, ensuring that the nefarious software – including malware – wasn't downloaded by employees using their laptops while outside the corporate network, and how to manage the whole BYOD issue. In response the organisation had recently implemented an ‘Approved Software Hub’ to ensure that Trojans weren't accidentally downloaded instead of genuine applications for day-to-day work.
The lost revenue of a DDoS attack to a retailer – especially during the Golden Quarter – could make all the difference between healthy annual bonuses or threat of redundancy for some.
Not surprisingly, not once was there reference to managing their translation supply chain, nor the risk that free translation tools expose them to. I couldn't help myself. I had to ask them why… With a global customer and employee base I knew of the critical role that translation played in them reaching new markets – not only with marketing material but also with customer support across dozens of languages.
What’s that got to do with security?
My question was met with a mix of surprised faces. “What’s translation got to do with security?” It’s a common oversight among many businesses, and one that – unfortunately – I’m no stranger to. “If information isn’t shared outside the translation team, then where’s the risk?”
The reality is that many employees use free online translation tools as a quick fix – without thinking about the potential risk. The recent Translate.com data breach highlights the issue. Hundreds of thousands of documents translated by the tool were indexed and leaked online. Everything from financial documents to termination letters are now available for anyone to see.
It also shows that free tools, designed for consumers, are being used by employees to translate highly sensitive business information. Some free online translation tools also provide a backdoor, a proxy to other more malicious websites that harvest malware.
The dangers don’t end there. My advice to the group of professionals – and any business – is to educate everyone on the risks of these sites. Keep re-enforcing the message that free is never secure. And also why not stop people using sites by integrating a translation tool within your intranet, or Microsoft Office applications – available for everyone to use? Machine translation technology now make this an easy option.
Securing the translation supply chain
But the problem isn’t limited to employees outside the translation team. Global businesses are now just that – global. They deal with customers in multiple languages, around the clock. Content – whether video, web or support – needs to be translated and localised across global markets. Doing this in one language is tough – but multiple this by dozens of languages and it’s a whole different world of complexity.
Orchestrating the creation, review, and approvals for thousands of documents often involves large teams. This means sharing, storing and collaborating on documents with colleagues and partners across the globe. Considering that one of the underlining principles of the GDPR framework is to understand – and control – the data you hold, why you hold it, its sovereignty, and who has access to it, how can businesses be sure that their manual translation processes are not putting them at risk?
If any company is looking at the impact of the translation processes on security, these questions are a good place to start:
· Can you be certain that your employees are not unwittingly putting you at risk via the use of free online translation tools?
· When was a security review of your vendors and their processes last carried out? Do you know whether you are sending PII out as part of the translation process?
· Is your process for handling multilingual content fit for purpose?
· Who is responsible for security across the translation supply chain?
· Can you identify what happens to your documents after they reach your vendor?
Developments in AI make it now easy to provide all translation teams and employees with the tools they need to securely translate content, with an unprecedented level of fluency thanks to neural machine translation within a fully compliant environment. The combination of powerful translation memories, terminology managers and customisable workflows reduce translation times even further. All of this means no risk of breaches from employees with best intentions, and a fully compliant translation supply chain.
Katie Rigby-Brown, Vice President Global Financial Services, SDL
Image Credit: Wright Studio / Shutterstock