It’s time to review your technology security for online users

Digitization and remote working has become the new norm as a result of the pandemic, writes Ofer Tirosh, CEO of Tomedes Language and Globalization Solutions, which means the technologies making this possible should be one of the focal points of your company's cyber security strategy.

This article will cover how some translation services have been thriving while others have suffered through the pandemic. It will also cover digitization and remote working, as well as the security issues that are bound to occur in online business interactions. Thus, these services have become integral to the security of businesses who use the virtual work model.

How businesses survive post-pandemic with translation services

In this day of self-isolation with call centers, offices, and even shopping centers, sports venues, bars and other entertainment establishments still being closed down, it is easy to see how more traditional businesses were negatively impacted by the coronavirus, a global pandemic. In the case of translation services, live interpreters were among those who suffered most, while medical translators were steadily increasing in demand as a direct result of this global crisis. Many translation services were in a very good position to help businesses to survive post pandemic.

There are many of these translation services that have already digitized their operations. That is to say that their employees work largely from home or telecommute and do not gather together in large offices. In terms of interpreters, many of them provide their services online through video conferencing technologies. As a result, translation services, which provide for a variety of critical language business requirements post-pandemic, are currently thriving with some agencies even hiring new employees. Human translation is an integral part of the global fight against the coronavirus and the digitization of translation services seems to be the ideal means to aid in the ability to continue with the necessary work, while at the same time mitigating any immediate threats or risks to employees and others directly involved with that work.

The technological revolution and the digitization of industry

There is little doubt that the coronavirus outbreak will change how literally everybody lives and works. As a direct result of this latest global pandemic, many businesses have increased the pace at which they are moving online or digitizing business operations. While the technological revolution is not in the headlines as much these days as it was before, it is surprising just how much of the world can function normally even in an online setting. Telecommuting has long been an industry standard throughout Europe and around the globe.

Accounts Payable and Receivable work can easily be moved online with remote employees or even outsourced to a third-party company. Information Technologies or IT work is a field where telecommuting is virtually as “normal” as working in an office setting. It does not take much manpower to run a computer server center, and even then, much of the more technical work can be done remotely. This helps to reduce costs for everyone involved including the business.

Where before, each employee would need desks, computers and other expensive equipment, most people already have all of the requisite tools at home. Consumption of utilities is substantially decreased for digital companies as they no longer have to worry about the consumption of such large volumes of water, electricity or even heating and cooling systems necessary for a safe office environment.

Even Logistical Supply Chain operations can be largely automated, greatly reducing the number of physical employees required on site to complete these tasks. Amazon has introduced a great many automation devices in many of its facilities, and while it still employs a great many people, there can be little doubt that automation is an ideal goal for Amazon and other similar companies.

For companies offering translation and interpretation services, the process of automation is not imperative to their success. Machine translations will work well enough in some cases, but fields such as legal translation and medical translation require linguistic specialists, familiar with the subtle variations and nuances of language translation. The same holds true in many other areas as well, including the translation of sales and marketing materials or in the realm of academic translation services. The digitization of both translation and interpretation services seems more of an inevitability than just an added convenience in the digital age.

The hazards of digitization and translation services moving online

Working in fully digital translation services will decrease the impact of any future global pandemics, and can even help the companies to thrive during the upcoming economic recession that is a direct result of the coronavirus. There are other types of viruses and concerns when working online, for the translation and for everyone else.

From the diplomatic interpreter to the medical translator, most agencies will deal with large volumes of sensitive data that must be protected. Some of this data will be stored in open files and some of it will be stored in databases, and some of it may even be stored offsite in other servers or with cloud computing servers. When this data is moved or stored online, it becomes subject to numerous attacks from unscrupulous hackers.

Moving all of this sensitive data online means that the agencies will now be tasked with the need to keep all of that information safe. In order to accomplish this, there are many steps that can be taken internally, but there are also additional groups and organizations that can also provide a great deal of support for online security measures for a minimal investment.

According to a study conducted by CBS News, more than 80% of all businesses have reported being successfully hacked. According to a similar study conducted by inc.com, 60% of all businesses that have been successfully hacked will go bankrupt or otherwise be forced to close within six months of a successful cyber attack.

Password protection – the first defence against online virus attacks

User passwords in a translation or anywhere else, are the first line of defense against online hackers and other “Black Hats”; people online with a more nefarious purpose in mind. Forbes has made a list of the one hundred worst passwords that are commonly in use by computer users, but what is missing is a viable formula that can be used to generate passwords that are extremely difficult to hack at all and virtually impervious to “blunt force” attacks or programs.

Nobody should ever hand the password out to anyone unless the person requesting it is an IT person within the translation services. Even then it is a good idea to verify that they have a legitimate need for that information and have been authorized to access it, though they should already have access to such information.

A “Blunt force” attack is one in which a program is used to try common passwords and password combinations in order to force its way into a computer network or even a single computer. These programs work incredibly fast compared to their human counterparts, entering literally tens of thousands of common passwords in hours. There is one way however, where very complex passwords can be generated, a record kept of them and nobody being any the wiser.

Igmv1stk(fEPNH)it2ndg(aNoSH) What? How can anyone possibly remember such an awkward password. Sure, it would be challenging to translate that into anything meaningful, or would it? Passwords over twenty characters in length with capital letters, small letters and numbers are very difficult for even blunt force programs to hack and can be equally as challenging for the social hackers. The passwords only work if the people creating them can remember them. There is however, an easy way to do just that here.

The above mentioned password looks difficult, but it is not. One need only think about a particular point in time of their life and a special event that may have occurred then. How many people will ever forget their first kiss? The reference above is easy to remember that way. What does it mean?

Igmv1stk(fEPNH)it2ndg(aNoSH) = I got my very 1st kiss (from Enter Person’s Name Here) in the 2nd grade (at Name of School Here) Note: The name of the person would be their initials and the name of school would be replaced with the initials from the school.

Some people will be able to easily remember these passwords while others may struggle a little, especially when first using such a system. Remember this though, even if someone is thumbing through a journal and sees a note with the reference sentence plainly written out for the world to see, how many people will immediately associate that with their passwords? Most will just presume it to be idle scribbling, perhaps while distracted or bored during other tasks.

A selection of six to eight such passwords, rotated on a regular basis, will help even the average translation agency to help their translators and interpreters avoid any unpleasant hacks. Though email hacks are also an increasingly common threat.

Social engineering and human hacking online and off

There is another potential and more common security risk for online data storage, and most notably for passwords that is commonly overlooked. Social engineering or what is more commonly referred to as “human hacking” in the modern age, has its roots in corporate and political espionage. This process has, however, been refined for the internet and using the guise of friendship as a means to gain access to personal data and other information that can be used to deduce passwords or to answer security questions.

In this day and age where people routinely get online and post the most intimate details of their lives on social media sites, it is easy to glean a sufficient amount of information about many people to get some of the answers to common security questions, and other dates and references that can be used to deduce probable passwords. If someone is to look at a Facebook page, search through their friends list until they find the mother, and now they have the maiden name, a very common security question.

A deep enough search can reveal teachers, best friends, pet names and a host of other information that is commonly used for security questions online. These efforts are often followed up by a friend request from someone unknown, and who will approach the individual with a common interest or even concern. These people will love to chat and in the middle of these conversations, will ask seemingly innocuous questions in order to fill in any gaps and give them any specific information that they may be missing.

If there is any consolation, it is unlikely that a translation company would be subject to such personal attacks, or human hacking attempts. These types of attacks are generally reserved for specific data with a specific goal in mind. Translation services that work with the diplomatic corps would be the most likely target of such personal attacks, and perhaps some translation agencies working in the fields of medical translation or legal translation. However, general translation service agencies should not need to spend an excessive amount of time on such concerns. There is still some need to counter the equally personal hacks known as phishing attacks.

Phishing (pronounced “fishing”) attacks are attacks that are generally conducted through email, though they may also be instigated in message programs and on social media accounts. One of the first rules should be to remember to never click on any link within an email. If there are any exceptions to this, it is when first signing up for a website when they send a confirmation email to the email address used to sign up for the account. Other than that, there is virtually no excuse to ever click on an email link.

While it may be difficult to imagine, there are people who make their living copying virtually an entire website and giving it every look and feel of being a legitimate website. These “cloned” websites are then lin

ked to, generally in emails, though occasionally in chat programs or on social media. Someone may get a warning that their paypal account is in imminent danger of being closed but all they need to do is “click on this link” and the problem can be resolved.

When the individual clicks on the link, they are led to a website that looks for all intents and purposes, exactly the same as the actual paypal website. Unfortunately, as soon as they have entered their account information, there is someone on the other end who will likely go in and empty their real account before the victim knows that there is anything wrong at all.

These same types of attacks are frequently used to access bank account information, credit card information and a host of other information that can be used or even sold by the Black Hats, hackers, crackers or others with a malicious intent. This leaves only the servers and other internal file systems of the agency open and vulnerable, though even that threat can be greatly mitigated.

Database and file security and PenTesting

Ethical Hackers or White Hat Hackers are people who utilize many of the same techniques and methods as black hat hackers in order to test a system for vulnerabilities. The process itself is known as PenTesting or Penetration Testing. Such testing should be mandatory and a regular part of any fully digitized translation services that has cause to store sensitive or secured information online. Even the most competent database manager or systems administrator can miss minor details that could prove very costly.

Hacking has been responsible for many digitized businesses going bankrupt. Ransomware attacks are one of the most common types of attacks, even impacting entire city and state operated computer networks. The loss of sensitive data is another difficult area where a breach can result in expensive lawsuits and other legal concerns. What is surprising is that despite the size of these companies, and the expanse of their computerized data systems, they were not using pentesting in order to ensure that all of their systems were fully secured. There were of course some rare exceptions where a disgruntled employee was responsible for the loss, but most of these hacks could have easily been prevented through the use of pentesting services provided by cyber security specialists.

The current COVID 19 global pandemic will eventually end, as will the economic downturn that is forecast to follow this worldwide virus outbreak. Those translation agencies that have already digitized will not be likely to suffer nearly as much as the more traditional “brick and mortar” translation and agencies and interpretation service providers. Fortunately, it should not be exceptionally difficult for virtually any translation services in the European Union or elsewhere to go cyber in this digital age. However, replacing one bad virus with yet another digital virus is never going to be conducive to good business

Ofer Tirosh, CEO of Tomedes Language and Globalization Solutions will be updating the issue covered in this article on a regular basis 

 

ELIS SURVEY 2021