Translation company security needs to be strengthened during COVID-19 crisis

The COVID-19 global pandemic has been devastating to virtually every nation on earth. Medical translators and others are working continuously around the clock in order to do their part in the fight against the coronavirus outbreak. Some translation agencies that are largely focused online are doing quite well while services for live interpreters have suffered dramatically during the COVID-19 pandemic. This, however, brings up some interesting points about virus outbreaks, working online, digitizing the work of both translators and interpreters and also in regards to online security and viruses of a different form, writes Ofer Tirosh, CEO of Israel-based Tomedes Smart Human Translations.
Why some translation agencies are thriving and others are suffering during the COVID-19 global pandemic

In this day of self-isolation with call centers, offices, and even shopping centers, sports venues, bars, and other entertainment establishments being closed down, it is easy to see how more traditional businesses are negatively impacted by the coronavirus, a global pandemic. In the case of translation agencies, live interpreters are among those suffering most, while medical translation services are steadily increasing in demand as a direct result of this global crisis. Many translation agencies providing universal translation services are in a very good position to take full advantage of this global pandemic while others are suffering immensely.

There are many translation agencies that have already digitized their operations. That is to say that their employees work largely from home or telecommute and do not gather together in large offices. In terms of interpreters, many of them provide their services online through video conferencing technologies. As a result, translation services are currently thriving with some translation agencies even hiring new employees. Human translation is an integral part of the global fight against the coronavirus and the digitization of translation services seems to be the ideal means to aid in the ability to continue with the necessary work, while at the same time mitigating any immediate threats or risks to employees and others directly involved with that work.

The technological revolution and the digitization of industry

There is little doubt that the coronavirus outbreak will change how literally everybody lives and works. As a direct result of this latest global pandemic, many businesses have increased the pace at which they are moving onlineor digitizing business operations. While the technological revolution is not in the headlines as much these days as it was before, it is surprising just how much of the world can function normally even in an online setting. Telecommuting has long been an industry standard for more than just the translation agencies throughout Europe and around the globe.

Accounts Payable and Receivable work can easily be moved online with remote employees or even outsourced to a third-party company. Information Technologies or IT work is a field where telecommuting is virtual as “normal” as working in an office setting. It does not take much manpower to run a computer server center, and even then, much of the more technical work can be done remotely. This helps to reduce costs for everyone involved including the business.

Where before, each employee would need desks, computers and other expensive equipment, most people already have all of the requisite tools at home. Consumption of utilities is substantially decreased for digital companies as they no longer have to worry about the consumption of such large volumes of water, electricity or even heating and cooling systems necessary for a safe office environment.

Even Logistical Supply Chain operations can be largely automated, greatly reducing the number of physical employees required on-site to complete these tasks. Amazon has introduced a great many automation devices in many of its facilities, and while it still employs a great many people, there can be little doubt that automation is an ideal goal for Amazon and other similar companies.

For companies offering translation and interpretation services, the process of automation is not imperative to their success. Machine translations will work well enough in some cases, but fields such as legal translation and medical translation require linguistic specialists, familiar with the subtle variations and nuances of language translation. The same holds true in many other areas as well, including the translation of sales and marketing materials or in the realm of academic translation services. The digitization of both translation and interpretation services seems more of an inevitability than just an added convenience in the digital age.

The hazards of digitization and translation agencies moving online

For virtually any certified translation agency that provides document translation services, human translation, certified translation, marketing translation, machine translation, website translation or any other type of universal translation services, the move into the digital realm should not be complex, time-consuming or even sufficient to create any interruption of services for the translation company.

Working in a fully digital translation agency will decrease the impact of any future global pandemics, and can even help the companies to thrive during the upcoming economic recession that is a direct result of the coronavirus. There are other types of viruses and concerns when working online, for the translation agency and for everyone else.

From the diplomatic interpreter to the medical translation specialist, most translation agencies will deal with large volumes of sensitive data that must be protected. Some of this data will be stored in open files and some of it will be stored in databases, and some of it may even be stored offsite in other servers or with cloud computing servers. When this data is moved or stored online, it becomes subject to numerous attacks from unscrupulous hackers.

Moving all of this sensitive data online means that the translation agency will now be tasked with the need to keep all of that information safe. In order to accomplish this, there are many steps that can be taken internally, but there are also additional groups and organizations that can also provide a great deal of support for online security measures for a minimal investment.

According to a study conducted by CBS News, more than 80%of all businesses have reported being successfully hacked. These companies may lose access or control over their own computers in ransomware attacks, or even have their own data stolen and held for ransom. Another common plot is to steal the private information of the clients or even employees. Much of this data can then be sold for thousands or even tens of thousands of dollars on the dark web or the deep web.

A similar study conducted by Inc.com, 60% of all businesses that have been successfully hacked will go bankrupt or otherwise be forced to close within six months of a successful cyber attack. Some of these companies will face class action lawsuits by large numbers of their customers. Other companies that have been hacked may be lost due to the volume of internal documents and other information that was lost in a successful hack. What is common among all of these attacks is that they are overly expensive and damaging to the companies that are subjected to them.

Password protection – the first defense against online virus attacks

User passwords in a translation agency or anywhere else, are the first line of defense against online hackers and other “Black Hats”; people online with a more nefarious purpose in mind. Forbes has made a list of the one hundred worst passwordsthat are commonly in use by computer users, but what is missing is a viable formula that can be used to generate passwords that are extremely difficult to hack at all and virtually impervious to “blunt force” attacks or programs.

Nobody should ever hand the password out to anyone unless the person requesting it is an IT person within the translation agency. Even then it is a good idea to verify that they have a legitimate need for that information and have been authorized to access it, though they should already have access to such information.

A “Blunt force” attack is one in which a program is used to try common passwords and password combinations in order to force its way into a computer network or even a single computer. These programs work incredibly fast compared to their human counterparts, entering literally tens of thousands of common passwords in hours. There is one way, however, where very complex passwords can be generated, a record kept of them and nobody is any the wiser.

Igmv1stk(fEPNH)it2ndg(aNoSH) What? How can anyone possibly remember such an awkward password. Sure, it would be challenging to translate that into anything meaningful, or would it? Passwords over twenty characters in length with capital letters, small letters and numbers are very difficult for even blunt force programs to hack and can be equally as challenging for social hackers. The passwords only work if the people creating them can remember them. There is, however, an easy way to do just that here.

The above-mentioned password looks difficult, but it is not. One need only thinks about a particular point in time of their life and a special event that may have occurred then. How many people will ever forget their first kiss? The reference above is easy to remember that way. What does it mean?

Igmv1stk(fEPNH)it2ndg(aNoSH) = I got my very 1stkiss (from Enter Person’s Name Here) in the 2ndgrade (at Name of School Here) Note:The name of the person would be their initials and the name of the school would be replaced with the initials from the school.

Some people will be able to easily remember these passwords while others may struggle a little, especially when first using such a system. Remember this though, even if someone is thumbing through a journal and sees a note with the reference sentence plainly written out for the world to see, how many people will immediately associate that with their passwords? Most will just presume it to be idle scribbling, perhaps while distracted or bored during other tasks.

A selection of six to eight such passwords, rotated on a regular basis, will help even the average translation agency to help their translators and interpreters avoid any unpleasant hacks. Though email hacks are also an increasingly common threat.

Social engineering and human hacking online and off

There is another potential and more common security risk for online data storage, and most notably for passwords that are commonly overlooked. Social engineering or what is more commonly referred to as “human hacking” in the modern age, has its roots in corporate and political espionage. This process has, however, been refined for the internet and using the guise of friendship as a means to gain access to personal data and other information that can be used to deduce passwords or to answer security questions.

In this day and age where people routinely get online and post the most intimate details of their lives on social media sites, it is easy to glean a sufficient amount of information about many people to get some of the answers to common security questions, and other dates and references that can be used to deduce probable passwords. If someone is to look at a Facebook page, search through their friend’s list until they find the mother, and now they have the maiden name, a very common security question.

A deep enough search can reveal teachers, best friends, pet names and a host of other information that is commonly used for security questions online. These efforts are often followed up by a friend request from someone unknown, and who will approach the individual with a common interest or even concern. These people will love to chat and in the middle of these conversations, they will ask seemingly innocuous questions in order to fill in any gaps and give them any specific information that they may be missing.

If there is any consolation, it is unlikely that a translation company would be subject to such personal attacks, or human hacking attempts. These types of attacks are generally reserved for specific data with a specific goal in mind. Translation agencies that work with the diplomatic corps would be the most likely target of such personal attacks, and perhaps some translation agencies working in the fields of medical translation or legal translation. However, general translation service agencies should not need to spend an excessive amount of time on such concerns. There is still some need to counter the equally personal hacks known as phishing attacks.

Phishing attacks are attacks that are generally conducted through email, though they may also be instigated in message programs and on social media accounts. One of the first rules should be to remember to never click on any link within an email. If there are any exceptions to this, it is when first signing up for a website when they send a confirmation email to the email address used to sign up for the account. Other than that, there is virtually no excuse to ever click on an email link.

While it may be difficult to imagine, there are people who make their living copying virtually an entire website and giving it every look and feel of being a legitimate website. These “cloned” websites are then linked to, generally in emails, though occasionally in chat programs or on social media. Someone may get a warning that their PayPal account is in imminent danger of being closed but all they need to do is “click on this link” and the problem can be resolved.

When the individual clicks on the link, they are led to a website that looks for all intents and purposes, exactly the same as the actual PayPal website. Unfortunately, as soon as they have entered their account information, there is someone on the other end who will likely go in and empty their real account before the victim knows that there is anything wrong at all.

These same types of attacks are frequently used to access bank account information, credit card information and a host of other information that can be used or even sold by the Black Hats, hackers, crackers or others with malicious intent. This leaves only the servers and other internal file systems of the translation agency open and vulnerable, though even that threat can be greatly mitigated.

Database and file security and PenTesting

Ethical Hackers or White Hat Hackers are people who utilize many of the same techniques and methods as black hat hackers in order to test a system for vulnerabilities. The process itself is known as PenTesting or Penetration Testing. Such testing should be mandatory and a regular part of any fully digitized translation agency or any other translation agency that has caused to store sensitive or secured information online. Even the most competent database manager or systems administrator can miss minor details that could prove very costly.

Hacking has been responsible for many digitized businesses going bankrupt. Ransomware attacks are one of the most common types of attacks, even impacting the entire city and state-operated computer networks. The loss of sensitive data is another difficult area where a breach can result in expensive lawsuits and other legal concerns. What is surprising is that despite the size of these companies, and the expanse of their computerized data systems, they were not using pentesting in order to ensure that all of their systems were fully secured. There were, of course, some rare exceptions where a disgruntled employee was responsible for the loss, but most of these hacks could have easily been prevented through the use of pentesting services provided by cybersecurity specialists.

The current COVID 19 global pandemic will eventually end, as will the economic downturn that is forecast to follow this worldwide virus outbreak. Those translation agencies that have already digitized will not be likely to suffer nearly as much as the more traditional “brick and mortar” translation and agencies and interpretation service providers. Fortunately, it should not be exceptionally difficult for virtually any translation agency in the European Union or elsewhere to go cyber in this digital age. However, replacing one bad virus with yet another digital virus is never going to be conducive to good business.

Image: Ofer Tirosh, CEO, Tomedes translation services