What is the IT Security policy in your business? Thread poster: Anne-Charlotte PERRIGAUD
|
|---|
Here is a link to an article by thebigword.
In this article the author explains why thebigword has a highly secure IT infrastructure. The text also mentions the fact that drastic security measures are necessary due to the nature of the documents translated for their end-clients (highly confidential documents get encrypted and so on).
According to the article, the system implemented at thebigword is one of the most secure systems in the translation industry.
... See more Here is a link to an article by thebigword.
In this article the author explains why thebigword has a highly secure IT infrastructure. The text also mentions the fact that drastic security measures are necessary due to the nature of the documents translated for their end-clients (highly confidential documents get encrypted and so on).
According to the article, the system implemented at thebigword is one of the most secure systems in the translation industry.
http://www.translationdirectory.com/article561.htm
- And you, how do you protect your clients' sensitive data?
- Where are your servers housed?
- Do you encrypt your files?
- Do you use secure connections when sending your files?
- How do you manage privacy issues?
- How do you handle cloud computing issues?
- What are your security strategies?
- How do you back up/delete sensitive projects?
Share your thoughts...
Cheers,
Anne-Charlotte
---------------------------------------------------------------------------------
Anne-Charlotte Perrigaud / E-FRENCHTRANSLATIONS
Traduction – Interprétation – Conseil
Traductrice diplômée de l’université de Londres
Membre de la Société Française des Traducteurs (SFT)
Membre de Proz : http://www.proz.com/translator/33889
.........................................................................................
18, le Clos Bellanger - F-35890 Bourg des Comptes (France)
E-mail : [email protected]
Web : www.e-frenchtranslations.com
----------------------------------------------------------------------------------
[Edited at 2012-10-05 11:15 GMT] ▲ Collapse
| | | | neilmac
Spain
Local time: 02:17
Spanish to English
+ ...
| A wing and a prayer | Oct 5, 2012 |
- And you, how do you protect your clients' sensitive data?
-> No special measures taken, requested or required to date.
- Where are your servers housed?
-> I have no idea - I didn't know I "had" servers.
- Do you encrypt your files?
-> Not usually, and not for security purposes, but iI could do if the need ever arose. Which it hasn't.
- Do you use secure connections when sending your files?
-> I don't know, probably not, I use free webmail.
- Ho... See more - And you, how do you protect your clients' sensitive data?
-> No special measures taken, requested or required to date.
- Where are your servers housed?
-> I have no idea - I didn't know I "had" servers.
- Do you encrypt your files?
-> Not usually, and not for security purposes, but iI could do if the need ever arose. Which it hasn't.
- Do you use secure connections when sending your files?
-> I don't know, probably not, I use free webmail.
- How do you manage privacy issues?
-> By not worrying needlessly about them.
- How do you handle cloud computing issues?
-> I am highly suspicious of it, so avoid anything to do with clouding like the plague.
- What are your security strategies?
Mine basically consists of a freeware anti-virus, avoiding spam whenever possible and not letting anyone else use my main PC and laptop. I have one backup PC and recently bought a backup laptop for friends or colleagues to use when necessary.
- How do you back up/delete sensitive projects?
-> No special measures.
[Edited at 2012-10-05 07:55 GMT] ▲ Collapse
| | | | | Thank you very much for your input, neilmac :-) | Oct 5, 2012 |
Dear neilmac,
Thank you for your reply.
What is everyone else doing in terms of security?
Anne-Charlotte 
[Edited at 2012-10-05 08:08 GMT]
| | | | Samuel Murray 
Netherlands
Local time: 02:17
Member (2006)
English to Afrikaans
+ ...
neilmac wrote:
- And you, how do you protect your clients' sensitive data?
-> No special measures taken, requested or required to date.
I think clients should realise that freelance translators don't have the resources to actively protect such data and can only passively protect it. In other words, freelancers often can't prevent anyone from stealing the information from them, but they can promise not to deliberately share it with unauthorised parties.
In a typical freelancer's home office, the entire hard drive is not encrypted, any script kiddie can sidestep the computer's login password if they have physical access to the computer, the e-mails and IMs are not sent via encrypted networks, and the computer is often not even in a separate room. Not all houses have alarm systems etc, and one seldom finds a tracking device in the computer to recover it or a remotely activated drive wipe utility to destroy it when stolen. Some translators still use WEP (not WPA).
A freelancer can also buy a safe to place his computer in every night, and I think there are utilities out there that sends an SMS whenever the computer gets switched on.
I just wonder how many of these things are really necessary. I agree that one should take a good look at any new technology that might help compromise client information, and make informed choices about them, but I still think that clients should not expect freelancers to protect their data any further than a promise not to share the information deliberately.
One thing I personally did was to get into the habit of locking my screen literally whenever I get up from my chair, even if I'm alone in the house (a good habit is one that you always do, even when no-one's around).
- Where are your servers housed?
-> I have no idea - I didn't know I "had" servers.
I use third-party servers commonly used by consumers. I don't have my own servers (except for any server software that runs on my own computer). I think this is the case for 99% of freelancers.
- Do you encrypt your files?
-> Not usually, and not for security purposes, but iI could do if the need ever arose. Which it hasn't.
I encrypt files only at clients' request.
- Do you use secure connections when sending your files?
-> I don't know, probably not, I use free webmail.
I don't specifically choose secure connections over non-secure connections. I do use a secure connection to log in to my Gmail account and to download mails from my Gmail account.
- How do you manage privacy issues?
-> By not worrying needlessly about them.
It took many years to discover that "privacy" is a technical term that actually means "people's contact details". In other words, what records to you keep about the personal details of clients?
I keep my clients' contact details in the same place as I keep my clients' other files and all my work, and I keep them nowhere else (except in the e-mail program's address book, which is located elsewhere on my computer). I don't gather information about my clients other than their contact details and what their delivery preferences are (i.e. no birthdays, no photos, no information about their kids, or where they worked previously, etc).
If a client ever requested a report about all information I hold about them, I would be able to find it using a full-text search function of my files, but I hope that that never happens, because it would take me quite a while to compile such a report for each client, since I don't capture this information in a database.
I try to ensure that I don't accidentally share one client's details with another unless I believe that it is good to do so. However, my e-mail program does not warn me if I try to send an e-mail to recipients from different domain names, or if I try to reply to or forward an e-mail to someone whose address is in a different domain than the original sender's.
- How do you handle cloud computing issues?
-> I am highly suspicious of it, so avoid anything to do with clouding like the plague.
I backup my files to an online service. I make use of some online text processing services, but only if I'm satisfied that the data will not be accessed or used by people offering that service.
- What are your security strategies?
Mine basically consists of a freeware anti-virus, avoiding spam whenever possible and not letting anyone else use my main PC and laptop. I have one backup PC and recently bought a backup laptop for friends or colleagues to use when necessary.
Pretty much the same here. I use a two-way third-party firewall and third-party anti-virus software. No-one but me works on my computer -- my wife has her own laptop and my children have an old laptop that they use. We all use the same wireless network, though.
The idea of a backup laptop for family and friends is a good idea, because I think it has become acceptable that visitors are allowed to use one's electronic equipment, and it can be difficult for a freelancer to explain or convince visitors that his computer is not meant as a shared computer.
- How do you back up/delete sensitive projects?
-> No special measures.
All my projects are considered sensitive by me. I'm willing to delete client files after a job is done, if the files were sent to me by means other than e-mail. In terms of local laws, I keep all e-mails (including attachments) for 7 years and won't delete any files on the client's request, unless the e-mail was sent in error.
Samuel
[Edited at 2012-10-05 10:06 GMT]
| | |
|
|
|
Samuel Murray
Netherlands
Local time: 02:17
Member (2006)
English to Afrikaans
+ ...
| Agency versus freelancer | Oct 5, 2012 |
What is the function of that Twitter hashtag in the URL? What will happen to me if I'm logged in to Twitter in my browser, and I click that link? I googled for this but could not find the answer.
In this article the author explains why thebigword has a highly secure IT infrastructure. The text also mentions the fact that drastic security measures are necessary due to the nature of the documents translated for their end-clients (highly confidential documents get encrypted and so on).
What is described for that agency is no different from what I have experienced when I worked as an employee at a large company. These companies have separate IT departments that take care of these issue, and they have large budgets. The companies are not run from home either.
The big agency may have a secure file transmission system to the translator, but what if the translator is really just a middle-man agency that sends the files to its freelancers? The transmission between that middle man and the final translator is often far less secure than the one from the big agency to the middle man, despite any agreements signed by any parties.
| | | | opolt
Germany
Local time: 02:17
English to German
+ ...
| I take this pretty seriously | Oct 5, 2012 |
Anne-Charlotte PERRIGAUD wrote:
- And you, how do you protect your clients' sensitive data?
- Where are your servers housed?
- Do you encrypt your files?
- Do you use secure connections when sending your files?
- How do you manage privacy issues?
- How do you handle cloud computing issues?
- What are your security strategies?
- How do you back up/delete sensitive projects?
Once the clients' data are one my drive, they are pretty secure. The biggest problem is, however, that most of those files have been transmitted unencrypted over email several times, and anyone with access to the chain of relaying servers can easily get them. That is by far the weakest link. In all my career, I have not been asked once by clients to use email encryption.
I mainly use Linux for my desktop so viruses are not a problem at all. I boot into Windows occasionally but network access from/to it is very restricted, not to say crippled (basically, the network on it gets used for software updates only). The desktop and the laptop, whether Linux or Windows, are firewalled and sit behind an even stricter firewall on my home server/router, which is also a Linux machine. This host is also a backup server, to which all of the relevant files get backed up once per day. I'm not going to disclose any more details about this server because of security concerns ;-], but security on it is very tight and getting tightened further all the time.
I may switch from Linux to the Mac for desktop purposes in the future, but the firewalled server is going to remain.
I'm sure most people won't go that far and will see all the above as an exaggeration, but OTOH I haven't seen a virus or break-in in more than 15 years.
I also update all software regularly, namely Firefox, Flash and all the other Internet-facing culprits.
I use an encrypted password store for the many passwords that I have to use and can't remember. That serves the purpose of not having to rely on identical passwords for different sites/logins, which is always risky.
Cloud computing? What's that? ;-] As far as I'm concerned, the cloud is an evil trap and almost completely unnecessary (at least for the single freelancer), period. Hard disk space is cheap. If you really need an offsite backup/sync facility for the few gigabytes of the typical translator, you can buy dedicated server space for your personal use only from a trusted local provider in your own jurisdiction, under a proper contract and privacy rules. Anything else leaves you to the mercy of the often arbitrary practises and/or outages of companies who are, in many cases, completely outside your own jurisdiction, will spread your files over the entire universe, and may shut down their services at will. Don't say it won't happen -- it actually has, and more than once.
| | | | | No need for this hashtag :-) | Oct 5, 2012 |
You're right Samuel, this hashtag was not needed.
I've removed it from my original post.
Cheers,
Anne-Charlotte
| | | | | Different approaches? | Oct 5, 2012 |
Thanks to neilmac, Samuel & opolt for their contributions.
Apparently, different people have different approaches to security
Interesting, isn't it?
Anne-Charlotte
| | |
|
|
|
Shai Navé
Israel
Local time: 03:17
English to Hebrew
+ ...
| Security is important and anyone can take basic steps to improve it | Oct 6, 2012 |
In my opinion. freelancers should take a more serious, yet still reasonable, approach towards data protection and protecting their system(s), which are almost always used also for personal use.
It is not hard to encrypt the hard drive(s) containing the business data and the backups. It is also not so hard to harden the security of one's system from being easily hacked, and the same goes for strong passwords (and 2-way authentication) to protect the "cloud-based" accounts and wireles... See more In my opinion. freelancers should take a more serious, yet still reasonable, approach towards data protection and protecting their system(s), which are almost always used also for personal use.
It is not hard to encrypt the hard drive(s) containing the business data and the backups. It is also not so hard to harden the security of one's system from being easily hacked, and the same goes for strong passwords (and 2-way authentication) to protect the "cloud-based" accounts and wireless network (if used).
However, as opoltm said, the most common vulnerability is the way the data is transferred. Most often it is transmitted through unsecured channels (unencrypted email, unsecured FTP server, over unsecured, or even Public, Wireless networks, etc.).
On the technical note, I think that every freelancer must invest a little in a proper backup system, both in hardware and creating an automated process (I really don't understand nor accept people not delivering on time due to a "system crash" that caused them to lose what they were working on in the last couple of days). Those who use more than one computer or tend to often work from outside their office should invest in a NAS (or a full blown server) and when working from outside the office connect to their home server through VPN.
It is not hard, nor resource consuming (for modern computers) to encrypt the hard drive(s) containing all the business data (projects, administration, emails, etc.).
I don't recommend deleting emails, except for maybe those with attachments if the client specifically asks to delete the files at the end of the project, but if the client asks, there is no reason not to delete the project files (after you got paid). Although, if the client sent them in the first place over an unsecured channel their confidentiality claims are not very serious.
When it comes to securing the local system and online accounts from being hacked to, the imperative term is Common Sense. A basis secured firewall in combination with a solid Anti-virus (to catch the odd threat that might be sent as an attachment) are more than enough. If the users don't risk their system by the very actions that they are doing, basic protection should be enough. If they do risk the system themselves, sooner or later their system will get infected/hacked not matter what software or security measures are in place. Most threats and malware find their way into the system by the approval and initiative of the (many times not even aware) user.
This also applies to online accounts. Using strong passwords (and using a password manager to manage them) and 2-way authentication where available are very important, though hardly enough because, as demonstrated recently, sometimes the databases of the online service provider are not very secured to begin with and are getting hacked for stealing the passwords.
I personally didn't made my mind about the cloud, but except for email, I'm currently not using such services for various privacy, security issues, especially in the business context.
[Edited at 2012-10-06 14:28 GMT] ▲ Collapse
| | | | Neil Coffey
United Kingdom
Local time: 01:17
French to English
+ ...
| Suggestion encryption | Oct 7, 2012 |
Whole-drive encryption is probably overkill for most people.
What I would recommend (and this is my personal approach) is to use TrueCrypt or something similar to store client files in an encrypted volume. This also makes it easy to create an encrypted backup of client files: you basically just make a copy of the encrypted volume, be it to a portable drive, cloud storage service or wherever.
Automated backups are all well and good, but they can lead you into a false sen... See more Whole-drive encryption is probably overkill for most people.
What I would recommend (and this is my personal approach) is to use TrueCrypt or something similar to store client files in an encrypted volume. This also makes it easy to create an encrypted backup of client files: you basically just make a copy of the encrypted volume, be it to a portable drive, cloud storage service or wherever.
Automated backups are all well and good, but they can lead you into a false sense of security. There is something to be said for getting into the habit of manually backing up critical files, thus ensuring that you are conscious of what is being backed up when to where and how. This avoids realising down the line that none of your files have actually been being backed up for the last month due to a driver conflict between the twiddleflop flibberjigger and the passive progressive. ▲ Collapse
| | | | Shai Navé
Israel
Local time: 03:17
English to Hebrew
+ ...
| I don't recommend manual backup | Oct 7, 2012 |
Although in theory what you say about manual vs automatic backup is valid, from my experience manual backup is almost useless because people, in general, simply don't stick with it; so after a short while (or immediately) it becomes practically non-existent because other tasks take priority.
Therefore I suggest to automate the process (as well as every other repetitive task that can be automated), but to periodically make sure that it still works as planned, as should be done anyway with e... See more Although in theory what you say about manual vs automatic backup is valid, from my experience manual backup is almost useless because people, in general, simply don't stick with it; so after a short while (or immediately) it becomes practically non-existent because other tasks take priority.
Therefore I suggest to automate the process (as well as every other repetitive task that can be automated), but to periodically make sure that it still works as planned, as should be done anyway with every critical business process, especially IT related.
I suggest creating a Home directory containing folders with all the relevant business and/or personal information and back it up. This simplifies the entire back up process because only one folder is being backed up and one doesn't have to hand pick various source folders from different (sometimes arbitrary) locations. This also simplifies the testing and restore processes. ▲ Collapse
| | | | Jaroslaw Michalak
Poland
Local time: 02:17
Member (2004)
English to Polish
SITE LOCALIZER | Backup verification | Oct 7, 2012 |
Both of you are right and the solution is simple - backup automatically, verify manually. That is, from time to time (you might schedule a reminder to "automate" yourself!) go over the backup directory and check whether everything is there. While this is recommended for local backup, it is actually essential for online backup - otherwise all your data might as well go into an online black hole...
Make sure you check also the content of the files - the fact that the online server li... See more Both of you are right and the solution is simple - backup automatically, verify manually. That is, from time to time (you might schedule a reminder to "automate" yourself!) go over the backup directory and check whether everything is there. While this is recommended for local backup, it is actually essential for online backup - otherwise all your data might as well go into an online black hole...
Make sure you check also the content of the files - the fact that the online server lists all the right file names and sizes does not mean the data are actually there. That is why a recovery of random set of files might also be useful - but naturally to a third location, not to overwrite the files which were originally backed up. ▲ Collapse
| | |
|
|
|
| Thanks for your input everyone :-) | Oct 11, 2012 |
Thanks for sharing your thoughts and tips here.
Very inspiring...
Cheers,
Anne-Charlotte
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » What is the IT Security policy in your business? | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
| | Protemos translation business management system | Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!
The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
Translation news
