Email security for translators

This summer’s privacy leaks concerning NSA/GCHQ data collection and retention have been of great interest to small businesses around the world, as some of the internet’s leading service providers have been caught up in the blanket-sharing of data that was previously assumed to be private.

Companies that are heavily relied on by small business, such as Dropbox, Google etc., have raised eyebrows in many home offices. Previously the assumption was that if your password was secure, and the third-party service’s trustworthiness enforced by rule of law, then our data was sufficiently protected. Now we cannot be so sure. With internet cable-tapping having been confirmed now as fact by US and UK governments, it is not much of a leap to imagine other global powers (private and public) are doing the same.

Add to this that corporate espionage is showing no signs of going away, there might be cause for concern; or at least precaution. As translators we are, and always have been, potential leak points for sensitive information. The hypothetical corporate cyber-spies, wherever they might be, may be looking to find investment information or specific intellectual property. And find it they can, with ease, if proper security measures are not taken. Not so much a problem for public-facing website translations, a bit more of a concern for corporate mergers, product development info and top-level HR disputes (among others).

We are asked to sign NDAs with our clients on a regular basis, yet rarely are we requested to take any further action. Our clients have covered themselves with the NDA; any leak then becomes our responsibility.

So what can we do?

Most leaks would emerge from the emails we send and devices containing the sensitive information. Yes, printers can store information, and removable media can be lost or stolen, but the most probable attack vectors are laptop theft and simple hacking, malware and system penetration techniques.

Fortunately for us, as it stands, we have encryption on our side to mitigate these risks. I wrote in detail about how to practically go about implementing these in the Translation sales handbook, arguing that data security was good added value for a translation business to offer. For now, I’ll sum it up in one line:

Encrypt sensitive client data using a trusted encryption tool before sending over any wires or uploading to any third-party service.
This way you are covered to the best of your reasonable responsibility, and your privacy-aware clients will appreciate your efforts. You can then continue to email the files via webmail or third-party email and file-sharing services, safe in the knowledge that the data is protected through to the client and locally on your machine.

In this pre-encryption-as-standard era it is simple enough to implement a basic level of protection. It is good to be aware that none of the digital systems we use are ever 100% secure and that it doesn’t take much to start to approach a responsible level of security.

Recommendations

For file and disk encryption - Truecrypt - widely recognised as one of the most closely scrutinised open encryption tools available

For email encryption - Enigmail with Thunderbird - although this can take some setting up, plenty of tutorials online

SFTP - secure FTP - covered in the Translation sales handbook - a useful way to create an end-to-end secure connection

HTTPS - at least always use the secure version of websites where possible - especially if using the internet in public locations

Published by using 577 words.

Next:
Previous: