IS YOUR LANGUAGE SERVICE PROVIDER MEETING THE CHALLENGE OF PRIVACY PROTECTION IN A VIRTUAL WORLD?

Transcription

1 IS YOUR LANGUAGE SERVICE PROVIDER MEETING THE CHALLENGE OF PRIVACY PROTECTION IN A VIRTUAL WORLD?

2 TABLE OF CONTENTS 1. Introduction to Cyber Fraud 2. What is Document Security? 3. Document Hosting and 4. Controlled User Access 5. Digital Rights Management Software 6. Professional Liability Insurance 7. Cyber Security Insurance 8. Summary 2

3 Introduction to Cyber Fraud As technology advances, businesses and individuals find themselves with a wealth of information at their fingertips through their smartphones, tablets and laptops. Just as legitimate user access grows, unfortunately, the risk of cyber fraud increases as well. Online crimes proliferate as hackers and organizations develop more sophisticated ways to illegally access personal information or company intellectual property. In order to protect your organization against the many threats online, it is important to understand that these types of threats and attacks exist and know how to prevent yourself from becoming a victim of them. Intellectual Property Theft One of the leading causes of economic loss today is IP theft. The risk may be from competitive organizations, foreign entities or for political gain. The threat impacts individuals (identity theft), corporate revenue as well as economic growth and sustainability. Overwhelming evidence has demonstrated that massive internet transfers of wealthgenerating innovations to rivals domestically and abroad, are resulting in serious consequences for advanced economies for decades to come. The four main types of intellectual property theft include patents, trademarks, designs and copyrights. But virtually any confidential information (financial, medical, production systems, legal, marketing 3

4 strategies) is at risk when it is in flight or at rest on the internet. 1 The most common industries to suffer financial losses due to Cyber Fraud are banking and financial services, government and public administration, and manufacturing industries followed by mining, real estate and the oil and gas industries, which had the largest median reported financial losses. 2 The majority of intellectual property theft takes place the oldfashioned way: hard drives are either duplicated on site or physically stolen by bribed employees; employees are planted temporarily in companies or permanent employees leave and illegally share proprietary information; products are dissected, re-engineered, and sold without permission or payment of royalties. Intellectual property that is stolen over the Internet constitutes only a portion of total IP theft: digitized products are pirated and sold illegally; phones are tapped for the purpose of obtaining trade secrets; and accounts are compromised. The list goes on. The stories that appear in court records and occasionally appear in the media demonstrate that while there are new tools being utilized in IP theft, traditional tools continue to cause enormous damage. Totaled, it is safe to say that dollar losses from IP theft are hundreds of billions per year, which is at least in the range of total exports to Asia in 2012 (valued at $320 billion). While traditional industrial espionage techniques have been used extensively, cyber methods for stealing IP have become especially pernicious. An Example: Screenplay for New James Bond Film Spectre Stolen in Sony Cyberattack 3 1 National Initiative for Cyber Careers and Studies 2 Association of Certified Fraud Examiners 2014 Report to the Nations 3 Source: by Associated Press 12/14/2014 AT 01:45 PM EST 4

5 The producers of the James Bond films say an early version of the screenplay for the new movie Spectre is among the material stolen in the massive cyberattack on Sony Pictures Entertainment. Eon Productions said [ ] it is concerned that third parties who received the screenplay might seek to publish it. The film's cast, including Daniel Craig returning in the role of the famed agent 007, was announced by director Sam Mendes in April and December. The company warned the screenplay is subject to copyright protection and that "all necessary steps" would be taken to protect the rights of Metro-Goldwyn-Mayer Studios and Danjaq LLC, which is responsible for material related to James Bond on screen. There's been speculation that North Korea is behind the cyberattack in retaliation for the upcoming comedy The Interview. The film depicts an assassination attempt on North Korean leader Kim Jong Un. North Korea has condemned the film but denied the hack. An everyday challenge How often do you find yourself briefly stepping away from your office or work area, leaving confidential information at the fingertips of whomever may access your computer? It is hard to believe the 5

6 amount of confidential information that is siphoned from companies under these types of circumstances, yet most of us are guilty of this practice. As professionals, we need to be the first to set the example to protect any information, personal or corporate, from exposure to unauthorized third parties. Perhaps your team is working on financial information for an M&A with a foreign company. When this information moves on to translation, you need to be certain you are using a vendor that has taken every precaution to prevent this data from finding its way into unwanted hands. What about personal information collected for health care studies, or clinical research? This information requires linguists that follow HIPPA guidelines, and your LSP should be managing their linguists and their team in the same fashion. Are you certain that they are? If you stop to think about it, all of the information you send to an LSP, no matter what industry it pertains to, should be shielded with as much protection as possible. At Human Touch Translation we have made information security one of the pillars of our business: Human Translation, Professional Linguists, Accuracy and Security. 6

7 What is Document Security? It is the certainty that there is a seamless end-to-end chain of custody from the moment you upload your documents to Human Touch Translations secure network until they are back in your domain. Have you ever stopped to think about what happens to your documents once you hand them off to your language service provider? For example, how do you send them? Via standard ? Do you upload them to an FTP site? Technology advances, resulting in increased risks associated with these delivery methods. Human Touch Translations is an experienced language service provider thoroughly familiar with how document translation services are carried out and the inherent risks that you may inadvertently be taking. Today we are living in a virtual world, where almost 90% of employees use their personal technology platforms (smartphones, tablets and laptops) at work. And over 75% of company information is carried on personal mobile devices that employees take home and access confidential information from unsecured networks. 4 As such, 4 The Impact of Mobile Devices on Document Security, Dimensional Research, Jan

8 companies of all sizes are faced with the challenge of managing the security of their information, which is constantly in motion, and unsupervised. We have deployed numerous technologies to provide your company with a seamless chain of custody from your office to ours and back. Document Security is one of our standards for the protection of confidentiality. Our first line of defense begins in the transition of your documents to us. Human Touch Translations migrated to Amazon Web Services (AWS) cloud one of the world s most secure computing platforms. For added protection for inbound and outbound s we use Appriver s datacenter (Audited SAS 70 Type 2) secure web portal technology. s are encrypted at rest and in flight and are processed at Appriver's secure datacenters. We can provide our vendors, employees and clients with a secure environment that has end-to-end security when the highest levels of transmission are required. The incorporation of Appriver data centers was made to insure that all of your data for translation that requires high-level security is always routed in a For Your Eyes Only (FYEO) environment. 8

9 To complete the secure chain of custody between your office, Human Touch Translations, our linguists, and back to your hands, we have incorporated digital rights management software. All your documents are free from the risk of being forwarded to, copied, downloaded or misused by unauthorized third parties. Document Hosting and Human Touch Translations utilizes a scalable cloud-based computing platform offered by Amazon Web Services (AWS) an architecture that provides you high availability and dependability, simultaneously protecting the confidentiality and integrity of Human Touch Translations and your data. AWS complies with best security practices including ISO 27001, SOC 1/SSAE 16/ISAE 3402 and FIPS AWS offers data, physical and environmental security virtually unparalleled in the IT industry. Multiple data centers spread throughout the US and the rest of the world ensure a high level of availability and provide a fault-tolerant design for disaster recovery. Human Touch Translations Windows servers reside as an instance on the EC2 AWS cloud that is hosted by Amazon in its West Coast facilities. We are currently hosting two Microsoft Windows 2012 R2 standard servers on EC2. We utilize Microsoft Exchange solution for servers that are hosted by a leading provider of hosted and domain services. Incoming 9

10 s are checked by a robust spam filter at the server level to ensure s do not contain harmful viruses that may compromise confidential data. Sensitive, outgoing s are encrypted by CipherPost software and are password protected to safeguard the s while in flight. 10

11 Controlled User Access Human Touch Translations utilizes HTTPS protocols for accessing applications residing on the AWS cloud. Access to all of our applications by clients, linguists and employees requires multiple levels of credentialing by AWS and Human Touch Translations internal systems. Files at rest are stored in the ES3 AWS cloud and are encrypted with the Advanced Encryption Standard AES-256. Inbound and outbound file access is facilitated through secure socket encrypted data transmission and with AWS multi-factor authentication. Only Human Touch Translations authorized personnel that need access to these files are granted viewing or editing rights exclusively to the files that they have been authorized for. All employees are required to install a variety of virus and Internet security software on their client PCs, including Symantec Endpoint Protection antivirus software. Daily scans of their desktops and intrusion software are running in the background at all times. Human Touch Translations does not provide accounts to freelancers or other external associates. We are able to globally view and prevent virus intrusion on all desktops, laptops, servers and other platforms. Additionally, the Human Touch Translations website is also protected by SiteLock TM, the global leader in website security. It protects any information or documents that you may upload to our site from hackers, spam, viruses and scams, removes malware and provides PCI Compliance. 11

12 Digital Rights Management Once your documents are in the hands of your language service provider, do you know what happens next? Are you aware that the language services industry is a cottage industry made up of hundreds of professional linguists working from their home offices? Although Human Touch Translations and most professional language service providers have non-disclosure agreements signed with their linguists, there is still a potential risk that your information could reach an unauthorized third party who could potentially download, print or forward it to others. In other words, is the chain of custody of your documents safe? We have incorporated digital rights management software as the final link in the secure chain of custody between your office, Human Touch Translations, our linguists, and back to your hands. All your documents are free from the risk of being forwarded to, copied, downloaded or misused by unauthorized third parties 12

13 For your peace of mind and in keeping with the integrity of our confidentiality standards, Human Touch Translations has recently deployed DRM software as our final line of defense in the battle against unauthorized parties obtaining your confidential information. The benefits of DRM software include: Secure Video Streaming: Content is streamed so nothing resides on the linguists device, preventing data leaks or unauthorized sharing. Access Options: We are able to restrict our linguists viewing to a specific device IP address or number of views allowed, on-demand remote deletion and block print and share options. Dynamic Watermarking on any File Type: Watermarks identify the recipient(s) on any type of content, preventing screen shots to obtain unauthorized access to your information. In-Depth Analytics: Human Touch Translations can track when a file is accessed, for how long and many other metrics that provide us with information that helps us maintain an unparalleled level of document security. Strong information security management features are supported by detailed audit and management reporting systems which have been developed to handle the most challenging information. The information rights management technology being used provides persistent security that travels with files and applies post-download, even when files are sent externally or accessed from unmanaged mobile devices. No information security management solution is complete unless it has useful auditing and management reporting. The DRM technology has file-level audit trails that capture every action. For security officers, it provides one-click views of everything a user has access to, or, from the perspective of a file or folder, everyone who has access to it and what they can do with it. 13

14 Professional Liability Insurance What does it mean to you? Professional liability insurance is coverage that a typical general liability insurance policy does not include. General liability insurance responds to bodily injury, property damage, personal injury or advertising injury claims. Professional liability insurance is specific to professional services and products that can allow claims for harm other than those mentioned above, such as negligence, misrepresentation, violation of good faith or inaccurate advice. In the case of language service providers, professional liability insurance is particularly important to provide coverage against liability in case any errors or omissions are introduced during the translation process. Human Touch Translations works to ensure your peace of mind. For this reason, we carry a significant professional liability insurance policy that can protect you in case of errors and omissions. This means that your company can be covered under our policy, that s how confident we are. 14

15 Cyber Security Insurance In today s virtual world, the challenge of maintaining the privacy of individuals information and preventing unauthorized access to strategic and financial data has become overwhelming. Major corporations have suffered cyberattacks that have had immense financial impact on them and jeopardized the security of their clients information. On a daily basis, Human Touch Translations endeavors to identify ways to protect our clients and their clients information. As a pioneer in the language services industry, we have acquired cyber security insurance, yet another layer of protection in our virtual world. Our policy requires that Human Touch Translations employees be trained and certified in cyber security. At your request, your company can be covered by our policy. Summary Being aware of the efficiencies that technology affords us, it is important not to ignore the inherent risks that abound in a virtual world. In addition to its innate qualities, ask yourself if your LSP can meet today s virtual challenges with all of the protection that Human Touch Translations has deployed to protect you: Secure web portal technology AES-256 file encryption Multi-level authentication PCI Compliance Controlled User Access Digital Rights Management HIPPA compliant Technology and linguists Professional Liability Insurance Cyber Security Insurance Human Touch Translations invites you to experience our secure cyber chain of custody protocols for all of your document translation 15

16 needs. We are confident that when you entrust us with your confidential information, our pioneering efforts to secure your content will provide you total peace of mind. For further information, please contact us at: Human Touch Translations 1010 Northern Blvd., Suite 208 Great Neck, NY P: F: