How a Translation Project Can Put Your Data at Risk (and How to Mitigate the Risks)

Are you aware of all the risks to your sensitive data when it leaves a secured environment?

A single translation project has the potential to pass through many different hands until it is returned to the customer. Your data could be seen by project managers, translators, proofreaders, editors, graphic designers, subject matter experts and many more during its life cycle. Everyone person on this list is an essential part of the process and represents a point where your data could be at risk.

Language Service Providers (LSP) regularly handle highly sensitive data and content, including legal contracts and documents, which confidentiality clauses may protect. Customers send these files into the translation process and may give little thought to how many touchpoints there are in the process and how often that document is at risk from an external threat.

Let's look more closely at a simplified version of a translation project and identify how often your valuable documents could become an information security risk.

Step 1: The Customer Request

The first risk starts at the beginning of a translation project when a customer sends their request to the LSP Project Manager via email. Any documents attached to the email are open to interception and theft by cyber-attacks. Additionally, emails are easy to mismanage and could be forwarded to the wrong account, exposing your data to unknown sources.

If your LSP can only receive your requests by email, you are opening yourself up to a considerable amount of data risk, including sensitive data exposure.

Step 2: The Project Manager Forwards the Request to a Third-Party

Once the Project Manager has received the request, they will find the best translator for the job. Many LSPs use third-party freelancers who work outside of the LSP’s IT network. This means that the data is once again at risk as it is sent by email out of the secured network to the translator’s account.

However, there is an additional threat this time as the Project Manager will often include the Translation Memories (TM) for the account in the email, fully exposing this data to any cyber threat. The TM file could also contain all the data for the entire account, not just the terms relevant to this specific project.

Step 3: The Translator Stores the Files Locally

Once the off-site translator receives the files, they will be able to store them locally on their PC. There are many data risks at this stage, and much of the mitigation depends on how diligent each third-party freelancer is about their personal security.

While many freelancers take data security exceptionally seriously, some do not. Many may not even realise the level of risk as they are not expected to be IT security experts, and even the most conscientious translator could have vulnerable points in their systems.

Common security risks could include poor password management, insecure public internet connections, irregular security patches to applications and inconsistent data backups.

Cybersecurity experts BlueVoyant report that four in five companies have suffered a cybersecurity breach due to a third-party vendor. Whenever an LSP lets data leave their network to a third party, be they a translator, proofreader or subject matter expert, the data is put at immediate risk.

Step 4: Translation Memory Mergers

Another problematic part of the process is when the TM leaves the LSP network to be merged with an off-site, third-party copy. Often this will require a manual merger of the two data sources, which can be notoriously difficult and prone to errors. We are all human, after all.

Additionally, the TM itself is a risk when it leaves the security of the LSP's network. The data it contains could be exposed to external threats and theft. Sometimes clients may be using a shared TM with other businesses, putting their data at risk of exposure without even realising.

Translation memories can be lost or corrupted during a manual merger or even during the transfer from the LSP to a third party. Keeping the file safely inside the LSP's network is the safest way to secure this vital information.

Step 5: The Translator Emails the LSP

Finally, we come full circle, and the finished file is emailed back to the Project Manager at the LSP. Once again, all the vulnerabilities of sending documents by email are open to attack.

If the LSP requires additional off-site third-party resources at this point, the entire cycle begins again. However, if the project is complete, the LSP returns another insecure email communication to the client containing the data to complete the process.

How to Mitigate the Risks of a Translation Project

There is a straightforward way to mitigate risk to your sensitive data and content. Keep it inside a fully secure and regulated environment throughout the entire lifecycle of the translation project.

Every time data leaves an LSP's network it is exposed to risks, including theft and breach of confidentiality clauses. By ensuring that no data ever leaves your LSP's ecosystem, you can be secure in knowing that it is protected behind an enterprise level of cybersecurity.

At LanguageWire, our client's projects are fully managed through our enterprise-grade secured environment. All specialist tasks, including translation, are carried out within our language management ecosystem using our suite of tools, including Smart Editor, our bespoke online CAT and validation tool.

All your data stays within our ecosystem from start to finish. Here it must adhere to the strict regulations of our ISO 27001 compliant information security system. It is encrypted throughout the process and securely backed up to the cloud for continuous data protection. This dramatically reduces any risk and makes all data available to you and our translators whenever you need it.

Learn more about our language management ecosystem and how we can help you to stay secure from start to finish in your next translation project.