ATA

Featured Article

Find a Translator or Interpreter
Search for:

Featured Article from The ATA Chronicle (June 2010)

 

Protect Your Most Valuable Assets: Data Security and Confidentiality
By Michael Wahlster

While it is easy to grasp that shiny new computers or feature-loaded laptops have a tangible value and should be protected against damage and loss, it is actually the intangible data residing on those computers that are much more valuable and, in many cases, irreplaceable if the proper protective measures are lacking.

For better or for worse, most data that drive a freelance translator’s business exist in electronic form. This goes way beyond source and target documents. We all keep reference material and glossaries on our hard drives and accumulate translation memory entries. The e-mail correspondence with our clients resides on the same drives, as do our bookkeeping files. And that is probably not everything. What about software we downloaded, our fonts, or credentials for access to websites and accounts? What about browser bookmarks and other important reference material we found on the Internet?

In discussions with colleagues, it is always shocking to learn how many translators put no thought or effort into developing strategies to secure their data, even though these data are the lifeblood of their business. Where does that leave you in case something happens to your computer after a fire, flood, or theft? Hardware is easy to replace—just walk into the nearest Best Buy and you are all set. However, with your accounting, e-mail archives, and translation memories gone, not to mention any projects you may have been working on, you will have a much harder time to recover.

Securing data against loss to safeguard one’s business intersects with another important aspect: protecting data against unauthorized access. One of the cornerstones of our business is confidentiality. Clients hand us documents with all kinds of information, and they have a reasonable expectation that those details will not go beyond our desk. Backing up and securing data will help you maintain client privacy and give you peace of mind. There are several options out there to safeguard data. Let’s get started.

Backing Up Data
Hard drives fail. It is not a question of if, but when. Environmental factors such as heat will accelerate failure. The objective is therefore to store the information not only on the hard drive but in other places as well, so that we can retrieve it from there in case of a hard drive failure.

Data backups require a strategy that takes into account the time and storage required for the backup, the ease of restoring data from the backup set, and how often data change on your computer. It is a good idea to invest some thought and planning into your backup strategy. Once disaster strikes, it is too late.

There are two types of backups relevant to the situation of most freelance translators: full backups and incremental backups. You can decide to use only full backups or a combination of full and incremental backups.
The full backup is exactly that: a complete copy of all files you want to back up to your backup storage. It is the first step in any backup strategy. While backing up takes longer with a full backup, restoring data is very simple.
The incremental backup copies those files that have been created or changed since the last full backup. It has to be based on a full backup to work. The backup time required is shorter, but restoring data is a more time-consuming process.

In your backup plan, you could decide, for example, to make a full backup every weekend and incremental backups at the end of every weekday. The backup schedule, as well as the selection of files you want to back up, depends entirely on the nature of your work and what data you are planning to secure. In any event, it is probably a good idea to arrange to have several versions of your data available at all times, just in case you want to revert to an earlier version of a file.

External Drives
Of the many choices in storage media, the external hard drive seems to have the most advantages. Those drives are available in a wide selection, and it should be possible to find one that fits most budgets and storage requirements. The cost per megabyte has fallen dramatically, so there is no reason to scrimp on external storage. External hard drives connect through a USB port and have their own power supply. Switching external drives off when not directly in use extends their life and keeps them separated from the computer and any disasters that may happen there. In addition, external hard drives are portable. You can take them with you or store them off-site when you travel, so disasters like fire, water, or theft are less likely to affect your data.

RAID
One technology that has become available to average computer users is called RAID, short for “Redundant Array of Independent Disks.” Here, a computer has two (or more) identical hard drives, and a RAID controller makes sure that the content of the first drive is mirrored exactly onto the second. This is called Level 1 RAID.

The great news is that RAID 1 automatically copies all data to a second drive. The downside is that it also automatically copies all mistakes and errors—if you irreversibly delete or overwrite something by mistake, it is gone on both drives. However, if one drive suddenly fails, you can continue working with the other drive until you are ready to get your computer fixed, and that is worth a ·lot. Just remember that it is not a true backup system; it secures availability of your computer in case of a drive failure.

Remote Backup
Thanks to broadband Internet access, remote backup solutions have become feasible. These are set-ups where your data are sent via the Internet to a remote location for storage. Remote storage locations keep data safe from disasters that may befall your work location.

The upside of remote backup solutions is that they usually synchronize your backup copies with your hard drive on a continuous basis. You do not have to worry about forgetting to back up your data. The physical safety of the remote location is also a plus.

The downside is the slow pace of data transmission even with fast broadband connections. If you are generating a fair amount of data, it will be difficult to keep up with the backups. Another caveat is that your data will be entrusted to third-party servers, which is something you may not want to do with sensitive files unless they are encrypted.

Unauthorized Access
When we think about keeping our data secure, it is important to understand that this not only serves our own interests but our clients’ as well. As ATA members, we subscribe to the Code of Professional Conduct, which states: “I will safeguard the interests of my clients as my own and divulge no confidential information.”1 In addition, many of our clients ask us to sign nondisclosure agreements that stipulate adherence to the strictest confidentiality. But even without such agreements, it seems to me that observing practices that safeguard confidentiality is only logical as an integral part of professional behavior.

Riccardo Schiaffino describes in a February post in his blog, About Translation, how some translation companies send out requests for quotes to undisclosed lists of translators and attach confidential and/or sensitive documents to that request.2 This is hardly what clients had in mind as confidential treatment of their material. After sending sensitive files to unvetted recipients, sending them by e-mail without encryption is probably the next-worst breach of confidentiality.

E-mail is inherently insecure. The message content, as well as the attachment content, can be intercepted and read by anyone at any point along the transmission path. In addition, content can be altered without the recipient’s knowledge. To make things worse, the sender of a mail message can be faked easily.

Yet, many translators and agencies seem to trust the Internet. Instead of locking up sensitive content, all they do is add arcane disclaimers to their e-mail messages. By having a system in place that protects the confidentiality of data through blocking unauthorized access, translators can use this as an important selling point in their direct-client marketing efforts.

Transmission
The transmission of data is one of the more vulnerable transactions, but it is rarely protected against unauthorized access. The most logical step to safeguard this process is to encrypt the transmission.
For a long time, the gold standard of encryption for e-mail has been Pretty Good Privacy (PGP). There are open-source versions with reasonably easy interfaces that integrate with popular e-mail clients. There is also a version for Google Mail. Early incarnations of PGP had a hard-to-master command-line interface, which gave it the reputation of being unfriendly. The good news is that this is no longer the case.

Another encryption option is to use secure FTP transfer, for which the server you connect to has to be set up. Yet another way is to encrypt the file only and attach it to an unencrypted e-mail. Many encryption schemes, like the one offered for PDF files, can be circumvented easily. If you are serious about file confidentiality, research the advantages of public-key encryption systems like PGP and select the best method available.

Travel
Many translators lead very mobile lives and carry a lot of their data with them, either on a laptop or on memory sticks. There are many risks associated with transporting your data in this manner. For example, you could lose the data, the memory device could be stolen, or officials could confiscate these devices when you enter the country. For that very reason, many business people use remote servers to store their data rather than carry them on their laptops.

If you have to travel with important and sensitive data and you want to keep them from falling into the wrong hands while on the road, you can encrypt your laptop’s hard drive or the memory stick. For an additional level of security, you can also create a hidden volume and even a hidden operating system for what is called “plausible deniability.” Here you can invisibly store data in case you are forced to reveal the password for the regular, not hidden, encrypted hard drive parts.

How Secure Are You?
Take a hard look at your computer and data situation. Determine how you would fare in case of sudden data loss. Ask yourself how well your clients’ data are protected against unauthorized access. If you have no backup and encryption schemes in place, now would be a good time to start protecting your most valuable assets and to show your clients that you take confidentiality very seriously. Make sure to check out the links in the box on this page for more information on various programs available to you.

Notes

1. ATA Code of Professional Conduct and Business Practices, www.atanet.org/membership/code_of_professional_conduct.php.

2. Schiaffino, Riccardo. “Customers Beware: The Ethics of Scattershot Translation Projects (About Translation, February 8, 2010), http://is.gd/boNGs.

Online Information Resources


Backup

Acronis Backup & Recovery
www.acronis.com/enterprise

Norton Ghost
www.symantec.com/norton/ghost

EMC Retrospect
www.retrospect.com

Encryption

GPG4Win (PGP for Windows)
www.gpg4win.org

PGP for Mac
http://macgpg.sourceforge.net

FireGPG (PGP for Google Mail)
www.makeuseof.com/tag/encrypt-your-gmail-messages-with-firegpg

TrueCrypt
www.truecrypt.org

Remote Backup

Carbonite
www.carbonite.com

Mozy
http://mozy.com/home

Dropbox
www.dropbox.com

Note: For information purposes only.
This list is not intended as a recommendation of any one product.