Breaches in confidentiality, stemming from Edward Snowden’s releases and hacking of Sony Pictures and Ashley Madison, have influenced companies and individuals to pay close attention to how their sensitive data is handled. Yet the number of large breaches that continue to occur suggests that very little is being done differently to ensure new safeguards are in place. Many companies, appearing to take a reactionary approach, won’t make changes, even as they become aware of the serious dangers that exist, until after they suffer their own data breach.
To prevent lawsuits, damages, humiliation and the bad publicity that comes with data breaches, companies must install new policies for treating data internally and externally by companies they hire to supply services. Even if companies can be encouraged to make changes, it is unclear what changes need to be made to mitigate risk. Undoubtedly, companies need to make changes in practice, policy and technology.
Nature of Security Threats
Before a company can understand how exposed it is to hackers and others with malicious intent, it needs to identify where its sensitive data is kept. For most companies, sensitive data is held by human resources, finance, marketing, engineering and legal. The data kept by these departments would generally be the most damaging if it were released. Understanding where the sensitive data is kept, what the sensitive data is and how it might be accessed for ill-intentions offers a starting point for a company’s analysis, policy creation and technology acquisition to minimize threats.
Something that managers need to realize is that not all data can be securely stored. There are limits to the number of safeguards that can be installed. By identifying the most sensitive data and tracking and identifying suspicious access, businesses can block access before it becomes a problem. Technology has advanced to the point where artificial intelligence can be used to identify suspicious activity, such as the transfer of customer data to a private e-mail address or storing records on a thumb drive. When such an activity occurs, a person’s manager can either allow the transfer or block the transfer.
Security and Confidentiality in Translation Services
Many companies trust others with their sensitive data and hope that a confidentiality agreement will offer protection or somehow ensure that their data is treated safely. Translation companies are a good example. This is an area where managers fail to do enough background research. Often businesses employ translations companies that adopt a façade suggesting they are owned and operated in the United States. Many even list local phone numbers and addresses. However, many of these businesses are operated from overseas and have no U.S. employees or U.S. offices. The addresses that they list are nothing more than rented mailboxes, and the phone numbers they provide are routed to operators located overseas. Calls to these agencies often go unanswered, and signed non-disclosure agreements from these businesses offer no protection.
A company’s confidential information should never be outsourced for translation to an overseas business. Often the translators are poorly paid workers who use computers and computer networks equivalent to ones found in an Internet café. In contrast, 24 Hour Translation, based in Houston, Texas, offers the highest level of security. Each of our translators has been thoroughly screened and we hold U.S. government security clearance. We have never had a data breach.
Sarah,
I agree with you. It’s important to know the background of the various contractors or companies you work with. Doing at least some background checks or searches and not proving too much access is key.
I suspect it never dawns on many businesses that companies often use U.S. business addresses and phone numbers regardless of where they are located. It might be prudent to have any business who has access to internal information about your company to sign a non-disclosure agreement. You never know when they might have one of your competitors as a client.
Companies are becoming more aware of the risks involved with corporate espionage. At the GoMentum automobile test facility in California, where Apple, Tesla and others are testing top secret vehicles, foreign born workers aren’t even allowed access to the facility.
Data is perhaps the most valuable asset of a company and needs to be protected. On GuestCrew we recently implemented SSL to add more security. For most companies that don’t keep data safe – they wouldn’t even know that their data is hacked, because hackers who steal data, generally leaves quietly with the stolen data and leave no traces of their hacking attempt.
I have seen how unreliable internet cafes are, specially in a 3rd world country – if a company is outsourcing their data then they are taking a big risk of losing valuable information. And like you mentioned, those signed documents means little in a 3rd world country.
Ashley Madison hack has been a wake-up call for many… It’s interesting that multiple hacks of financial details and phishing stories haven’t been as effective as Ashley Madison case. Many people just realized how careful they should have been on the web for years!