Breaches in confidentiality, stemming from Edward Snowden’s releases and hacking of Sony Pictures and Ashley Madison, have influenced companies and individuals to pay close attention to how their sensitive data is handled. Yet the number of large breaches that continue to occur suggests that very little is being done differently to ensure new safeguards are in place. Many companies, appearing to take a reactionary approach, won’t make changes, even as they become aware of the serious dangers that exist, until after they suffer their own data breach.
To prevent lawsuits, damages, humiliation and the bad publicity that comes with data breaches, companies must install new policies for treating data internally and externally by companies they hire to supply services. Even if companies can be encouraged to make changes, it is unclear what changes need to be made to mitigate risk. Undoubtedly, companies need to make changes in practice, policy and technology.
Nature of Security Threats
Before a company can understand how exposed it is to hackers and others with malicious intent, it needs to identify where its sensitive data is kept. For most companies, sensitive data is held by human resources, finance, marketing, engineering and legal. The data kept by these departments would generally be the most damaging if it were released. Understanding where the sensitive data is kept, what the sensitive data is and how it might be accessed for ill-intentions offers a starting point for a company’s analysis, policy creation and technology acquisition to minimize threats.
Something that managers need to realize is that not all data can be securely stored. There are limits to the number of safeguards that can be installed. By identifying the most sensitive data and tracking and identifying suspicious access, businesses can block access before it becomes a problem. Technology has advanced to the point where artificial intelligence can be used to identify suspicious activity, such as the transfer of customer data to a private e-mail address or storing records on a thumb drive. When such an activity occurs, a person’s manager can either allow the transfer or block the transfer.
Many companies trust others with their sensitive data and hope that a confidentiality agreement will offer protection or somehow ensure that their data is treated safely. Translation companies are a good example. This is an area where managers fail to do enough background research. Often businesses employ translations companies that adopt a façade suggesting they are owned and operated in the United States. Many even list local phone numbers and addresses. However, many of these businesses are operated from overseas and have no U.S. employees or U.S. offices. The addresses that they list are nothing more than rented mailboxes, and the phone numbers they provide are routed to operators located overseas. Calls to these agencies often go unanswered, and signed non-disclosure agreements from these businesses offer no protection.
A company’s confidential information should never be outsourced for translation to an overseas business. Often the translators are poorly paid workers who use computers and computer networks equivalent to ones found in an Internet café. In contrast, 24 Hour Translation, based in Houston, Texas, offers the highest level of security. Each of our translators has been thoroughly screened and we hold U.S. government security clearance. We have never had a data breach.