Last week’s data privacy breach involving translate.com is a stark reminder of the challenges facing companies when it comes to striking the right balance between keeping information secure and enabling the business. Potentially hundreds of thousands of employees have been using the free tool to translate work related content, everything from contracts to employee details – even termination letters. And all of this content is now easily available online for anyone to find.
At SDL, we’re acutely aware of the information security risks of using free online machine translation (MT) tools. More and more companies are coming to us for a client-managed MT solution that keeps information safe, and importantly, within their corporate network. This requirement becomes even more critical in regulated industries where data privacy violations mean big fines, and untold reputational damage.
I spoke to Katie Rigby-Brown, VP of Global Finance Solutions, on how leading financial institutions are tackling this very issue. In this Q&A, Katie looks at the dangers of free online tools, offers practical advice and examples of where she’s helped companies solve this very challenge.
Does this story surprise you given your experience with financial firms?
Sadly not at all. The truth is that banks and insurers are only now waking up to the risks that free translation tools (and often contracted translation processes) expose them to. In fact awareness seems to come more from publicity of other organizations’ failures rather than regulators.
It may seem obvious that free translation tools are not the most secure. If so then why are employees in financial firms still using them?
You are right, it may seem obvious – particularly once you understand how free translation tools work. Many organizations aren’t familiar with the terms of the End User Agreements and how they stipulate the way data is processed, shared or stored. As such employees will often assume that if they can access these sites – then they are approved by Corporate IT. That’s a worrying mind-set that needs to change among both employees and employers.
What can financial firms do to convince employees not to use these tools?
Organizations don’t need to convince employees not to use these tools. The fastest route to compliance is to simply block access to them, but I would urge caution on this approach. The use of free translation tools is often for a legitimate use case that may not have been captured elsewhere in the business. Blocking access to sites without reviewing how and why they are being used exposes businesses to another area of risk – lost revenue, poor customer experience or increased internal costs.
Compliance does not have to come at the cost of productivity – where genuine use cases exist SDL can provide a secure alternative.
How else could these free translation tools impact companies in terms of compliance?
By allowing access to free translation sites, organizations risk unwittingly providing employees with proxy access to sites that are prohibited within the corporate network. The potential lost hours of productivity are a smaller concern than the risk of sharing company information via free FTPs or personal mail accounts.
And with the General Data Protection Regulation coming into effect in May 2018, organizations need to consider how they can provide a solution that is secure by design in the prevention of unauthorized sharing of personally identifiable information. The simple act of copying and pasting an email chain into a free translation tool may not only risk sensitive material being leaked into the public domain, it could also result in fines of up to 4% of annual revenues.
Can you give us any customer examples (even anon) where you’ve helped overcome some of these big challenges?
We helped a global bank qualify the level of risk that free translation tools were exposing them to and put a secure Single Sign On solution in place across their global employee base of over 100,000. The bank in question was aware of SDL’s reputation as a provider of choice for secure automated translations to governments. They approached us concerned that, despite addressing security across their translation supply chain, free translation tools were unmonitored and uncontrollable.
We supported them with a data analysis exercise that confirmed their assumption that large volumes of data was being shared via free translation tools. Establishing that there was a risk, with over 20GB of content a week being posted into the public domain, we worked through a program to educate employees about the risk of data loss while we planned the transition to SDL’s Secure Enterprise MT.
For the IT team, working with us allowed them to deliver a true enterprise solution that not only solved a potential compliance issue, but improved employee productivity.
By understanding the Use Cases that free MT was being used for it was clear that our Microsoft Office integrations would offer added value to teams (working across borders) who spent a lot of their day copying and pasting content from email chains and multilingual documents.
For more information on SDL secure MT, visit sdl.com/securemt