| Subcribe via RSS 

Protect Your Most Valuable Assets

December 4th, 2011 | by MiW

Author: Michael Wahlster

While it is easy to grasp that shiny new computers or feature-loaded laptops have a tangible value and should be protected against damage and loss, it is actually the intangible data residing on those computers that are much more valuable and, in many cases, irreplaceable if the proper protective measures are lacking.


It’s always shocking to learn
how many translators give no thought to
and spend no effort on
securing their data,
even though these data are
the lifeblood of their business.

For better or for worse, most data that drive a freelance translator’s business exist in electronic form. This goes way beyond source and target documents. We all keep reference material and glossaries on our hard drives and accumulate translation memory entries. The e-mail correspondence with our clients resides on the same drives, as do our bookkeeping files where we keep track of invoices and payments. And that is probably not everything. What about software we downloaded, our fonts, or credentials for access to websites and accounts? What about browser bookmarks and other important reference material we found on the Internet?

In discussions with colleagues, it is always shocking to learn how many translators put no thought or effort into developing strategies to secure their data, even though these data are the lifeblood of their business. Where does that leave you in case something happens to your computer after a fire, flood, or theft? Hardware is easy to replace – just walk into the nearest Best Buy and you are all set. However, with your accounting, your e-mail archives, and translation memories gone, not to mention any projects you may have been working on, you will have a much harder time to recover.

Securing data against loss to safeguard one’s business intersects with another important aspect: protecting data against unauthorized access. One of the cornerstones of our business is confidentiality. Clients hand us documents with all kinds of information, and they have a reasonable expectation that those details will not go beyond our desk. Backing up and securing data will help you maintain client privacy and give you peace of mind. There are several options out there to safeguard data. Let’s get started.

Backing Up Data

Hard drives fail. It is not a question of if, but when. Environmental factors, such as heat, will accelerate failure. The objective is therefore to store the information not only on the hard drive but in other places as well, so that we can retrieve it from there in case of a hard drive failure.


It’s actually the
intangible data residing on computers
that are much more valuable and,
in many cases, irreplaceable if
the proper protective measures are lacking.

Data backups require a backup strategy that takes into account the time and storage required for the backup, the ease of restoring data from the backup set, and how often data changes on your computer. It is a good idea to invest some thought and planning into your backup strategy. Once disaster strikes, it is too late.

There are two types of backups relevant to the situation of most freelance translators: full backups and incremental backups. You can decide to use only full backups or a combination of full and incremental backups.

The full backup is exactly that: a complete copy of all files you want to back up to your backup storage. It is the first step in any backup strategy. While backing up takes longer with a full backup, restoring data is very simple.

The incremental backup copies those files that have been created or changed since the last full backup. It has to be based on a full backup to work. The backup time required is shorter, but restoring data is a more time-consuming process.

In your backup plan, you could decide, for example, to make a full backup every weekend and incremental backups at the end of every weekday. The backup schedule, as well as the selection of files you want to back up, depends entirely on the nature of your work and what data you are planning to secure. In any event, it is probably a good idea to arrange to have several versions of your data available at all times, just in case you want to revert to an earlier version of a file.

External Drives

Of the many choices in storage media, the external hard drive seems to have the most advantages. Those drives are available in a wide selection, and it should be possible to find one that fits most budgets and storage requirements. The cost per megabyte has fallen dramatically, so there is no reason to scrimp on external storage.

External hard drives connect through a USB port and have their own power supply. Switching external drives off when not directly in use extends their life and keeps them separated from the computer and any disasters that may happen there. In addition, external hard drives are portable. You can take them with you or store them off-site when you travel, so disasters like fire, water, or theft are less likely to affect your data.

RAID

One technology that has become available to average computer users is called RAID, short for “Redundant Array of Independent Disks.” Here, a computer has two (or more) identical hard drives, and a RAID controller makes sure that the content of the first drive is mirrored exactly onto the second. This is called Level 1 RAID.

The great news is that RAID 1 automatically copies all data to a second drive. The downside is that it also automatically copies all mistakes and errors – if you irreversibly delete or overwrite something by mistake, it is gone on both drives. However, if one drive suddenly fails, you can continue working with the other drive until you are ready to get your computer fixed, and that is worth a lot. Just remember that it is not a true backup system; it secures availability of your computer in case of a drive failure.

Remote Backup

Thanks to broadband Internet access, remote backup solutions have become feasible. These are set-ups where your data are sent via the Internet to a remote location for storage. Remote storage locations keep data safe from disasters that may befall your work location.


Securing data against loss
to safeguard one’s business intersects
with another important aspect:
protecting data against
unauthorized access.

The upside of remote backup solutions is that they usually synchronize your backup copies with your hard drive on a continuous basis. You do not have to worry about forgetting to back up your data. The physical safety of the remote location is also a plus.

The downside is the slow pace of data transmission even with fast broadband connections. When you start with a on-line data backup scheme, it may initially take days or even weeks to send a first set of all your data to the remote location. The service I’m using, Crashplan, offers “seeding” of backups for an additional fee. They mail a hard drive to their customers for storage of a first round of backups. After returning the drive to Crashplan, they then seed your on-line backup space with the data from that drive. My on-line storage is around 200 GB, and this seeding service has saved me a lot of time when I started to back up to Crashplan. If you are generating a fair amount of data, keep in mind that it may be difficult to keep up with backups. Another caveat is that your data will be entrusted to third-party servers, which is something you may not want to do with sensitive files unless they are encrypted.

With all the convenience of “the cloud,” don’t close your eyes to the fact that you are actually not in control of your data. The service can become suddenly unavailable (the keyword here is Amazon); the company offering the service can go out of business and your data can disappear; there can be serious security lapses (the keyword is Dropbox). It is important to know what can go wrong – and to back up locally on a regular basis as well, like to an external hard drive.

Unauthorized Access

When we think about keeping our data secure, it is important to understand that this not only serves our own interests but our clients’ as well. As ATA members, we subscribe to the Code of Ethics and Professional Practice, which states that translators accept as their ethical and professional duty

“to hold in confidence any privileged and/or confidential information entrusted to us in the course of our work.”

In addition, many of our clients ask us to sign non-disclosure agreements that stipulate adherence to the strictest confidentiality. But even without such agreements, it seems to me that observing practices that safeguard confidentiality is only logical as an integral part of professional behavior.

Riccardo Schiaffino describes in a February 2010 post in his blog, About Translation, how some translation companies send out requests for quotes to undisclosed lists of translators and attach confidential and/or sensitive documents to that request. This is hardly what clients had in mind as confidential treatment of their material. After sending sensitive files to unvetted recipients, sending them by e-mail without encryption is probably the next-worst breach of confidentiality.

E-mail is inherently insecure. The message content, as well as the attachment content, can be intercepted and read by anyone at any point along the transmission path. In addition, content can be altered without the recipient’s knowledge. To make things worse, the sender of a mail message can be faked easily.

Yet, many translators and agencies seem to trust the Internet. Instead of locking up sensitive content, all they do is add arcane disclaimers to their e-mail messages. By having a system in place that protects the confidentiality of data through blocking unauthorized access, translators can use this as an important selling point in their direct-client marketing efforts.

Transmission

The transmission of data is one of the more vulnerable transactions, but it is rarely protected against unauthorized access. The most logical step to safeguard this process is to encrypt the transmission.

For a long time, the gold standard of encryption for e-mail has been Pretty Good Privacy (PGP). There are open-source versions with reasonably easy interfaces that integrate with popular e-mail clients. There used to be a version for Google Mail which, unfortunately, is no longer supported. Paid versions of PGP, sold by Symantec, can be used both for desktop clients and on-line mail services. Early incarnations of PGP had a hard-to-master command-line interface, which gave it the reputation of being unfriendly. The good news is that this is no longer the case.

Another encryption option is to use secure FTP transfer, for which the server you connect to has to be set up. Yet another way is to encrypt the file only and attach it to an unencrypted e-mail.

Many encryption schemes, like the one offered for PDF files, can be circumvented easily. If you are serious about file confidentiality, research the advantages of public-key encryption and select the best method available.

Travel

Many translators lead very mobile lives and carry a lot of their data with them, either on a laptop or on memory sticks. There are many risks associated with transporting your date in this manner. For example, you could lose the data, the memory device could be stolen, or officials could confiscate these devices when you enter the country. For that very reason, many business people use remote servers to store their data rather than carry them on their laptops.

If you have to travel with important and sensitive data and you want to keep them from falling into the wrong hands while on the road, you can encrypt your laptop’s hard drive or the memory stick. For an additional level of security, you can also create a hidden volume and even a hidden operating system for what is called “plausible deniability.” Here you can invisibly store data in case you are forced to reveal the password for the regular, not hidden, encrypted hard drive parts.

How Secure Are You?

Take a hard look at your computer and data situation. Determine how you would fare in case of sudden data loss. Ask yourself how well your clients’ data are protected against unauthorized access. If you have no backup and encryption schemes in place, now would be a good time to start protecting your most valuable assets and to show your clients that you take confidentiality very seriously. Make sure to check out the various links below for more information on various programs available to you.

© 2010 Michael Wahlster

The following links are for information only; you should make yourself knowledgeable about the pros and cons as well as about alternative solutions:

Backup
Acronis Backup & Recovery
Norton Ghost
EMC Retrospect

Encryption
GPG4Win (PGP for Windows)
PGP for Mac
FireGPG (PGP for Google Mail) – no longer supported
Symantec PGP products
TrueCrypt

Remote Backup
Dropbox
Carbonite
Crashplan

Leave a Reply