New profile fields regarding security practices: be careful with this
Thread poster: Artem Vakhitov

Artem Vakhitov  Identity Verified
Estonia
English to Russian
+ ...
Dec 18, 2016

Recently, new optional fields appeared in the profile that allow a translator to describe his or her security practices. I'm not sure I welcome this addition, but those who are going to fill these in should be careful. Ask yourself this question: Do I make it easier to attack me if I publish this? As an example, I wouldn't publish the names of security software applications I use because otherwise a malicious person could target me using specific 0-day vulnerabilities.

Direct link Reply with quote
 

Mario Chavez  Identity Verified
Local time: 17:40
English to Spanish
+ ...
Good thing they're optional Dec 18, 2016

Artem, I hadn't noticed them, but thanks for bringing that up. However, one extreme scenario I could imagine is some hacker peeling profile data off Proz.com, then checking who is using a particular antimalware tool so as to tailor his attack on a bunch of translators.

I really doubt this scenario, however, because we translators are notorious for telling everybody how little money it's to be made doing translations. Plus, gathering data from Proz.com and then targeting translators who have/don't have a particular software package is a long shot.

In addition, you mention security practices. Since these are optional, I would definitely ignore them. I smell a marketing ploy to say Proz has security-conscious translators. That's all.


Direct link Reply with quote
 

Juan Carlos Pedrouzo  Identity Verified
Panama
Local time: 17:40
English to Spanish
I agree for the most part Dec 18, 2016

I agree with Artem regarding not disclosing the specific software you use for security, that would defeat the purpose of advertising yourself and secure and would only put a bull's eye on your back.

I don't think it's a bad idea to disclose basic security practices like:

- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.

- I archive and encrypt old project files

- I don't share confidential information (Patient Health Information, Customer Data, etc.).

And many others.


Direct link Reply with quote
 

Mario Chavez  Identity Verified
Local time: 17:40
English to Spanish
+ ...
Misconceptions Dec 18, 2016

I've been using Dropbox, Box.com and Google Drive for sometime now. Those companies encrypt the contents (files, folders, etc.). I don't know where you get your information, JCPedrouzo. Can you elaborate? Other people may benefit.

Regards,

Mario


Direct link Reply with quote
 

Henry Dotterer
Local time: 17:40
SITE FOUNDER
Thanks, Artem Dec 19, 2016

Artem Vakhitov wrote:

Recently, new optional fields appeared in the profile that allow a translator to describe his or her security practices. I'm not sure I welcome this addition, but those who are going to fill these in should be careful. Ask yourself this question: Do I make it easier to attack me if I publish this? As an example, I wouldn't publish the names of security software applications I use because otherwise a malicious person could target me using specific 0-day vulnerabilities.

You raise a good point, Artem. When Katalin made this point in the other thread, we decided to post guidance of this sort in the interface. We'll do that today.


Direct link Reply with quote
 

Henry Dotterer
Local time: 17:40
SITE FOUNDER
Thanks, jcpedrouzo Dec 19, 2016

jcpedrouzo wrote:
I don't think it's a bad idea to disclose basic security practices like:

- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.

- I archive and encrypt old project files

- I don't share confidential information (Patient Health Information, Customer Data, etc.).

And many others.

That's the idea!


Direct link Reply with quote
 

Henry Dotterer
Local time: 17:40
SITE FOUNDER
The program is real Dec 19, 2016

Mario Chavez wrote:
In addition, you mention security practices. Since these are optional, I would definitely ignore them. I smell a marketing ploy to say Proz has security-conscious translators. That's all.

Indeed, engaging with the SecurePRO program is optional. Anyone with any hesitations about the program is probably best off taking a "wait and see" approach. But the program is serious. The intention is to provide tools that industry professionals can use to better assure confidentiality in projects that involve remote outsourcing. You can learn more about the program in the introductory video.


Direct link Reply with quote
 

Henry Dotterer
Local time: 17:40
SITE FOUNDER
The program working Dec 19, 2016

Mario Chavez wrote:

I've been using Dropbox, Box.com and Google Drive for sometime now. Those companies encrypt the contents (files, folders, etc.). I don't know where you get your information, JCPedrouzo. Can you elaborate? Other people may benefit.

And here you can see the program working, Mario. Stimulating this sort of discussion is one of the intended outcomes.

In addition, the new fields provide a way for freelancers to begin differentiating themselves on the basis of their business practices. One person might say "When you outsource your job to me, you can be sure your document will not make its way to any other person or company," while another says, "I make judicious use of secure third-party tools, enabling me to handle your job efficiently while not compromising the confidentiality of your data," or, "Project files will be securely backed up to a cloud drive to reduce the risk of delays from hardware failure." In this way, the program is enabling people to clarify their stances and policies on such issues.

Please bear in mind, when decided what to write in the new profile fields, that the intended audience for the fields includes potential new clients and collaborators. You should write as though you are addressing them.


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Lucia Leszinsky[Call to this topic]

You can also contact site staff by submitting a support request »

New profile fields regarding security practices: be careful with this

Advanced search






BaccS – Business Accounting Software
Modern desktop project management for freelance translators

BaccS makes it easy for translators to manage their projects, schedule tasks, create invoices, and view highly customizable reports. User-friendly, ProZ.com integration, community-driven development – a few reasons BaccS is trusted by translators!

More info »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search