New profile fields regarding security practices: be careful with this
Thread poster: Artem Vakhitov

Artem Vakhitov  Identity Verified
Estonia
English to Russian
+ ...
Dec 18, 2016

Recently, new optional fields appeared in the profile that allow a translator to describe his or her security practices. I'm not sure I welcome this addition, but those who are going to fill these in should be careful. Ask yourself this question: Do I make it easier to attack me if I publish this? As an example, I wouldn't publish the names of security software applications I use because otherwise a malicious person could target me using specific 0-day vulnerabilities.

 

Mario Chavez  Identity Verified
Local time: 08:34
English to Spanish
+ ...
Good thing they're optional Dec 18, 2016

Artem, I hadn't noticed them, but thanks for bringing that up. However, one extreme scenario I could imagine is some hacker peeling profile data off Proz.com, then checking who is using a particular antimalware tool so as to tailor his attack on a bunch of translators.

I really doubt this scenario, however, because we translators are notorious for telling everybody how little money it's to be made doing translations. Plus, gathering data from Proz.com and then targeting translators who have/don't have a particular software package is a long shot.

In addition, you mention security practices. Since these are optional, I would definitely ignore them. I smell a marketing ploy to say Proz has security-conscious translators. That's all.


 

Juan Carlos Pedrouzo  Identity Verified
Panama
Local time: 07:34
English to Spanish
I agree for the most part Dec 18, 2016

I agree with Artem regarding not disclosing the specific software you use for security, that would defeat the purpose of advertising yourself and secure and would only put a bull's eye on your back.

I don't think it's a bad idea to disclose basic security practices like:

- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.

- I archive and encrypt old project files

- I don't share confidential information (Patient Health Information, Customer Data, etc.).

And many others.


 

Mario Chavez  Identity Verified
Local time: 08:34
English to Spanish
+ ...
Misconceptions Dec 18, 2016

I've been using Dropbox, Box.com and Google Drive for sometime now. Those companies encrypt the contents (files, folders, etc.). I don't know where you get your information, JCPedrouzo. Can you elaborate? Other people may benefit.

Regards,

Mario


 

Henry Dotterer
Local time: 08:34
SITE FOUNDER
Thanks, Artem Dec 19, 2016

Artem Vakhitov wrote:

Recently, new optional fields appeared in the profile that allow a translator to describe his or her security practices. I'm not sure I welcome this addition, but those who are going to fill these in should be careful. Ask yourself this question: Do I make it easier to attack me if I publish this? As an example, I wouldn't publish the names of security software applications I use because otherwise a malicious person could target me using specific 0-day vulnerabilities.

You raise a good point, Artem. When Katalin made this point in the other thread, we decided to post guidance of this sort in the interface. We'll do that today.


 

Henry Dotterer
Local time: 08:34
SITE FOUNDER
Thanks, jcpedrouzo Dec 19, 2016

jcpedrouzo wrote:
I don't think it's a bad idea to disclose basic security practices like:

- I don't store my translation projects on the cloud (DropBox, Google Drive, etc.): Unless you're using your own secure server and cloud software, these services are not secure/private.

- I archive and encrypt old project files

- I don't share confidential information (Patient Health Information, Customer Data, etc.).

And many others.

That's the idea!


 

Henry Dotterer
Local time: 08:34
SITE FOUNDER
The program is real Dec 19, 2016

Mario Chavez wrote:
In addition, you mention security practices. Since these are optional, I would definitely ignore them. I smell a marketing ploy to say Proz has security-conscious translators. That's all.

Indeed, engaging with the SecurePRO program is optional. Anyone with any hesitations about the program is probably best off taking a "wait and see" approach. But the program is serious. The intention is to provide tools that industry professionals can use to better assure confidentiality in projects that involve remote outsourcing. You can learn more about the program in the introductory video.


 

Henry Dotterer
Local time: 08:34
SITE FOUNDER
The program working Dec 19, 2016

Mario Chavez wrote:

I've been using Dropbox, Box.com and Google Drive for sometime now. Those companies encrypt the contents (files, folders, etc.). I don't know where you get your information, JCPedrouzo. Can you elaborate? Other people may benefit.

And here you can see the program working, Mario. Stimulating this sort of discussion is one of the intended outcomes.

In addition, the new fields provide a way for freelancers to begin differentiating themselves on the basis of their business practices. One person might say "When you outsource your job to me, you can be sure your document will not make its way to any other person or company," while another says, "I make judicious use of secure third-party tools, enabling me to handle your job efficiently while not compromising the confidentiality of your data," or, "Project files will be securely backed up to a cloud drive to reduce the risk of delays from hardware failure." In this way, the program is enabling people to clarify their stances and policies on such issues.

Please bear in mind, when decided what to write in the new profile fields, that the intended audience for the fields includes potential new clients and collaborators. You should write as though you are addressing them.


 


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Lucia Leszinsky[Call to this topic]

You can also contact site staff by submitting a support request »

New profile fields regarding security practices: be careful with this

Advanced search






Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »
SDL Trados Studio 2017 Freelance
The leading translation software used by over 250,000 translators.

SDL Trados Studio 2017 helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search