5 ways Memsource keeps your data safe and secure Creating the best possible translation platform is not just about designing an intuitive user interface for linguists, or adding more robust automation features for project managers. A key factor for any software developer today is ensuring that the platform and the user’s data remain secure. Memsource takes digital security seriously. According to the Czech statistical office, approximately 16.5% of businesses in the Czech Republic have reported having their IT services disrupted by a malicious attack, with about 9.2% suffering significant data loss. In the US the Internet Crime Complaint Centre records an average of 1,200 reports every day, with an estimated total loss of 3.5 billion USD due to cybercrimes in 2019 alone. As more users and businesses have moved online during the pandemic these numbers are expected to grow. It is clear that digital security is more important than ever before. In this article we would like to highlight five ways that Memsource strives to keep your data secure and safe. Information Security Management System The key to security is having a comprehensive plan. At Memsource we have an Information Security Management System (ISMS), which is a set of policies that cover all processes related to security of our service, the data of our customers, and our internal systems. The benefits of having a centralized and holistic approach to security are clear: keeping your platform secure is not just about one single good practice, or one single employee. It requires the collective effort of all Memsource employees. Since 2014 our security system has been certified with the ISO 27001 international standard. We are also compliant with legislation on personal data protection, which includes both GDPR and CCPA. Continuous Security Process We consider security to be an integral part of all our processes. All our employees familiarize themselves with the ISMS during security awareness training at the start of their employment and subsequently at regular intervals. Some safety policies are specific to certain positions. For instance, our developers follow a set of secure coding practices to ensure that they write safe code. All code is thoroughly tested for errors and vulnerabilities in the testing and pre-production environments, using both human and automated evaluation, before it becomes available to our customers. Security reviews Having a plan is not always enough. People make mistakes and can, either through negligence or by chance, introduce new safety risks. To counter this we are continually working on improving our cyber resilience and finding potential vulnerabilities. This requires a proactive approach: besides our annual ISO 27001 audit, we also conduct frequent internal audits to ensure our risk assessment, security policies, processes and tools are always up to date with current threats. Although our digital world is continuously creating new and surprising threats it’s also important to cover the basics: a recent audit found that one door at the office was potentially breachable, so we changed the lock. To achieve maximum objectivity of security review we also work with third parties to assess effectiveness of our systems. This includes not just the externally managed ISO audit, but also penetration testing of key components of Memsource and a vulnerability disclosure programme (VDP). Since our VDP programme has been launched, independent security researchers have identified numerous vulnerabilities, the vast majority of which were fixed within 24 hours. Data Protection Keeping our customer’s data secure and confidential is a key priority for us. Here are three key principles we observe: Access to data is driven by the principle of the least privilege, which means that it is only used when it is absolutely essential for the completion of a specific task. Additionally we always ask our customers for permission when access to their data is needed for support purposes. All the data in Memsource is encrypted both at rest and in transit. In the unlikely event that a malicious third-party would access this data, it would be exceptionally difficult for them to decrypt it. All customer data is safely stored in the cloud. Backups are created at regular intervals and frequently tested to ensure easy recovery even in case of catastrophic failure. Disaster Recovery Plans No cyber security system can ever be considered fully secure, especially when faced with new and unanticipated security threats or the possibility of human error. Therefore it is important to also have contingency plans that help deal with catastrophic failures. As a part of the ISMS, Memsource has a number of specific plans to deal with serious incidents that may disrupt service, which include not just cybersecurity threats, but also hardware failure, environmental disasters and more. Disaster recovery plans are tested in a number of different ways, which include mock rehearsals, where disasters and responses are simulated, to live failover tests, where normal operations are briefly disrupted.