Webinar Double Feature: Phishing and Language Access

Phishing



In this webinar we look at what phishing is, why and how people do it, and what you can do to safeguard your organization against it. We go into more detail in the webinar but there are two core lessons to be learned. First of all it is not a matter of if, only a matter of when. The phishers attack targets ranging from individuals to large government organizations so you and your organization are within their sights. In addition while some of the attacks are relatively easy to spot some of them are tailored to their target and either way they send out huge waves of messages and only need a single mistake to take over a system. Secondly to prepare for an attack as an organization you need a variety of solutions involving technology and training. A well-educated staff can spot phishing emails as they come and will be empowered to ask for help if they are unsure or let IT know if they accidentally opened a suspicious email. On the other side an offsite backup that is regularly updated will turn an otherwise crippling attack that gets through into an annoyance.

https://www.slideshare.net/LSNTAP/security-session-on-phishing

I had gotten a little behind so today we have a double feature. First we have a webinar covering phishing from today followed by the language access for websites webinar from last week.

Who We Are

Michael Green, JustTech
Mike is a Technical Consultant & Engineer at Just-Tech with over 18 years of experience in the field of Information Technology, and works with clients on project planning and systems implementation. He also works as an engineer behind the scenes.

Mary O’Shaughnessy, Her Justice
Mary has long experience in for-profit and nonprofit technology services, including technology audit. She has been Director, Information Services at Her Justice since 2012.

What is Phishing? 

 

An attempt to bait a user into giving up sensitive information or to otherwise provide access to their system.

 

Why are they doing this?

Their end-game is $Money$!

Most common methods to accomplish:

  1. Compromise systems and key user accounts who have control over finances and move money covertly themselves.
  2. Hold systems and/or data hostage for a ransom payment.

Impact

  • Access to CMS- client information & disclosure rules
  • Access to internal files- ID theft & personal info
  • Damage to reputation/community relationship
  • Increased recovery cost if unprepared
  • System downtime

The Phisherman’s Bait 

  • Disguised to mislead- FedEx/Invoices, Client Assistance/Urgent Emails
  • Can be personalized (Spear Phishing) (Whaling: targeting top executives)
  • Password Reset phishing/Fake communications from IT
  • URL manipulation - falsifying hyperlinks
  • Attachments with malware

How to recognize it?

 

Though the Phishers are deceptive in their tactics, there are tell-tale signs of fake information.

  1. The email is threatening, provoking, or pretends to be authentic correspondence, in an effort to get you to open attachments or click links on impulse.  Phishers need you to “take the bait” and allow them in.
  2. The actual sender’s email address does not match who they claim to be.
  3. Mouse-over hyperlinks reveal sketchy website destination.
  4. Porr sppelling or errors grammatical.
  5. Sender claims to be internal, popular, or reputable source.

Technology Prevention

  • Keep systems & antivirus updated and enabled
  • Have measures in place (disable URLs/scan attachments where possible)
  • Reliable Backups and Recovery Plan
  • Cyber Insurance

Human Prevention

  • Check with IT for verification before action
  • Ignore unsolicited email links & attachments
  • Continual Training & “Cheat Sheets” for staff
  • When in doubt, Ask about
  • Add to Junk Mail list

Policies/Training

Policies - Acceptable Use, Mobile Device, Guest Use, & Email policies are just a few

New Staff/Veterans/Volunteers - Whether they started yesterday or 20 years ago, continual training and coaching is a necessary component to prevention.  Viruses and Malware continue to evolve, we need to adapt as well

Training Practice - https://www.phishingbox.com/

US Computer Emergency Response Team tips - https://www.us-cert.gov/ncas/tips/ST04-014

Helpful Resources

 

Language Access

The webinar is Language Access Strategies for Legal Aid Websites and will look at some of the topics surrounding removing language as a barrier to access online content. We will cover topics including maintaining multilingual content, where machine translation fits into the translation workflow, and how are people with limited English currently using online resources. We don’t have the solid takeaways like in the phishing webinar but there were a few interesting points we discussed. One observation was that we shouldn’t think of it as simple going from one language like English to another like Spanish. There is an additional step of going from legal language to plain language that is in some ways harder than cross language translation. Towards the end of the webinar we also had a lively debate over the place of machine translation in translating legal resources.

https://www.slideshare.net/LSNTAP/language-access-for-legal-aid-websites

  • Kristi Cruz - Northwest Justice Project Joann Lee - Legal Aid Foundation of Los Angeles
  • Dennis Rios - Illinois Legal Aid Online
  • Sart Rowe - LSNTAP
  • Angela Tripp - Michigan Legal Help Program

Lessons Learned

1.Importance of plain language translations - ensure you have plain language before and after you translate.

2.Plan for exponentially increased maintenance.

3.Be selective about what interviews you translate

a.Focus on high-use ones

b.Focus on ones without a lot of free-text responses

c.Look at your data and be flexible

d.Interviews that don’t change frequently

4.Coordinate early and often with courts, particularly where courts approve forms.

Lessons Learned, Part II

  1. Bring bilingual staff on board and brainstorm other ways in increase capacity for big projects (testing, etc.)
  2. Brainstorm other solutions for language access in addition to full translation.
  3. Be cognizant of regional dialects in your translations.
  4. Be consistent in your translations.
  5. Whenever possible, have all the potential tools you need at your fingertips to create forms that match your court forms.
  6. Create systems and checklists for every step of the translation process.

Adding Languages: Have a Plan!

  • Identify target languages
  • Plan & timeline for expansion
  • Create a budget & seek funding (build into line items of various grants)
  • Limited resources:
  1. Start with basic, static information (ex –ability to fill in addresses, locations for clinics, etc.)
  2. Summarize & prioritize
  3. Links to PDFs so easy to update and format
  4. Links to in-language videos, PSAs

Example: www.nurturingchange.org

 

Glossary: Names, Key Terms, Phrases

  • Organizational names
  • Courts, government agencies, other important entities
  • Other partners, referrals
  • Key terms and phrases
  • Legal terminology

Database of Translation History

  • Name of Document
  • Language
  • Date of Creation
  • Author/Source
  • Current Location(s)/ URL(s)
  • Date of Original Translation & Original Translator
  • Date of Current Update & Current Translator
  • Reviewer(s)
  • Date Sensitive Information
  • Plans & Timelines for Future Translations

 

Updating Content

  • Budget costs for updates
  • Review final versions on website to ensure proper formatting
  • Improving content
  • Focus Groups/Informal Check-Ins (monitor effectiveness)
  1. LEP community members
  2. Community groups
  3. Legal organizations
  4. Other providers

Is MT the Answer?

Research Study of MT of live text at a court’s self-help website

Ask leading certified, experienced court translators in Spanish, Armenian, Korean, and Vietnamese to rate:

  • Overall understandability
  • Native-like syntax (an indicator of likely reader persistence)
  • Accuracy of key messages
  • Reader confidence
  • Is the MT text better than nothing? (for legal text)

1.What is your language pair? (source/target language)

OUR GUESSES:

Best source language  = North American English

Best target language  = ? a simple, high vol. Euro lang.

Poorly suited U.S. languages: Chinese languages, Korean, W. Armenian, E. Armenian, Russian, Thai, Lao, Khmer, Hmong, Burmese

2. What kind of content do you want to translate?

  • Discrete, small, lexical units (for example: name, address, phone)
  • Longer texts, for example, a Language Access Notice:
  • Limited English proficient individuals who speak a language other than Spanish may request an interpreter in advance of appearing at their court hearing via the Court’s Web Portal for Interpreter Requests [URL]. While the Court will make every effort to locate an interpreter for the date and time of your hearing, it cannot guarantee that one will be immediately available. If you have general questions about language access services, please contact us at LanguageAccess@court.org.

The least problematic content:

Short, plain, unequivocal text; words with only one meaning (not these for example, ticket, clean, clear, tight, file, license, show, etc.)

Plain language – not legalese, such as this plainer Language Access Notice:

If you do not speak English well, a Spanish interpreter will be available to help you at your hearing. 

For other languages, please request an interpreter at the court’s website: [URL]. If no interpreter is available for your hearing date, we will postpone your hearing and notify you of the new date.

Questions? Email: LanguageAccess@court.org

What is your Quality Assurance process?

  • Will the MT be reviewed by a certified translator?
  • Will you assume it’s OK?
  • What are your risks? Choices? Options?

Review: Factors that influence the MT Product

  • Language Pair
  • Size of content (small is better)
  • Simplicity (plain is better)
  • Review Process (editing, proofing & certified review required)
  • Understand the limitations, and know how to remedy them.

Did you know?

Google employs HUMAN translators and editors.

MT is useful for many things, but not as a pathway to accessing justice.

 

Posted: September 12, 2017