Empowering all staff to care about cybersecurity

Cybersecurity has never been so topical in today’s increasingly challenging cyber-climate.

Cyberattacks on organizations increased 50% year-on-year in 2021, according to research by Check Point. Of those cyberattacks, more than 80% involved phishing (whereby the attacker masquerades as a trusted entity to dupe the victim into opening an email or other electronic message), according to Cisco’s 2021 Cybersecurity Threat Trends report.

The COVID-19 pandemic has undoubtedly played a part in the uptick of cyberattacks, as anti-infection measures have ushered in remote and hybrid work models despite organizations being largely ill-equipped for staff to telework securely.

With some form of distributed workforce likely here to stay, we’re sharing our cybersecurity tips. As a distributed company from Day 1, TBSJ has long prioritized cybersecurity and supports staff in making cybersecurity protocols part of their everyday.

Include cybersecurity in onboarding

From the outset, we are clear with prospective team members that cybersecurity is a priority. We explain what being cybersecure entails, pointing out that although TBSJ uses state-of-the-art technologies to protect against a cyberattack, people also need to be part our defenses, as an estimated 97% of network breaches within organizations are the result of phishing.

Indeed, a security review with our IT team is a critical step even in our onboarding of translators and other freelance practitioners. Topics cover a wide range of areas from hardware, software, backups and storage (external or cloud drives) to wi-fi, anti-virus measures, and file-sharing.

We look into how these freelancers work with their computer. For example, do they regularly use it in public areas or for other risky activities such as torrenting. And, of course, passwords are covered extensively, such as whether each is adequately long and unique to prevent it being cracked and whether a password manager or two-factor authentication is being used. Even the deletion of data and disposal of old hardware are addressed.  

A practitioner’s security score can then be ascertained based on various categories like their machine, password and physical security, encryption behavior, connectivity, virus and malware countermeasures, and overall security awareness. But Paul O’Hare, chief technology officer and co-founder of TBSJ, says openness is encouraged and the security review isn’t designed to trip people up.

“We explain to freelancers at the outset that if anything isn’t up to the standards we require, we’ll help them get there. Our team is expert in getting people secure,” he says.


Provide ongoing training and support

Cybersecurity considerations are embedded in all TBSJ practices, which staff learn in their induction. Internal file transfers, for example, are handled via secure upload and download, never email attachment. Furthermore, online machine translation services are never used; the process would require sharing our clients’ confidential information with a third party and our custom engines deliver a higher level of quality.

In addition, TBSJ leverages the programs of Netherlands-based cybersecurity solutions provider Surelock for video- and text-based training, guidance, and testing. At the basic level, Surelock’s email add-in checks incoming messages for anything suspicious, such as a named domain that is different from the domain of origin, before color coding them from red (highest risk) to green (safe).  

Surelock’s key feature, however, is creating and executing customized phishing simulations. Every month or two, we stage unannounced, simulated phishing attacks on our team to see how they react. We try to trick them into clicking a link in an email seemingly from, for example, a familiar subscription service or messaging platform. The page that opens from the link will then ask them to enter their account information. The IT team can monitor team performance in real time via the Surelock portal.

As Surelock monitors the rate of opens and clicks, TBSJ is kept up to date on its cybersecurity weak points and addresses them directly or provides general feedback to staff. Additional support is provided regularly via a team chat on cybersecurity, where the IT team posts examples of phishing emails together with descriptions of their telltale signs. This approach has been instrumental in virtually eliminating click-throughs.


Create a supportive atmosphere

Naturally, the process of training and testing alone cannot prevent cyberattacks without all staff buying into it. Everyone who uses technology as part of their role needs to understand cybersecurity and feel empowered to stay safe online.

At TBSJ, the company culture has contributed to the very high level of success in recognizing phishing attempts and we continue to aim for zero clicks.

“With cybersecurity, we try to instill an attitude of ‘if you see something, say something,’” says Paul.

“We help make people feel secure by acknowledging that spotting phishing emails can be tricky, especially during busy periods, and have the senior management lead by example,” adds Sarah Bull, chief relationship officer and director of legal services. “And, as with everything else at TBSJ, we also praise in public and criticize in private.”


TBSJ were competitively priced and outperformed the competing translation vendors that we considered or had used previously in terms of quality and service. They were unmatched by other vendors.
Senior Associate
Disputes team at a major international law firm
I always choose TBSJ as my first option for translation service. TBSJ is really responsive and provides us one of the best quality translation for reasonable price.
Partner specializing in competition law at a Big Four Japanese law firm