With advancing Artificial Intelligence, such as Apple’s Siri, the idea of needing a speech to text and transcription company may seem either daunting or unnecessary. If your industry is Healthcare, Academia, Insurance, Law Enforcement, or Finance, then you need to look at services much more carefully early on and consider a transcription company. Today, every technology provider must adhere to cybersecurity and industry standards. So, the adage, “A stitch in time saves nine,” echoes here; resolve a problem before it actually becomes one. In this blog, we are focused on the security and technology aspects of your search and decision making.
If you are looking for a voice recognition secure speech to text service and transcription company, then you are making the right decision. Nearly all industries and their data governance policies have taken on several reviews on the topic of what it means to capture and retain personal data. Alongside that concern, the need to understand how data is collected, stored, and destroyed also moves front and center.
Here are some of our recommended best practices and points on what you should consider from a security standpoint:
In the lifecycle of data moving from the point of its creation to its resting place, you must consider what we call in the Technology world its endpoints. We extend the endpoint definition to include any point (human inclusive) from which data is created, retrieved, moved, or stored.
1. Audio File Collection: How are your audio files collected? If through a website, what type of security is used to ensure that at the moment the file is collected it is secure (and cannot be intercepted)? You should question method here—such as,
Does it randomize the file name?
Does it encrypt the file name somehow as soon as it is uploaded?
Where in the website file directory is the file stored, if anywhere?
Is the file scanned for malware, or similar, prior to continued transmission and final delivery to its designated system or server for processing?
Is the website secure using an SSL certificate? If so, what type of certificate?
If a website is not used to collect files for all the questions listed above, then is there software that is easily installable and configurable to retrieve audio files? Does it take less than five minutes to complete?
2. Transcript File Delivery: When your text file is received, the central question is how?
If it is delivered by e-mail, is the e-mail sent to you encrypted each time?
If you are accessing encrypted e-mail, how long does it take for you to access it in decrypted form?
What type of encryption protocol is used to send you that e-mail? What is sending you that e-mail?
If you are accessing a website to retrieve your audio text file, are you required to login through a secure website? What type of authentication is required? We suggest no less than three-factor authentication.
If software is utilized to deliver files to you, what type of encryption is used to deliver it? The complexity of encryption lies in its cryptographic algorithms; there are many types, and your speech to text provider should be using the most advanced and keeping up to date with the field and its developments. For example, new and future smart devices must change their encryption approach due to the unanticipated effect of “smart” technology requiring more computational power and hardware but device resources being limited. Encryption will either be lightweight or not. At the more advanced end of encryption, complexity will take on more resources, which unfortunately results in more expenses for everyone.
If software is utilized, how often is it updated? The more it is updated, it is likely keeping up with all the necessary updates to make sure your technology is compliant and secure.
3. Audio File and Transcript File Transmission: When files are traveling from one endpoint to another, be it from you to the speech to text provider, and vice versa, how is it done and how secure is it? Again, encryption must be incorporated prior to transmission in order to ensure that files are buckled in, so to speak. The transmission or ride must also be secure. We recommend that is done in no less than TLS 1.2 technology.
4. Audio File and Transcript File Retention and Storage: Data must adhere to policies that promote security and accessibility. File retention has a set time frame for everyone; if the speech to text provider decides to do it at less cost for themselves and everyone, retention will be 30 days to zero. Similarly, storage is critical; without getting into the beauty and intricacies of database design, data at rest, as in when it is stored, should be encrypted. We recommend that both the database and the file is encrypted on the database level.
5. Auditing and Reporting: Does the speech to text transcription company undergo auditing and reporting of its technology resulting in a successful SOC-2 report? Please note this is a report and not a certification; if that is confused when discussed with a speech to text provider, then that should be a red flag. A SOC-2 report for a technology service company describes the technology in place at its root, being the data centers, and what types of controls are in place to ensure security and minimize risk. This is done yearly and is a critical requirement in any technology review. Unfortunately, such reporting is not inexpensive and can be time-consuming.
If you would like to know more and understand how Athreon meets these security best practices specific to your industry and organizational requirements, contact us today for a consultation and demonstration. We will help you stay safe and succeed!