The role of encryption in speech technology
What is encryption?
Given the massive amounts of sensitive information generated, managed and stored online, it’s not difficult to see why encryption is playing an increasingly important role in the cybersecurity plans of all types of organisations.
Essentially encryption is the conversion of meaningful text (plaintext) into meaningless text (ciphertext) in a manner that can be reversed by anyone who has the appropriate encryption key. The encryption key is a string of characters that interacts with an encryption algorithm to convert the plaintext to ciphertext.
If the same key is used to both encrypt and decrypt data, it is known as symmetric encryption. However, if two keys are used for encryption and decryption (a public key, which is shared among users, used to encrypt the data; and a private key, which is not shared, used to decrypt the data) this is known as asymmetric encryption. Either way, encrypted data can only be read or processed after it has been decrypted.
The two main application areas for encryption are to protect data in transit (e.g. transferring data between devices, such as within private networks or over the internet) and data at rest (e.g. data held on mobile or personal devices, or on remote storage such as cloud services).
Encrypting data in transit, commonly referred to as end-to-end encryption, ensures that even if the data is intercepted, its privacy is protected.
Data at rest is often less vulnerable than when in transit since security features can play a significant role in helping to restrict access, but it is certainly not immune. In addition, such data often contains more detailed information such as customer databases, so it is a more attractive target for thieves.
General benefits of encryption
The use of encryption provides a range of important benefits for all users of speech technology, including:
- Privacy: Encryption protects the confidentiality of your digital dictations stored on computer systems or transmitted over the internet or any other computer network, thereby ensuring that no one can read the data, or listen to a recording, except the intended recipient or the rightful data owner.
- Security: It helps to prevent data breaches when a corporate device is lost or stolen. If the hard drive is encrypted, all data, including your recordings, on that device will still be secure.
- Integrity: Encryption helps to maintain data integrity by ensuring that what the recipient receives has not been viewed or tampered with in transit, so preventing hackers from altering data in order to commit fraud.
- Regulatory: A wide variety of industry and government regulations require companies that handle user data to keep that data encrypted. Examples of regulatory and compliance standards that require encryption include the Payment Card Industry Data Security Standard (PCIDSS) and the General Data Protection Regulation (GDPR).
Specific dictation-related benefits
There are a number of specific security challenges that users of dictation software face which can be addressed by encryption.
Protecting against lost or stolen devices
Voice recorders, popular with users of dictation software, are portable and often contain sensitive voice recordings that include a variety of personal information, ranging from personal health details through to the financial details and plans of individuals and companies. This combination of portability and sensitivity makes them an attractive target for thieves. They can also be easily lost or misplaced, as can laptops containing transcribed documents. In both cases the potential for a criminal to exploit this information in a number of different ways is significant. Encryption protects against the threat of lost or stolen mobile devices. Each file on the machine is encrypted, meaning that if a thief does not have access to the encryption keys, then they won’t be able to extract any useful data off the device.
Facilitating remote working
The increase in remote and hybrid workers since the start of the COVID-19 pandemic has brought with it a number of associated threats. Such workers need the same access to files, communication and collaboration as traditional office workers, And, of course, dictation software is playing an important role for remote and hybrid workers, who will frequently send voice files over the internet for transcription or access the resultant documents and circulate them for comment amongst colleagues and business partners. To help in this, some dictation software secures dictations by encrypting them during recording, again when they are sent, and again by storing them in an encrypted format when safely kept in the cloud. This means end-to-end double encryption and protection from unauthorised access.
Ensuring safety in the cloud
The growing use of cloud-based dictation solutions means that a variety of voice and document files are stored in remote locations by the cloud service providers. And whilst these providers may be responsible for the security of the cloud, customers are ultimately responsible for the security of their data in the cloud. This means ensuring that confidential and sensitive files are encrypted in-flight, while in use, and at rest in cloud-based storage.
Guarding against reputational risk
Finally, consider the possible consequences if your organisation were to fall victim to a data breach and confidential documents or voice recordings were stolen by hackers and exploited for gain. This would undoubtedly impact upon your reputation. On the other hand, the better you can protect your speech technology outputs, the more likely you are to forge a reputation as a responsible organisation that takes security seriously and can be trusted to deal responsibly with confidential content.