In celebration of October’s designation as National Cyber Security Awareness Month, we are taking a closer look into the security of electronic signatures.
To understand how connected we all are to our technology, we can simply look at how we spend the first few minutes of the day. A study from IDC Research found that 79 percent of Americans reach for their smartphone within 15 minutes of waking up. From shopping to making home videos to signing business contracts online with E-signatures—it seems you can do it all from a six-inch mobile device.
But all this interconnectivity can leave us vulnerable to cyber attacks.
To curb this vulnerability, there is a global cyber security awareness campaign called STOP. THINK. CONNECT. This initiative provides simple, actionable advice that everyone can use to stay safer and more secure online. Below, we’ve adapted these steps to outline how to keep your digitally signed documents safe:
STOP : Identify the threats to your e-signatures.
When using e-signatures, your digital documents may be transferred or stored in cyberspace. So as a first step, every company that uses e-signatures should assess these three threats :
-
Weak security
Do you know if your e-signature vendor has taken all necessary security precautions? What do the vendor’s identity authentication measures look like? Are there options for top-tier security while still being convenient for the user? What level of encryption does the company employ when documents are stored in the cloud? If you can’t answer these questions with confidence, your vendor may not provide the security you need.
-
No alarm system
E-signatures should be built on tamper-evident technology that immediately alerts you to changes in signed documents. Otherwise, hackers could alter documents without sounding an alarm, so to speak, and it could end up costing your company hundreds of thousands of dollars.
-
Disregard for published standards
If your e-signatures are based on proprietary technology, you may never know for sure how that technology actually works, or if it’s really protecting your signatures and documents. Using e-signature technology that is based on international, published standards, such as those outlined by the International Organization for Standardization (ISO) or the National Institute of Standards and Technology (NIST), provides a set of hard and fast rules for your technology to follow, such as rules for encryption. Find out what published standards your vendor adheres to—and throw up a red flag if they don’t abide by any.
THINK
Audit your e-signature vendor’s technology and compare it against your security needs for the lifetime of your documents
Not all e-signatures provide the same level of protection to mitigate the threats above.
Dependent e-signatures could provide hackers with multiple access points to attack because the legal evidence supporting the validity of the signature is stored on a third-party server. With Independent E-Signatures™, cryptographic evidence is permanently embedded directly into the digital document, eliminating the need for an outside server and reducing the number of entry points.
Independent E-Signatures™ also offer a range of security measures – including various authentication options, a complete audit trail, tamper-proof and/or tamper-evident technology – to ensure your digital documents, sensitive information and e-signatures stay safe. Moreover, they’re based on standards that provide confidence in the long term.
Where do your e-signatures fall in this spectrum? Will they meet your company’s needs for digital security?
CONNECT :
E-sign with confidence.
Although the use of e-signatures can’t prevent data breaches or cyber attacks outright, the right e-signature technology –one that is independent of the vendor and uses the highest levels of encryption, identity authentication, tamper-evidence and audit trails – will assure your digital transactions exist behind strong fortifications.
With this weight lifted off your shoulders, you’re free to streamline and automate your company’s workflows – and to save substantial costs – without constant fear of threat.
Chief Technology Officer at SIGNiX - and Evangelist on Mobility, E-Signatures and Leading Edge Technologies
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.