1. No category

We live in a globalized world, driven by connectivity afforded by the Internet. This
has created many opportunities for us. It has even changed the way we work, giving
us chances to work for clients outside of our immediate location.
Online documents are one area that has made business processes a lot easier.
Being able to sign these documents online is a natural extension of our new
working practices. E-signed documents give us a way to make contract creation
and signing, seamless. Electronic document signing gives us an online way to
retain the benefits of a normally offline process.
But this connectivity has also offered opportunities for cybercriminals and anyone
who wants to defraud us. When we decide to do any business online, or in a nontraditional way, we have to be as vigilant as we are in the real world.
The following threats are ones we need to watch out for when we use digital
signature technology and electronically sign documents:
Threat #1: The court threw my case out, but we all signed the contract – why!
You’ve created a contract and all the parties involved have signed it. But then there
is a fall out; you end up in court arguing your case. It comes down to an analysis of
the contract, but when it was checked, the e-signing software you used wasn’t
compliant with the law for electronic signatures, and you loose your case.
Make sure that any signing software you use is complaint with the various
electronic signature laws. These include in the USA, ESIGN and UETA and in
Europe the EU Directive 1999/93/EC. If the software doesn’t clearly state it
supports legislation, in the way that ApproveMe does, then don’t use it.
Threat #2: Something is amiss…the contact has changed
Good digital signing software platforms are based on a technique called hashing.
The software will make a ‘hash’ of the content of a document that creates a unique
fingerprint of that content – a bit like its own DNA. The hash is created during the
signing process. The reason it does this is because if anything changes in that
document, like someone sneaks in a new clause or changes a number, then the
hash will change with it. E-signing software like ApproveMe, have audit systems in
place to make sure you know if a change event has happened.
Threat #3: The digital signatory isn’t really who they say they are
When someone electronically signs a document or contract, the signature uses a
digital certificate. A digital certificate is a digital representation of a person or a
company and is issued after checks that, they are, who they say they are, are made.
Digital certificates are made up of two parts, a public and a private key. The private
key is used to encrypt the hash of the document. The public key is accessible by
anyone, and gives the details of the person that the certificate represents. The
problem arises when someone else uses another person’s certificate without his or her
consent. To prevent this happening, make sure that a PIN code is used with a
certificate, so only the person that owns the certificate can use it.
Threat #4: It’s a fake!
Digital signatures can be used to fake signatures on a contract. If you don’t use signing
software that has been built to secure the entire process of online document signing,
then you are at risk of fraud. Unless the system can accommodate the use of digital
certificates, encryption, hashing, audit trails and various other security measures,
then the system is not fit for purpose and puts your business at risk of fraudulent
contract creation and signing.
Threat #5: Someone stole my document!
The Internet has made working online and e-signing documents really easy. But
it has also potentially left a gaping hole by keeping documents on a server
accessible over the web. Keeping documents encrypted is one way to protect
them. If a document does get stolen, the thief won’t be able to open it.
Threat #6: Oh no! My documents were accessed by the wrong person
One of the most important areas of signing of online documents is to make sure
that the signing transaction is carried out by the right person; making sure the
document or contract is accessed only by that person, not someone else. To do
this you need a user check or ‘authentication’ before allowing access. For
example, ApproveMerequires that a person proves their identity by receiving an
email, answering personal questions, or receiving an SMS code on their mobile,
before access is allowed.
Threat #7: A man in the middle stole my contract!
Man in the Middle (MitM) attacks are web-based threats where someone steals
information that is transferred over a web connection. MitM attacks and mobile
MitM attacks are increasing.
The Open Web Application Security Project (OWASP) have placed MitM attacks
as a top ten attack threat. Your online contracts and documents may contain
sensitive information, like Personally Identifying Information (PII), pricing, and
even intellectual property details. The last thing you want to have happen is a
MitM attack. One of the ways to help prevent this type of attack is to make sure
that the whole e-signing process is delivered using a secured session. That is the
normal HTTP is an HTTPS connection; the S in HTTPS standing for secure.
Threat #8: The esignature image is stolen from the server
Often, electronic signatures are accompanied by an image of someone’s real
signature, or the mark that they normally use. This is a valuable commodity as
anyone who wants to masquerade as that person could use it on a contract,
signing as them. It is therefore important that this image is never stored on a
server.
Threat #9: Software vulnerabilities, the cybercriminals friend
When you hear about someone infected by malware, the most likely reason they
became infected – no matter how the malware was transmitted – was because the
software they were using contained a ‘vulnerability’.
What this means is that software, like a browser or a plugin, has a bug in it. The
malware takes advantage (exploits) this bug to install itself. You even get malware
installs that are silent. That is the malware installs itself without the person ever
knowing about it. When choosing an e-signing solution you need to make sure it is
regularly updated. Professional, dedicated platforms like ApproveMe take potential
exploit seriously and so ensure that they bring out updates and patches as
needed.
However, it’s also very important that you keep other software, like browsers and
operating systems, up to date and patched too.
Threat #10: Take your time and do it right
It’s easy to use digital signature software, especially one, like ApproveMe which
integrates directly to your website using a WordPress plugin. Because it’s so
seamless and easy, you need to be extra careful that you don’t just point and click,
without reading the contract carefully.
Safe Esigning
Online document signing has given us the tools to make contract and
document signing fast and seamless. It also means we can work remotely,
saving time and money. But with this new found freedom comes potential
threats, so we need to be vigilant and make sure that the care we gave to
reading and signing contracts offline, is carried over to our online dealings
too.
Article Resource: https://www.approveme.com/e-signature/top-10-threats-esigned-documents/