We live in a globalized world, driven by connectivity afforded by the Internet. This has created many opportunities for us. It has even changed the way we work, giving us chances to work for clients outside of our immediate location.
Online documents are one area that has made business processes a lot easier. Being able to sign these documents online is a natural extension of our new working practices. E-signed documents give us a way to make contract creation and signing, seamless. Electronic document signing gives us an online way to retain the benefits of a normally offline process.
But this connectivity has also offered opportunities for cybercriminals and anyone who wants to defraud us. When we decide to do any business online, or in a non-traditional way, we have to be as vigilant as we are in the real world.
The following threats are ones we need to watch out for when we use digital signature technology and electronically sign documents:
Threat #1: The court threw my case out, but we all signed the contract – why!
You’ve created a contract and all the parties involved have signed it. But then there is a fall out; you end up in court arguing your case. It comes down to an analysis of the contract, but when it was checked, the e-signing software you used wasn’t compliant with the law for electronic signatures, and you loose your case.
Make sure that any signing software you use is complaint with the various electronic signature laws. These include in the USA, ESIGN and UETA and in Europe the EU Directive 1999/93/EC. If the software doesn’t clearly state it supports legislation, in the way that ApproveMe does, then don’t use it.
Threat #2: Something is amiss…the contact has changed
Good digital signing software platforms are based on a technique called hashing. The software will make a ‘hash’ of the content of a document that creates a unique fingerprint of that content – a bit like its own DNA. The hash is created during the signing process. The reason it does this is because if anything changes in that document, like someone sneaks in a new clause or changes a number, then the hash will change with it. E-signing software like ApproveMe, have audit systems in place to make sure you know if a change event has happened.
Threat #3: The digital signatory isn’t really who they say they are
When someone electronically signs a document or contract, the signature uses a digital certificate. A digital certificate is a digital representation of a person or a company and is issued after checks that, they are, who they say they are, are made. Digital certificates are made up of two parts, a public and a private key. The private key is used to encrypt the hash of the document. The public key is accessible by anyone, and gives the details of the person that the certificate represents. The problem arises when someone else uses another person’s certificate without his or her consent. To prevent this happening, make sure that a PIN code is used with a certificate, so only the person that owns the certificate can use it.
Threat #4: It’s a fake!
Digital signatures can be used to fake signatures on a contract. If you don’t use signing software that has been built to secure the entire process of online document signing, then you are at risk of fraud. Unless the system can accommodate the use of digital certificates, encryption, hashing, audit trails and various other security measures, then the system is not fit for purpose and puts your business at risk of fraudulent contract creation and signing.
Threat #5: Someone stole my document!
The Internet has made working online and e-signing documents really easy. But it has also potentially left a gaping hole by keeping documents on a server accessible over the web. Keeping documents encrypted is one way to protect them. If a document does get stolen, the thief won’t be able to open it.
Threat #6: Oh no! My documents were accessed by the wrong person
One of the most important areas of signing of online documents is to make sure that the signing transaction is carried out by the right person; making sure the document or contract is accessed only by that person, not someone else. To do this you need a user check or ‘authentication’ before allowing access. For example, ApproveMe requires that a person proves their identity by receiving an email, answering personal questions, or receiving an SMS code on their mobile, before access is allowed.
Threat #7: A man in the middle stole my contract!
Man in the Middle (MitM) attacks are web-based threats where someone steals information that is transferred over a web connection. MitM attacks and mobile MitM attacks are increasing. The Open Web Application Security Project (OWASP) have placed MitM attacks as a top ten attack threat. Your online contracts and documents may contain sensitive information, like Personally Identifying Information (PII), pricing, and even intellectual property details. The last thing you want to have happen is a MitM attack. One of the ways to help prevent this type of attack is to make sure that the whole e-signing process is delivered using a secured session. That is the normal HTTP is an HTTPS connection; the S in HTTPS standing for secure.
Threat #8: The esignature image is stolen from the server
Often, electronic signatures are accompanied by an image of someone’s real signature, or the mark that they normally use. This is a valuable commodity as anyone who wants to masquerade as that person could use it on a contract, signing as them. It is therefore important that this image is never stored on a server.
Threat #9: Software vulnerabilities, the cybercriminals friend
When you hear about someone infected by malware, the most likely reason they became infected – no matter how the malware was transmitted – was because the software they were using contained a ‘vulnerability’. What this means is that software, like a browser or a plugin, has a bug in it. The malware takes advantage (exploits) this bug to install itself. You even get malware installs that are silent. That is the malware installs itself without the person ever knowing about it. When choosing an e-signing solution you need to make sure it is regularly updated. Professional, dedicated platforms like ApproveMe take potential exploit seriously and so ensure that they bring out updates and patches as needed.
However, it’s also very important that you keep other software, like browsers and operating systems, up to date and patched too.
Threat #10: Take your time and do it right
It’s easy to use digital signature software, especially one, like ApproveMe which integrates directly to your website using a WordPress plugin. Because it’s so seamless and easy, you need to be extra careful that you don’t just point and click, without reading the contract carefully.
Online document signing has given us the tools to make contract and document signing fast and seamless. It also means we can work remotely, saving time and money. But with this new found freedom comes potential threats, so we need to be vigilant and make sure that the care we gave to reading and signing contracts offline, is carried over to our online dealings too.