The Top 10 Threats to Your E-Signed Documents

1
The Top 10 Threats To Your E-Signed Documents
2
We live in a globalized world, driven by
connectivity afforded by the Internet. This has
created many opportunities for us. It has even
changed the way we work, giving us chances to
work for clients outside of our immediate
location. Online documents are one area that has
made business processes a lot easier. Being able
to sign these documents online is a natural
extension of our new working practices. E-signed
documents give us a way to make contract creation
and signing, seamless. Electronic document
signing gives us an online way to retain the
benefits of a normally offline process. But this
connectivity has also offered opportunities for
cybercriminals and anyone who wants to defraud
us. When we decide to do any business online, or
in a non-traditional way, we have to be as
vigilant as we are in the real world. The
following threats are ones we need to watch out
for when we use digital signature technology and
electronically sign documents
3
Threat 1 The court threw my case out, but we
all signed the contract why! Youve created a
contract and all the parties involved have signed
it. But then there is a fall out you end up in
court arguing your case. It comes down to an
analysis of the contract, but when it was
checked, the e-signing software you used wasnt
compliant with the law for electronic signatures,
and you loose your case. Make sure that any
signing software you use is complaint with the
various electronic signature laws. These include
in the USA, ESIGN and UETA and in Europe the EU
Directive 1999/93/EC. If the software doesnt
clearly state it supports legislation, in the way
that ApproveMe does, then dont use it. Threat
2 Something is amissthe contact has
changed Good digital signing software platforms
are based on a technique called hashing. The
software will make a hash of the content of a
document that creates a unique fingerprint of
that content a bit like its own DNA. The hash
is created during the signing process. The reason
it does this is because if anything changes in
that document, like someone sneaks in a new
clause or changes a number, then the hash will
change with it. E-signing software like
ApproveMe, have audit systems in place to make
sure you know if a change event has happened.
4
Threat 3 The digital signatory isnt really who
they say they are When someone electronically
signs a document or contract, the signature uses
a digital certificate. A digital certificate is a
digital representation of a person or a company
and is issued after checks that, they are, who
they say they are, are made. Digital certificates
are made up of two parts, a public and a private
key. The private key is used to encrypt the hash
of the document. The public key is accessible by
anyone, and gives the details of the person that
the certificate represents. The problem arises
when someone else uses another persons
certificate without his or her consent. To
prevent this happening, make sure that a PIN code
is used with a certificate, so only the person
that owns the certificate can use it. Threat 4
Its a fake! Digital signatures can be used to
fake signatures on a contract. If you dont use
signing software that has been built to secure
the entire process of online document signing,
then you are at risk of fraud. Unless the system
can accommodate the use of digital certificates,
encryption, hashing, audit trails and various
other security measures, then the system is not
fit for purpose and puts your business at risk of
fraudulent contract creation and signing.
5
Threat 5 Someone stole my document! The
Internet has made working online and e-signing
documents really easy. But it has also
potentially left a gaping hole by keeping
documents on a server accessible over the web.
Keeping documents encrypted is one way to protect
them. If a document does get stolen, the thief
wont be able to open it. Threat 6 Oh no! My
documents were accessed by the wrong person One
of the most important areas of signing of online
documents is to make sure that the signing
transaction is carried out by the right person
making sure the document or contract is accessed
only by that person, not someone else. To do this
you need a user check or authentication before
allowing access. For example, ApproveMerequires
that a person proves their identity by receiving
an email, answering personal questions, or
receiving an SMS code on their mobile, before
access is allowed. Threat 7 A man in the
middle stole my contract! Man in the
Middle (MitM) attacks are web-based threats where
someone steals information that is transferred
over a web connection. MitM attacks and mobile
MitM attacks are increasing.
6
The Open Web Application Security Project (OWASP)
have placed MitM attacks as a top ten attack
threat. Your online contracts and documents may
contain sensitive information, like Personally
Identifying Information (PII), pricing, and even
intellectual property details. The last thing you
want to have happen is a MitM attack. One of the
ways to help prevent this type of attack is to
make sure that the whole e-signing process is
delivered using a secured session. That is the
normal HTTP is an HTTPS connection the S in
HTTPS standing for secure. Threat 8 The
esignature image is stolen from the
server Often, electronic signatures are
accompanied by an image of someones real
signature, or the mark that they normally use.
This is a valuable commodity as anyone who wants
to masquerade as that person could use it on a
contract, signing as them. It is therefore
important that this image is never stored on a
server. Threat 9 Software vulnerabilities, the
cybercriminals friend When you hear about
someone infected by malware, the most likely
reason they became infected no matter how the
malware was transmitted was because the
software they were using contained a
vulnerability.
7
What this means is that software, like a browser
or a plugin, has a bug in it. The malware takes
advantage (exploits) this bug to install itself.
You even get malware installs that are silent.
That is the malware installs itself without the
person ever knowing about it. When choosing an
e-signing solution you need to make sure it is
regularly updated. Professional, dedicated
platforms like ApproveMe take potential exploit
seriously and so ensure that they bring out
updates and patches as needed. However, its
also very important that you keep other software,
like browsers and operating systems, up to date
and patched too. Threat 10 Take your time and
do it right Its easy to use digital signature
software, especially one, like ApproveMe which
integrates directly to your website using a
WordPress plugin. Because its so seamless and
easy, you need to be extra careful that you dont
just point and click, without reading the
contract carefully.
8
Safe Esigning Online document signing has given
us the tools to make contract and document
signing fast and seamless. It also means we can
work remotely, saving time and money. But with
this new found freedom comes potential threats,
so we need to be vigilant and make sure that the
care we gave to reading and signing contracts
offline, is carried over to our online dealings
too. Article Resource https//www.approveme.com/
e-signature/top-10-threats-e-signed-documents/