Skip to main content
No items found.
logo dropboxsign
Why Dropbox Sign?
Expand or collapse accordion

What you can do

Sign documents online
Create electronic signatures
Choose or create templates
Fill and sign PDFs
Complete online contracts
Document management
Explore features
icon arrow right

Use cases

Sales and business development
Human resources
Startups
Financial technology
Real estate
On-demand services
Products
Expand or collapse accordion
icon dropbox
Sign
Make it easy to send and sign
icon dropbox
Sign API
Integrate eSign in your workflow
icon dropbox fax
Fax
Send faxes without a fax machine
icon dropbox integrations
Integrations
We meet you where you work
Resources
Expand or collapse accordion
Blog
Workflow expertise & product news
Customer stories
Real-world stories with real results
Help center
In-depth guidance for our products
Resource library
Reports, videos, and info sheets
Developers
Pricing
Expand or collapse accordion
Dropbox Sign pricing
Find the right plan for you
Dropbox Sign API pricing
Real-world stories with real results
Contact sales
Sign up
Contact Sales
Sign in
Expand or collapse accordion
Dropbox Sign
Dropbox Forms
Dropbox Fax
Free trial
Blog
/
eSignatures fundamentals

Are eSignatures Secure?

by 
Claire Murdough
June 11, 2015
5
minute read
Are eSignatures Secure?
icon tooltip

New look, same great product! HelloSign is now Dropbox Sign.

icon close



Security is a top concern for anyone newly intro’d to eSignatures. For good reason, too! Verifying that your info is being kept safe and secure when dealing with sensitive documents is crucial when exploring any

‍

In this post, we’ll give a bit of background behind the security of eSignatures and break down critical security checkpoints.

‍

Are eSignatures secure?

‍

The quick answer: eSignatures are considered legal and secure with the level of security depending (in part) on your eSignature service provider. 

‍

In other words, eSignatures are secure when you work with a secure company.

‍

Diving Deeper: eSignature Security Checkpoints

‍

The ESIGN Act of 2000 passed measures to protect the legality of eSignatures (the act addresses when and where an eSignature is permissible in the US), but the security of eSignatures is closely connected to the level of security and protection offered by the eSignature provider.

‍

When it comes the basics of eSignature security, you’ll want to check off a few key points as you put a provider through the security test:

‍

  • Does the service offer true eSignatures? You'll want to verify that a provider offers eSignature technology that's compliant with the eSignature regulations in your state or location. The U.S. Electronic Signature in Global and National Commerce Act of 2000 (ESIGN), the Uniform Electronic Transactions Act (UETA), and the European EC/1999/93 Directive lay out specific compliance checkpoints for eSignatures and electronic transmissions.
  • Is there a way to validate the document should it ever be offered up as evidence in court? eSignatures have been legally permissible in court for years (since 2000 in the US). But if you should ever run into a legal challenge that questions the validity of a document or eSignature, having proof of timeline (via validated and time-stamped audit trails, for example) is a way to protect your signatures in court. You'll want to double-check that your eSignature has the security legs to hold up in the face of all court regulations.
  • Is my document encrypted? Encryption is a security measure used to protect information sent between a sender and a receiver. Encryption prevents any individuals or malicious 3rd party services from reading or interpreting the information sent between the original  parties. Working with a company that uses SSL (or Secure Sockets Layers) encryption for your documents is important in ensuring your docs are secured. Note: Encryption is important both during the document's journey and when a document is being stored!

‍

Additional Security for eSignatures

‍


In addition to some of the basic security checkpoints, having “extra” security support from is huge.  For example: a bank may enact security at the basic level, but they're still likely providing additional precautions for greater security. 

‍

should protect your sensitive info at various touch points.

Here are some additional security touch points to look out for:

  • Physical security. It’s easy to think of online services as existing entirely in an intangible “cloud,” but all tech services still require physical servers to store data. For example, Google has huge data storage centers located the world! And though most companies don’t require data centers the size of a small town, secure companies prioritize data storage security. You want to choose an eSignature company that has state of the art protection for its physical equipment.
  • Secure financial processing. Just as the security of the document is important, the security of any financial transaction is equally as important. You want to make sure any financial institution associated with the provider is equally as dedicated to keeping your information safe and secure. For example, at Dropbox Sign we work with a company called Stripe. Stripe is a PCI compliant company that provides bank-level security for any financial transactions between their service and a customer.
  • Additional security options (like 2-factor authentication)

    Many companies offering extra security features also offer methods that you can take into your own hands. 2-factor authentication, for instance, empowers a user to require a second login step. Extra steps like this add another level of protection to any account. These types of security options also create a stronger security net to protect against any malicious intent.
  • Support before and after eSignature adoption. The level of tech/customer support plays a crucial role in keeping your docs secure. Having easy and seamless access to a set of experts helps you maintain a secure experience for yourself and your customers and/or employees. Technical support is particularly valuable when integrating an eSignature API into your existing website. Connecting quickly on challenges or issues will be crucial when resolving any challenges and creating the best experience for your own users.

Best Practices for Protecting Sensitive Information

‍


Along with working with secure companies for online services, putting your own online habits to the test is another way to keep your info safe and secure. 

‍

A few bonus tips for maintaining a secure online presence:

‍

  • Using public Wi-Fi? Pass any activity through the “Yelling Test.” Would you yell the information you're entering online? If not, might be worth reassessing whether you should postpone the activity until you're on a secure network. You can also consider getting a tool like a VPN to set up a protected virtual network.
  • Password protect ALL your digital devices. Phones! Computers! Accounts! Apps! Any item or service that houses sensitive information is vulnerable if left without the protection of a secure (and regularly changed) password.

  • Update your security software. One way to stay out of the security muck is to keep up to date with all security updates for all software and services. Updates often include fixes for security bugs and/or software issues. Those “Updates available!” notifications can be easy to postpone, but be proactive in keeping software up to date.

‍

Stay in the loop

Done! Please check your inbox.

Thank you!
Thank you for subscribing!

Lorem ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum
icon arrow right
icon close

Up next:

Person working on a laptop at a desk. Screen shows an electronic signature being added to a document.
eSignatures fundamentals
8
minute read

SES, AES, and QES: Types of electronic signatures explained

Person signing a document on a tablet in a living room.
eSignatures fundamentals
5
minute read

How to validate a digital signature—and why it matters

Video

Digital collect Signed Waivers with Dropbox Sign

Products
Dropbox SignDropbox Sign APIDropbox FaxIntegrations
Why Dropbox Sign
Electronic signaturesSign documentsSign and Fill PDFsOnline contractsCreate electronic signaturesSignature editorSign word documents
Support
Help centerContact salesContact supportManage cookiesGetting started: Dropbox SignGetting started: Dropbox Sign API
Resources
BlogCustomer storiesResource centerLegality guideTrust center
Partners
Strategic PartnersPartners locator
Company
CareersTermsPrivacy
icon facebookicon youtube

Accepted payment methods

Mastercard logoVisa logoAmerican Express LogoDiscover logo
CPA Compliance BadgeHIPAA compliance badgeSky High Enterprise Ready badgeISO 9001 Certified badge

Dropbox Sign electronic signatures are legally binding in the United States, European Union, United Kingdom, and in many countries around the world.
For more information, please view our Terms and Conditions and Privacy Policy