Are eSignatures Secure?

Security is a top concern for anyone newly intro’d to eSignatures. For good reason, too! Verifying that your info is being kept safe and secure when dealing with sensitive documents is crucial when exploring any

‍

In this post, we’ll give a bit of background behind the security of eSignatures and break down critical security checkpoints.

‍

Les signatures électroniques sont-elles sécurisées ?

‍

The quick answer: eSignatures are considered legal and secure with the level of security depending (in part) on your eSignature service provider. 

‍

In other words, eSignatures are secure when you work with a secure company.

‍

Diving Deeper: eSignature Security Checkpoints

‍

The ESIGN Act of 2000 passed measures to protect the legality of eSignatures (the act addresses when and where an eSignature is permissible in the US), but the security of eSignatures is closely connected to the level of security and protection offered by the eSignature provider.

‍

When it comes the basics of eSignature security, you’ll want to check off a few key points as you put a provider through the security test:

‍

• Does the service offer true eSignatures? You'll want to verify that a provider offers eSignature technology that's compliant with the eSignature regulations in your state or location. The U.S. Electronic Signature in Global and National Commerce Act of 2000 (ESIGN), the Uniform Electronic Transactions Act (UETA), and the European EC/1999/93 Directive lay out specific compliance checkpoints for eSignatures and electronic transmissions.
• Is there a way to validate the document should it ever be offered up as evidence in court? eSignatures have been legally permissible in court for years (since 2000 in the US). But if you should ever run into a legal challenge that questions the validity of a document or eSignature, having proof of timeline (via validated and time-stamped audit trails, for example) is a way to protect your signatures in court. You'll want to double-check that your eSignature has the security legs to hold up in the face of all court regulations.
• Is my document encrypted? Encryption is a security measure used to protect information sent between a sender and a receiver. Encryption prevents any individuals or malicious 3rd party services from reading or interpreting the information sent between the original  parties. Working with a company that uses SSL (or Secure Sockets Layers) encryption for your documents is important in ensuring your docs are secured. Note: Encryption is important both during the document's journey and when a document is being stored!

‍

Additional Security for eSignatures

‍

In addition to some of the basic security checkpoints, having “extra” security support from is huge.  For example: a bank may enact security at the basic level, but they're still likely providing additional precautions for greater security. 

‍

should protect your sensitive info at various touch points.

Here are some additional security touch points to look out for:

• Physical security. It’s easy to think of online services as existing entirely in an intangible “cloud,” but all tech services still require physical servers to store data. For example, Google has huge data storage centers located the world! And though most companies don’t require data centers the size of a small town, secure companies prioritize data storage security. You want to choose an eSignature company that has state of the art protection for its physical equipment.
• Secure financial processing. Just as the security of the document is important, the security of any financial transaction is equally as important. You want to make sure any financial institution associated with the provider is equally as dedicated to keeping your information safe and secure. For example, at Dropbox Sign we work with a company called Stripe. Stripe is a PCI compliant company that provides bank-level security for any financial transactions between their service and a customer.
• Additional security options (like 2-factor authentication)
  
  Many companies offering extra security features also offer methods that you can take into your own hands. 2-factor authentication, for instance, empowers a user to require a second login step. Extra steps like this add another level of protection to any account. These types of security options also create a stronger security net to protect against any malicious intent.
• Support before and after eSignature adoption. The level of tech/customer support plays a crucial role in keeping your docs secure. Having easy and seamless access to a set of experts helps you maintain a secure experience for yourself and your customers and/or employees. Technical support is particularly valuable when integrating an eSignature API into your existing website. Connecting quickly on challenges or issues will be crucial when resolving any challenges and creating the best experience for your own users.

Best Practices for Protecting Sensitive Information

‍

Along with working with secure companies for online services, putting your own online habits to the test is another way to keep your info safe and secure. 

‍

A few bonus tips for maintaining a secure online presence:

‍

• Using public Wi-Fi? Pass any activity through the “Yelling Test.” Would you yell the information you're entering online? If not, might be worth reassessing whether you should postpone the activity until you're on a secure network. You can also consider getting a tool like a VPN to set up a protected virtual network.
• Password protect ALL your digital devices. Phones! Computers! Accounts! Apps! Any item or service that houses sensitive information is vulnerable if left without the protection of a secure (and regularly changed) password.
• 
  Update your security software. One way to stay out of the security muck is to keep up to date with all security updates for all software and services. Updates often include fixes for security bugs and/or software issues. Those “Updates available!” notifications can be easy to postpone, but be proactive in keeping software up to date.
  
  

‍