Connect with us

Hi, what are you looking for?

Electronic Signatures

1 May 2024: An article by Dropbox Sign (formerly HelloSign) revealed a security breach that exposed customer data. 

Trusted Security
Trusted Security

An article released by Dropbox Sign on 1 May 2024 revealed that unauthorised access was gained to customer data on their production environment. According to the article, “A threat actor had accessed data including Dropbox Sign customer information such as email addresses, usernames, phone numbers, and hashed passwords, in addition to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”  

Furthermore, in this article, Dropbox Sign informed customers that those who received or signed a document through Dropbox Sign also had their email addresses and names exposed, even if they did not create an account. 

The importance of a heightened security posture for Electronic Signature vendors 

The saying, “It’s not whether you are going to get hacked, it’s when you get hacked,” comes to mind. eSignature Applications not only store a magnitude of sensitive personal data about the signers but also the content of sensitive contracts, together with identifiable personal information. 

It is, therefore, imperative to ensure that an eSignature vendor has a strong security posture when choosing one. Sending documents for signature, using open email links that can be easily spoofed or forwarded to others, is still common practice among some electronic signature vendors and should raise red flags. Applying multi-factor authentication should be the first step towards protecting customer data. 

Prioritising ease of use over security is often the leading cause of major security breaches. A strong security posture means that the vendor prioritises security and then looks at intelligent front-end designs to ensure a good user experience. 

Security beyond the Application layer 

Encrypting communications between the customer and the application layer is critical, but it is simply not enough. Data should be encrypted in transit and at rest (database layers) to ensure that personal data is not in a readable format, should a breach take place. 

A strong security posture does not end with good encryption and strong firewalls. It includes a holistic view of networks, information security, network security, data security, and Internet security across all attack surfaces. 

Regular penetration testing, vendor risk management policy, vulnerability management policy, and security awareness training for all employees have become vitally important when implementing and upholding good security controls and a strong security posture. 

Cyber Security Considerations when Choosing an Electronic Signature Vendor

When choosing an electronic signature vendor, attention to their security posture is as important as a probe into their approach to managing risk. Three major areas address risk mitigation and should be considered an absolute minimum when choosing a vendor. Make sure your Electronic Signature vendor offers these as standard: 

  1. Managed XDR 
  1. SOC (System and Organisation Controls) 2 Level Protection Managed WAF 
  1. Uptime Monitoring and Reporting 

 Read more on these: Strong security for Electronic Signature applications

Print Friendly, PDF & Email

You May Also Like

Electronic Signatures

In the dynamic landscape of modern business, efficiency isn’t just a buzzword; it’s the heartbeat of success. That’s why we’re thrilled to announce the...

Electronic Signatures

Electronic signature workflow software for the educational sector provides a seamless and secure experience for educational institutions to handle administrative tasks such as enrollment,...

Electronic Signatures

Digital signatures play a crucial role in modern document authentication, ensuring security and integrity in various online transactions. Among the different types of digital...

Electronic Signatures

An article released by Dropbox Sign on 1 May 2024 revealed that unauthorised access was gained to customer data on their production environment. According...

Electronic Signatures

An online signature refers to any web-based signature, such as a digital or electronic signature. This means it’s a person’s handwritten signature in digital...

Electronic Signatures

The use of electronic signatures has brought about a significant transformation in the way businesses operate in today’s digitally-driven world. This has led to...

Electronic Signatures

The shift towards electronic signatures in today’s digital landscape has revolutionised how documents are handled. Among the various types of electronic signatures, advanced electronic...

Electronic Signatures

Electronic signatures have become essential to any business as they provide security, convenience and efficiency in various business transactions. A comprehensive understanding of the...

Electronic Signatures

In recent years, remote work, also referred to as “off-site” or “hybrid” work, has emerged as a viable solution to many workplace challenges. With...

Electronic Signatures

eSign refers to signing a document electronically. It is often called eSignatures, and they are the digital equivalent of handwritten signatures. eSign provides a...

Copyright © 2023 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.