Connect with us

Hi, what are you looking for?

Electronic Signatures

1 May 2024: An article by Dropbox Sign (formerly HelloSign) revealed a security breach that exposed customer data. 

Trusted Security
Trusted Security

An article released by Dropbox Sign on 1 May 2024 revealed that unauthorised access was gained to customer data on their production environment. According to the article, “A threat actor had accessed data including Dropbox Sign customer information such as email addresses, usernames, phone numbers, and hashed passwords, in addition to general account settings and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”  

Furthermore, in this article, Dropbox Sign informed customers that those who received or signed a document through Dropbox Sign also had their email addresses and names exposed, even if they did not create an account. 

The importance of a heightened security posture for Electronic Signature vendors 

The saying, “It’s not whether you are going to get hacked, it’s when you get hacked,” comes to mind. eSignature Applications not only store a magnitude of sensitive personal data about the signers but also the content of sensitive contracts, together with identifiable personal information. 

It is, therefore, imperative to ensure that an eSignature vendor has a strong security posture when choosing one. Sending documents for signature, using open email links that can be easily spoofed or forwarded to others, is still common practice among some electronic signature vendors and should raise red flags. Applying multi-factor authentication should be the first step towards protecting customer data. 

Prioritising ease of use over security is often the leading cause of major security breaches. A strong security posture means that the vendor prioritises security and then looks at intelligent front-end designs to ensure a good user experience. 

Security beyond the Application layer 

Encrypting communications between the customer and the application layer is critical, but it is simply not enough. Data should be encrypted in transit and at rest (database layers) to ensure that personal data is not in a readable format, should a breach take place. 

A strong security posture does not end with good encryption and strong firewalls. It includes a holistic view of networks, information security, network security, data security, and Internet security across all attack surfaces. 

Regular penetration testing, vendor risk management policy, vulnerability management policy, and security awareness training for all employees have become vitally important when implementing and upholding good security controls and a strong security posture. 

Cyber Security Considerations when Choosing an Electronic Signature Vendor

When choosing an electronic signature vendor, attention to their security posture is as important as a probe into their approach to managing risk. Three major areas address risk mitigation and should be considered an absolute minimum when choosing a vendor. Make sure your Electronic Signature vendor offers these as standard: 

  1. Managed XDR 
  1. SOC (System and Organisation Controls) 2 Level Protection Managed WAF 
  1. Uptime Monitoring and Reporting 

 Read more on these: Strong security for Electronic Signature applications

Print Friendly, PDF & Email

You May Also Like

Electronic Signatures

Efficiency and convenience are critical to success in the highly competitive real estate industry. Traditional paper-based processes can hinder transactions, leading to delays and...

Electronic Signatures

A short story of Mike’s incredible journey from chaos to bliss   Meet Mike. No, not your coworker Mike from IT—Mike is a document....

Electronic Signatures

Digital signatures play a crucial role in modern document authentication, ensuring security and integrity in various online transactions. Among the different types of digital...

Electronic Signatures

NEWS FROM SIGNIFLOW Welcome to our June newsletter! This month is packed with exciting updates and innovations from SigniFlow. We’re thrilled to announce our...

Electronic Signatures

In the dynamic landscape of modern business, efficiency isn’t just a buzzword; it’s the heartbeat of success. That’s why we’re thrilled to announce the...

Electronic Signatures

The legality of electronic signatures in Ghana has become increasingly important in recent years as the country embraces digital transformation. As businesses and individuals...

Newsletter

NEWS FROM SIGNIFLOW Welcome to the May newsletter In this edition, we will focus on the education sector and all the new and exciting...

Electronic Signatures

Electronic and digital signatures are crucial components of the modern Australian business landscape. While both allow for the digital signing of documents, many businesses...

Electronic Signatures

eSign refers to signing a document electronically. It is often called eSignatures, and they are the digital equivalent of handwritten signatures. eSign provides a...

Electronic Signatures

SigniFlow Electronic Signatures in Ghana are revolutionising the way businesses and individuals handle document signing and approval processes. With the increasing adoption of digital...

Copyright © 2023 - SIGNIFLOW© SOFTWARE
Disclaimer: The information in this BLOG is provided for general informational purposes only and is the opinion of the author only. No information contained in this blog should be construed as legal advice from SigniFlow or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this blog should act or refrain from acting on the basis of any information included in, or accessible through, this blog without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue.