Digital Signatures and its Evolving Risks Getting Huge Enterprise Attention

17
Digital Signatures

Starting September 1st, the lifespan of publicly rooted digital certificates will be limited to a little over a year – from 27 months down to 13 (or 825 days to 398 days to be exact).

Digital signatures are becoming increasingly common to certain types of legal contracts, as well as ROAs and SOAs.

In their second wave of popularity, the broader community acceptance is driving more professionals to use digital signatures as an added service for their clients.

While digital signatures bring in many benefits for clients in terms of using up lesser time and offering greater convenience, there are multiple benefits from an adviser’s perspective as well.

Cutting down on travel time

This is the greatest benefit that it not only reduces their time commitment but also improves the lives of their clients by allowing them to sign documents ‘on the run’ or at other times when they really cannot physically get to the office to sign documents.

Read More: Vulnerability Management Becomes Critical for a Digital Enterprise

The benefits of using digital signatures are specifically high for those advisers who present geographically dispersed clients.

Faster implementation of the advice

In the current market volatility, any delay in signing documents can often get costly. The advice can often not be implemented without having a signature from the client approving the changes.

Improved data security and control

Thanks to electronic signatures, documents that have been signed can be easily stored electronically in a highly-secure environment. The security technology is likely to be of a higher standard than the basic technology available to a small financial advice business.

Failing to secure data in the future will not only increase the costs in terms of reputation but also in terms of remediation damage.

Client resistance to technology is diminishing

The reason why digital signature technology is undergoing a renaissance is that clients are now more comfortable with technology in general. As the client becomes accustomed to doing their banking on a mobile, the leap to digital signs to the cloud will get a lot more manageable.

Read More: Patient Data Breach – Cybercriminals Targeting Healthcare Organizations

But, electronic signatures aren’t fool-proof. It comes with a very real risk of forgery. Proving forgery or fraud in digital signatures can get especially tricky. And, electronic transactions spread further and faster than any traditional paper signature, so once the security has been compromised, the damage can occur instantaneously as well.

So, if electronic signatures are used, it is important to ensure that they are properly secured. Using strong password protection along with 2-factor authentication wherever possible is the key to be secure. It is important to be extra cautious about not leaving the signature vulnerable.

The host of risks associated with digital signatures cannot be ignored. The best example of this is how despite a decision by the CA/B Forum not to limit certificate lifespans to one-year, Apple made a unilateral decision back in February to limit the lifespan of accepted TLS certificates with Google and Mozilla following suit.

Along the way, there has been considerable discussion about the benefits of shortened certificate lifetimes versus the additional management overhead required by consumers of these certificates to rotate them on a more frequent basis.

Chris Hickman, the chief security officer at Keyfactor, a leading provider of secure digital identity management solutions, says:

“Expired certificates continue to be a massive problem, costing companies millions of dollars due to outages every year. On top of that, more frequent expired certificate warnings may result in web visitors becoming more comfortable bypassing the security warnings and error messages.

Read More: How to help Non-Tech Board members understand Cyber Risks

However, certificate subscribers frequently forget how or when to replace certificates, causing service outages from unexpected expiration. Our research shows that 71 percent of businesses don’t even know how many certificates they have – leaving them ill-equipped to manage these new shorter life certificates at scale.

While the new limit aims to make everyone more secure, if your internal management process does not leverage certificate automation, your company may actually become less secure and more prone to outages.

If you’re still using manual processes (e.g., spreadsheets) to manage these certificates, your workload has virtually doubled overnight. These workload increases also create more opportunities for misconfiguration of applications or devices using those certificates.

Furthermore, the significant reduction in the validity period will result in more frequent certificate issuance. This will lead to substantial increases in the annual fees for certificate consumers due to increased costs to businesses maintaining the certificates (especially for OV and EV certificates).

These are mostly the long-term effects that this change will bring, but CA, website owners, and even end-users could be affected immediately after the Sept. 1 change occurs.”

So, to conclude, the electronic signatures are no doubt more useful and more environmentally friendly than their paper counterparts. However, if managed incorrectly, they can pose serious headaches leading to identity theft, cyber fraud, or simply time-wasting frustration.