Privacy-first eSigning
Seamless Identity Check
Digital Twin
Lifecycle Updates
Simple API Integration
Real estate
Financial Services
Healthcare
Education
All industries
Sales
HR
Procurement
Legal
Legal Validity
Blog
News
What would happen if anyone could read the documents you send to your recipients for eSignatures?
As scary as that sounds, it may not be that far from the truth. There are dozens of ways your data could get exposed if not protected correctly. At this very moment, your privacy could be at risk by simply using what you considered a safe service so far.
Proper privacy for eSignature documents can only be achieved through asymmetric, full end-to-end encryption. Without it, there are many loopholes in the complex process of sending documents online, all of which could lead to a data leak with serious consequences for your organization.
Choosing a provider with a privacy-first mentality is essential in order to preserve your confidential information. And while shiny marketing often advertises all kinds of smart tools and benefits, it’s privacy that should be the focus, since the lack of it can have severe consequences for your organization.
Here Is Why Insufficient Privacy With eSignatures Is a Huge Risk
Moving a traditionally analog process online usually comes with benefits and risks, and eSignatures are no exception. There’s little argument that efficiency and convenience are improved significantly, which is why most businesses are have made the switch or are at least considering doing so.
Unfortunately, the process also comes with an increased risk to your documents. Where with wet signatures, it was a physical document ideally only handled by you and the countersigning party, the pathway of a digital document is much more complex and convoluted.
eSignature documents travel from you to the recipient – correct. But there can be any number of hops in between, potentially spanning the entire globe, without you ever knowing the details. It’s not uncommon for your documents to touch ten or more stations along the way, and virtually all of them can present an inherent risk to your privacy.
Not only is your data at risk at every point if not protected sufficiently, but large-scale crime is also much easier to pull off online than in the real world: For someone to steal 10,000 of your most sensitive documents in physical form, they’d have to collect and transport quite a large number of pages, making the entire heist cumbersome and difficult. Online, however, that’s all done with a single click of a button.
Therefore, the slightest risk to a single one of your documents means that every single document you’re sending could be compromised in seconds. And in most cases, you’d never know a breach happened until it’s too late.
That’s why a focus on privacy with eSignatures is not just a nice-to-have but your only option if you value your data.
Here’s Why eSigning Privacy Matters for Your Organization
Privacy might not be the first thing that comes to mind when deciding on an eSignature provider. But it should – because without it, there are a lot of questions you have to ask yourself.
| Without eSigning privacy… | The risk to your organization |
| You have to control WiFi access | Your WiFi could be breached and access to your documents gained |
| You have to control where people work | Someone could access your documents through an insecure public WiFi |
| You need to limit activity on work computers | By simply browsing, your people are targets for all kinds of cybercrime |
| Your ISP could intercept your traffic | Your sensitive data could be used for analytics and shared with others |
| Your government could read your documents | You’ll never know which agency now has access to your data |
| Your government’s allies could get a copy, too | Your sensitive documents could end up in the hands of your competitor’s government |
| Your eSignature provider may be reading all your documents | You can’t keep anything private from your eSignature provider, no matter how confidential |
| You’re in trouble when your eSignature provider gets hacked | Your most sensitive documents could end up for sale, or being used to blackmail you |
| You’re at the mercy of your recipients | They get hacked – and your privacy is breached |
Sound scary? That’s because it is. Ask yourself every one of these questions to determine if your documents are at risk.
How secure is your (home) office WiFi?
The average WiFi connection can be cracked quite easily. The vast majority of users use wireless connections to connect to the internet, transferring every single bit of information over relatively insecure channels. All it takes is a hundred dollars and a few hours on YouTube to allow anyone interested to hack into the average WiFi connection.
Unless you can be 100% certain any WiFi connection used by your employees is secure, your data is at risk. And while it’s one thing to strengthen security at your office, can you do the same thing for the homes of every one of your employees?
Where else are your employees working?
Work-from-anywhere includes a lot of risky places. Many coffee shops, airports, train stations, stores, and even entire cities provide free WiFi access nowadays, making working from anywhere as tempting and easy as never before. And while that’s great, it’s also completely out of your – or their – control in terms of the level of privacy provided.
If anyone in your organization works flexibly from multiple locations, your privacy is likely already breached. Hacking into someone’s computer on a public WiFi is so tempting there are inofficial competitions where people do it for fun. Until it’s not just for fun anymore.
What else are your work computers used for?
Many people use their work computers for private matters as well – and that’s a risk. Even if there is no malintent, the internet is a dangerous place by definition. Phishing, spoofing, spyware, malware, or just a good old virus – the more time people spend browning random places and especially interacting with strangers online, the higher the risk of catching something unwanted with potentially devastating consequences for your privacy.
Unless your people use their computers exclusively for work, accessing whitelisted websites, and using pre-screened tools, there will always be a certain risk. Given that it’s almost impossible to limit or control every single step a user takes on their computer, opting for a solution that preserves your privacy no matter what is the only sustainable way.
Who’s your internet service provider (ISP)?
Depending on your location and your choice of ISP, you might be exposed a lot more than you think. By definition, an ISP gets their hands on every single piece of information you send or receive online. And while most of them will respect your privacy, the lines between “collecting data for analytics” and blatantly breaching your privacy often blur.
What would happen if your ISP could read all of your sensitive documents? Admittingly, the chances of that actually happening are very low. It’s likely they only track your browning activity. But they are tracking you – and to what extend depends on your choice of ISP, as well as what they’re legally allowed to collect in the first place where you’re located.
What are privacy laws in your country?
You may have forfeited your right to complete online privacy by simply living and working where you do. Many countries have introduced laws that allow the government to surveil and intercept users’ internet traffic in certain scenarios. And guess what? You’ll never know if that certain scenario applies to you right now.
Even though you’re not breaking the law – do you want your government to get copies of all your sensitive documents? OK, unless you’re in China or similar, chances of them mass-grabbing all your data are very low. But even selectively intercepting your traffic could have unwelcome consequences if it happened at the wrong time.
Who does your government exchange information with?
If your government can listen in on your internet traffic, so can others. There are official alliances and multilateral agreements in place that allow governments to freely exchange information collected from internet users. This means that, by now, your unencrypted documents could be in the hands of any allied government, getting picked apart by the tentacles of their internet security agencies.
If your documents are out there unencrypted, they could travel very far very quickly – without you ever knowing. Especially in a western democracy, there is usually a “plausible cause” required to surveil and share sensitive information. But then, who defines a plausible clause, and how can you make sure not to become a victim of an overzealous government security expert?
What are the access rules of your eSignature provider?
Your eSignature provider may be reading your documents – even the “encrypted” ones. There are many scenarios where access is “required”: There is the “rule of least privilege” that states that access is limited to strictly necessary positions and processes, but it states there is access anyway. There are smart tools that use Artificial Intelligence to improve your workflow – by analyzing and sorting the content of your documents.
Encryption means nothing if your eSignature provider can circumvent it. It’s safe to assume that most eSignature providers will implement the “rule of least privilege” responsibly and actually provide a tangible benefit with their AI-driven smart tools. Nevertheless, the fact that there is access to your documents, even though they might be “encrypted” by your provider, should raise a red flag when making decisions about your privacy.
How secure is your eSignature provider?
Some of the most valuable and best-protected companies in the world have been hacked. Since sophistication on the protecting side increases at roughly the same pace as sophistication of cyber-attacks does, it’s always a cat-and-mouse game to stay safe online for companies. And with the number of (successful) attacks increasing at an alarming rate, it’s only a matter of time until your eSignature provider makes this list.
A data breach is a question of “when”, not “if”. And when that breach happens, what would be the consequences for all the (insufficiently encrypted) documents you’ve ever stored on their servers?
Bonus: Where do your customers work and live?
Even if you manage to secure your end of the eSignature process – can you say the same thing about everyone you send documents to? Because just like weak WiFi protection at home and using public networks is a threat to your end, it’s exactly the same for the recipients of your documents.
If your documents reach your recipient insufficiently encrypted, your privacy is likely breached. Numerous scenarios put your recipient at risk when it comes to cyber security, and none of them are within your control. Unless they receive properly encrypted documents only they can decrypt, you should be worried.
The Bottom Line
eSignatures are here to stay: Their benefits are simply too numerous to ignore. And in a world that’s rapidly moving to a remote-first attitude, they are likely the only thing that keeps legal correspondence up and running flawlessly.
However, they present a serious threat to your organization if the matter of online privacy is ignored. Many eSignature providers fail to offer adequate privacy for your most sensitive documents, whether that’s due to a lack of encryption altogether or by offering server-side encryption that then can be bypassed by certain users or smart tools. And they’re not even the only issue: Before and after your documents pass through the eSignature provider’s servers, there are numerous threats of interception that could prove devastating if the documents are not encrypted properly.
Luckily, modern encryption technology solves all of the issues mentioned above. The solution is called asymmetric, full end-to-end encryption, which means the documents get encrypted at the first point of contact – on your computer. They then travel across all the hops in a completely encrypted state and arrive at your recipient’s computer where only they can decrypt it – with a different key sent directly to them.
Whether it’s your neighbor, your ISP, or the hacker who breached the city’s public WiFi – the result is the same, once your security is breached, your documents are out there to read. The only way to maintain your online privacy is to never send unencrypted documents at all.
