Stay Informed

E-signatures Overview: What You Need to Know!

e signature on tablet graphic

With today’s technology, an electronic signature (e-signature) can be as simple as a typed name or a digital image of a handwritten signature. Unmistakably uncomplicated on the user’s side, with the benefit of security- an e-signature can have the same legal validity and enforceability of the traditional pen signature.

The terms “electronic signature” and “digital signature” are often confused and used interchangeably. However, the distinction is important when it comes to the integrity and security of documentation. An electronic signature is a simple way to indicate consent on a digital document, whereas a digital signature is the technology that secures the electronic signature.

Out with the old, in with the new…with good reason!

An electronic signature delivers the level of trust and security that a customer wants and needs. Some are hesitant to adopt e-signature technology because they are comfortable with paper signature, but e-signature has more security benefits than a traditional pen on paper signature! An e-signature carries layers of information about who signed what, when, where, and how, through an audit trail. This protects the integrity of your signatures, whereas paper signatures are vulnerable to forgery. After all, it’s possible to reproduce a traditional pen on paper signature as well as to alter paper documents after they have been signed.

Levels of security for a variety of users

Digital signature security ensures that the signer is who they claim to be through authentication, which is any process through which you prove and verify information. In e-signature processes, there are multiple levels of ID validation to choose from, therefore different levels of security. The minimum level is to use a valid email address. Want even more security? Further validation can include SMS, adding 3rd party customized advanced methods, or by using the ultimate solution – Public Key Infrastructure (PKI) private key generation as provided by an add-on Entrust software as a service (SaaS). Industry regulations for security in e-signature include ESIGN, UETA, PIPEDA, ECA, and the EU Digital Signature Directive.

What about even stronger protection?

Digital signature refers to the use of a key pair- a public and a private key. Public Key Infrastructure will ensure that your privacy needs are met and that a signing party cannot deny that they signed. The public key, as the name implies, is shared publicly among the aspects that come into contact with the document. The private key is not shared. A signed document is encrypted with both keys, which prevents tampering or other modifications. The only communication of keys between the client and the server are the signed certificates that contain the client public key. E-signature ensures integrity due to the PKI workflow. It makes sure that the content of the document has not been changed or altered in any way since it was digitally signed. Each document is ensured to be in-tact and tamper-evident through the cloud-based PKI Digital Signature Scheme, which assures the integrity of the document and signatures every step of the way.

Can a signer deny that they signed a document? The risk of a signer denying that they signed a document is minimized in the case of PKI based e-signature because a customer’s signature is permanently bound to the exact contents of the document at the time of signing. Since the private key is personal and secret, the signers of a document cannot make claims that they did not sign the document. Process evidence and platform monitoring protects the security of customer data. An audit trail tracks the steps in the signature process in order to verify the signer and document authenticity. This involves application and system logging that provides a digital record of the users accessing the document.

Legality in Canada

Various governments across the world recognize e-signatures. They aim to build confidence in electronic commerce and the technology underlying it. So, what is the law concerning e-signature in Canada? The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), describes the use of secure “electronic signatures” in Canada:

  • the electronic signature must be unique to the person using it;
  • the person whose electronic signature is on the document must have control of the use of the technology to attach the signature;
  • the technology must be used to identify the person using the electronic signature;
  • the electronic signature must be linked to an electronic document to determine if the document has been changed after the electronic signature was attached to it.

Algonquin – Increasing E-Signature Use!

Use of Signority (www.signority.com) – a SaaS electronic signature service – at Algonquin is growing. As just one-use case example, before e-signature was implemented within the Centre for Continuing and Online Learning (CCOL), academic staff would receive a contract attached to an email, and then print, sign, scan, and attach to another email to send it back, or fax it back or mail it back to the College. This entire process meant that it would take weeks for the College to receive all its contracts. Since implementing e-signature using Signority, it now only takes several days to send and receive most contracts each school term, and many staff have positively commented on how much they prefer the new electronic process.

Most departments have a need for routing and signing agreements of one form or another, either internally or externally. It is highly recommended to staff that they try an e-signature pilot to see how it might aid their business area. Licenses are provided by ITS thus there is no software cost to the end department. Check out Signority for yourself and see how easy it is to use!

 

Craig Delmage, CISSP

Senior Manager, Information Security and Data Privacy

Mobile Security and Privacy

Mobile Security and Privacy

Mobile photo cartoon

Mobile phones are increasingly being used for all kinds of fun and productivity, and this includes using them for all kinds of reasons in support of education. Many Algonquin College students are using the Brightspace, Adobe Creative Cloud, and Algonquin College mobile applications, among many others. However, despite this increased utility, it is important to note that the potential threats out in cyberspace have greatly increased requiring all users to take extra precaution. In 2017, Google took down over 700,000 bad Android apps, 99 percent of apps with abusive content were identified and rejected before anyone installed them.

Here are some tips to reduce smartphone security risks and potential loss of your personal and valuable information:

  1. Label your device with your name and telephone number, and record your device’s unique manufacturer’s serial number, Wi-Fi and Bluetooth addresses, as well as your International Mobile Station Equipment Identity (IMEI) number in case you lose your device. Canadian cellular service providers have maintained a national lost and stolen IMEI blacklist.You can check IMEI at https://www.devicecheck.ca/check-status-device-canada/
  2. Use a strong password or PIN (preferably 6 numbers) to access and lock the device. Don’t have a password on your device? Create one today. If your phone has the fingerprint ID feature enable this as well.
  3. Keep the mobile device software up to date. Only 19% of Android users are using the most updated OS version, and only 50% of Apple users have the most up to date IOS version.Keep your phone updated, this prevents criminals and hacktivists from exploiting software vulnerabilities.
  4. Carefully check the URL to which you are connecting. Incorrect URLs can lead to a malicious website that may compromise your device, make sure the web address begins with HTTPS, and not HTTP.
  5. Avoid using the web browser “Save Password” feature. Some rogue websites can steal your stored passwords using common web browser vulnerabilities, if you need to store your passwords, use a password manager such as Lastpass.
  6. Connect to secure Wi-Fi networks only. Open, unsecured networks may seem like a great way to connect to the internet, however they often come at a cost. Open networks don’t encrypt your information, thus anybody with often simple tools can view your data as it is transferred from your device to the wireless access point. You should never conduct internet banking on unencrypted networks.Strongly consider using virtual private network (VPN) software on your mobile, to keep your communications private.
  7. Do not “jailbreak” or “root” a device. Jailbreaking may bring you some benefit, such as allowing you to “sideload” additional apps from non-Apple Store or Android Store servicesbut doing so allows hackers to circumvent security control and use the device without your knowledge.
  8. Consider installing antivirus and antimalware software. Particularly with Android devices, it is important to install extra protection. There are numerous free products available such as Avast! Free Mobile Security and Avira Free Mobile Security that provide basic protection.
  9. Research the app that you wish to download. Over 40% of apps do something malicious, such as steal your personal data, and it was found that the Google Play Store apps that have malware were downloaded 500,000 times. Check the privacy statement carefully before installing.