Keeping Customer Data Safe in the Digital World

Rahim Kaba, May 18, 2017

Recent data breaches and malware phishing attacks have unfortunately become the “new norm” in today’s digital world. Cybercriminals target Internet users of all stripes to gain access to online accounts associated with an email address, such as online banking. A consumer alert from the IRS reported a 400% increase in online phishing and malware attacks during the 2016 U.S. tax season. Phishing attacks resulting from successful data breaches and stolen data is especially dangerous because it allows attackers to exploit credentials and infiltrate corporate systems to extract sensitive data and intellectual property.

No organization wants security scars and no organization is immune to these types of attacks, but there are certain measures you can take to minimize the risk to you and your customers. That’s why it’s important to do extensive due diligence when evaluating any type of cloud solution provider to ensure they have the necessary protocols and product capabilities in place to protect against data breaches and other security threats.

Security is understandably a top concern with digital transactions. Read on to understand eSignLive’s approach to keeping your data and your customers’ data safe and secure at all times.

Adhering to Cloud Security Standards

Recent reports of hacks and stolen data clearly demonstrate the need to engage with vendors that have strong security controls and processes in place. Many of the organizations that we speak to want assurance that the e-signature provider they partner with meets the necessary security requirements to keep document-based transactions safe and secure. This requires the right mix of people, processes and technology.

Regulated industries and high volume customer-facing transactions are eSignLive’s sweet spots, so we need to go above and beyond commonly used security protocols. Our ultimate goal is to protect your data so that you can remain compliant with standards imposed by your stakeholders. Our e-signature service is hosted on world-class cloud infrastructure services from Amazon, IBM and Microsoft with highly secure data centers and military-grade security of facilities. Moreover, we adhere to the most robust global cloud security standards in the market, such as SOC 2, HIPAA and FedRAMP. Our auditors keep us honest, ensuring that we attest to and implement security best practices – day in and day out – without exception. They can ask us to open up the e-signature kimono, if you will, at any given day or time to demonstrate compliance. This means that we have the necessary tools to detect and respond to threats, should they occur.

Offering Flexible Deployment Options

Businesses are making use of applications in the cloud more than ever before, but, trusting documents and data with another company can be nerve-racking. Therefore finding a dependable, security-conscious provider that offers flexibility is critical. Take deployment as an example. eSignLive offers the ability to deploy the solution in a public cloud, private cloud or on-premises behind your company’s firewall. Regardless of how you deploy the e-signature solution, we offer the same product, the same code base and the same user experience – without compromising on security or functionality. And if your IT, business or legal needs change over time, you have the flexibility to easily migrate from one deployment to the other. The ability to make these types of on-the-fly changes helps ensure you can keep business moving and eliminate (or at least minimize) security risks without impacting your employees, partners and customers.

White-labeling: The Best Way to Protect Your Brand

Risk aversion in the market has been a strong driver behind the branding customization and white-labeling capabilities in our eSignLive solution. Clearly, when an e-signature vendor’s logo and brand are a prominent part of your e-signing experience, it can create confusion and a disjointed experience. If the e-signature vendor’s system is breached, even though it is completely unrelated to you, it could very well have a spillover effect that impacts your company by association. Email addresses, or even worse, sensitive customer data could be stolen as part of a breach.

The advice we give our customers is to fully white-label the e-sign experience – from the web and mobile screens to the email notifications that are sent to signers. This is the #1 thing you can do to protect your brand and make it easier for your customers to detect suspicious emails. Ultimately, this comes down to creating and maintaining trust between you and your customers. The last thing you want is a third-party vendor’s brand as part of the signing experience – causing confusion and potential drop-off. Look for an e-signature provider that enables you to:

  • Remove all traces of the vendor’s brand
  • Integrate with your own email servers to allow emails to be sent from your domain (e.g., instead of theirs (e.g., sent via [insert vendor name])
  • Customize the content and look-and-feel of email notifications
  • Customize the colors, logo and the visibility of elements such as headers, navigation bars, footers, etc.
  • Customize dialog boxes and error messages

If your e-signature vendor leads with their brand and puts their brand front-and-center on e-signature notification emails, for example, that makes them and their customers more vulnerable to attacks.

Trust in the Digital World

Trust and security are at the heart of digital transformation. And your trust and the security of your digital transactions is our top priority. Together with our parent company, VASCO Data Security, we have decades of experience delivering e-signatures and authentication solutions to some of the world’s most trusted and security-conscious organizations. No one is immune to attacks, but we believe that our 20+ years of experience in the IT security segment is a real asset to our employees, partners and customers – who can transact digitally using our solutions with trust and confidence.

We strongly recommend researching the company that hosts your e-sign service to understand their product capabilities (including white-labeling, authentication, audit trails and document security), cloud security practices, certifications, track record and the frequency of their security audits. Your due diligence could expose past privacy breaches, incidents of data loss/leakage or other risks that could potentially harm your business and its customers.

Rahim Kaba is a passionate and results-driven digital technology leader who has played a key role in advancing digitization initiatives at organizations around the world. As VP Product Marketing at OneSpan, he leads the go-to-market strategy of the company's growing portfolio of solutions.