Jul 15 2021

4 Tips to Ensure the Security of Digital Signatures at Your Agency

Protect electronic documents by following these suggestions.

For many federal employees, remote work has become the norm rather than the exception. The sudden shift forced agencies to digitize a number of analog processes nearly instantly, including the adoption of digital signatures in lieu of handwritten, “wet” signatures. Here are four tips to ensure digital signatures are secure:

1. Differentiate Between Digital and Electronic Signatures

Electronic signatures became popular because they are easy to implement. People can sign documents by using a mouse or their finger to “write” a signature on a screen that is transferred onto a document. There are no regulations governing this practice, so the customer has to trust the signature is secure.

A digital signature comes with enhanced security. When a document is signed, the signature is authenticated against an electronic fingerprint that validates the person’s identity. That information is stored in the document and will show if anyone tampers with the document after it has been signed. 

RELATED: What is an electronic document management system? 

2. Manage Signed ­Documents with Automated Processes

Before they’re signed, documents must be created and edited; once signed, they must be stored and tracked. Doing this manually creates numerous opportunities for human error, which could violate compliance mandates or internal policies. 

Automation tools create a path for electronic documents that guides the worker through the process. This makes managing the document lifecycle easier and minimizes the chance of error. 

3. Use PKI or PGP in Conjunction with the Signature

Public key infrastructure and Pretty Good Privacy both strengthen digital signatures and minimize the chance of security issues related to transmitting public keys on public networks. PKI and PGP validate the key, ensure it belongs to the sender and authenticate the sender’s identity. Without PKI or PGP, attackers can easily impersonate someone. PGP is based on a simple peer trust model, but most security professionals insist on PKI because it offers stronger authentication.

4. Confirm the ­Signature ­Meets Federal Standards

Federal agencies should follow the Federal Information Processing Standards Digital Signature Standard, which specifies a number of mathematical algorithms to generate digital signatures. Following DSS will improve efficiency, reduce or completely eliminate paper, and facilitate the adoption of digital signatures across different departments.

KEA1977/Shutterstock