One of the most important upgrades for any business is adding support for electronic signatures to their business management system, because it provides assurance for other users and interested parties that updates and access requests have been made by the user specified, and that business process approvals have been granted explicitly by each user for a specific and documented purpose.

We strongly recommend issuing hardware security tokens to all users, and requiring that they are used for login authentication, and authorising update requests and data access requests.

However, we also recommend issuing a second hardware security token to each user that is responsible for business process approvals, so such approvals require a physically distinct token.

It is possible to use software security tokens or other mechanisms to achieve a similar effect, but they do not provide the same level of assurance, due to them having more security vulnerabilities.

Hardware security tokens are available from multiple manufacturers, based on the U2F and FIDO standards, with prices from £3 to £75, with little discernible difference in security assurance.

For maximum assurance of business process approvals process, the second hardware security token should be physically removed from the user device between approvals, with automatic verification.

The current generation of hardware security tokens are not quantum-safe, but restricting access to users’ public keys, regularly replacing them, and storing the signatures in blockchains that are quantum-safe will substantially reduce the practicality of successful cyber-attacks.

From a cyber security perspective, it is important to acquire and distribute hardware security tokens through a trusted supply chain, so we recommend anonymous purchase from randomly selected distributors by the owners or managers of the business, who allocate them to users, and supervise initial setup.

Users should be trained to protect their hardware security tokens from loss or tampering, although such attacks are fairly difficult in practice, unless management are allowed to bypass the token allocation.

One of big benefits of adopting electronic signatures across the business is the assurance it provides of data provenance, which is absolutely critical in hybrid working environments, where distribution of the workforce would otherwise be dependent on insecure communications, such as email, telephone and video conferencing.

This is particularly important where users make safety critical decisions, based on information provided by other users inside or outside the business, but it also applies to financial decisions, and is consequently relevant to fraud protection and detection, including insider threats.

Contact Us

    Item added to cart