Electronic signatures have grown more prevalent across all industries. Human resources, especially, have adopted various methods of digital fingerprinting for greater convenience, smoother processing, and more protected contract management.
Those still relying on wet signatures put themselves, their employees, and their companies at risk of fraudulent activity. Explore the dangers of wet signatures and examine actual data breaches resulting in forgery and how electronic signatures encourage safer documentation.
Risks and Vulnerabilities of Wet Signatures
Handwritten signatures using paper and pen have long been the standard method of signing HR contracts. However, it has its risks. For example, suppose a new hire signs a paper contract at their orientation. The document could end up in a pile of papers before someone files it. This leaves the employee’s information and signature vulnerable to fraud, theft, and tampering.
Waiting for a wet signature on a document is also time consuming. Human resource professionals are busy people. Imagine having to wait for a form to make the rounds and get handed back to the sender. It could even be misplaced if one’s not careful.
In HR management, a wet signature may be necessary for insurance benefits. Other instances could include identity verification to Notary Public, wills, and court orders.
Hacked: 2 Cases of Wet-Signature Breaches
Data breaches are not uncommon at companies. However, advanced digital security and electronic signatures could have prevented some events. Examine two instances when hackers obtained wet signatures due to system vulnerabilities.
Equifax
In 2017, hackers obtained sensitive information from 147 million Americans after breaching credit reporting agency Equifax’s digital infrastructure. The cybercriminals discovered a vulnerability, enabling access to customers’ names, Social Security numbers, and birthdays. They could then use the information to replicate wet signatures and apply for loans and credit cards.
After the Federal Trade Commission completed its investigations, Equifax admitted negligence in updating its systems for enhanced safeguarding. As a result, the entreprise reached a settlement of $425 million in restitution for affected customers.
Anthem
Health insurance business Anthem, Inc. suffered a nightmarish data breach between December 2, 2014, and January 14, 2015. Hackers compromised the sensitive information of 79 million Americans, making it the most significant health care breach in the United States.
Like Equifax, the perpetrators used the data to forge signatures for bank cards and loans. Anthem, Inc. agreed to settle violations by paying $16 million to the U.S. Department of Health and Human Services.
HR Data Security in the Digital Era
Surprisingly, only one-third of companies use electronic signatures—or e-signatures—despite its reputation for enhanced data protection. E-signatures come with advanced security features like watermarks and encryption to prevent unauthorized tampering. Timestamps further ensure documents are trackable and auditable.
Human resources integrate digital signatures into applicant tracking systems, human capital management, and other software applications. It is common to use electronic signatures in new hire paperwork, tax forms, payroll records, I-9s, and disciplinary documentation.
There are also several types of e-signatures HR professionals may deploy, including the following:
- Digital signatures: Uses certificates and private and public keys to sign and authenticate a signature
- Biometric signature: Uses fingerprint, iris, or voice authentication
- Signature capture: Often on a tablet or signature pad
- Identity verification: An email with a link to click proving the account belongs to you
One of the constraints of wet signatures is waiting to get all signatories on a document. However, the state of Vermont found they could reduce contract approval times by 75% with e-signatures. Officials avoided having to print copies and take them around for signatures.
It is essential to note the difference between electronic signatures and storing a wet signature online. For instance, HR often scans, uploads, and stores paper documents in a database or software. On a broader scale, this process has made it easier for cybercriminals to obtain signatures.
Electronic Signatures Are Not Hacker-Proof
Although e-signatures are more efficient than wet signatures, it is still crucial for HR teams and other departments to proceed cautiously. According to a January 2021 study, 26 out of 28 PDF viewers are vulnerable to cyberattacks, except for Safari and Edge.
A hacker can manipulate forms by hiding malicious content behind other content to expose information, replacing parts of a PDF—such as fonts or colors—with malicious coding, or combining the two.
Sometimes, electronic documents may not be compatible with specific systems, leading to technical errors and vulnerabilities. Authenticity and validity also come into play with electronic signatures, which is why the courts and banks still use distinct wet signatures.
Electronic signatures are a much safer and more efficient way to sign official documents. Of course, it is crucial to provide proper cybersecurity training to prevent human error and susceptibilities.
Human resources can protect electronic signatures better by securing them with certificates and a Public Key Infrastructure (PKI). However, one must ensure the PKIs are solid and impenetrable. Hackers can impersonate a signee and steal information with a compromised PKI.
E-Signatures the Key to Safer HR Data Security
For the number of contracts HR teams manage, electronic signatures streamline processes and ensure data remains secure. Wet signatures are no longer safe. Instead, HR must stay abreast of digital trends, and implement the latest technology to prevent cybercrime and data breaches.
Zachary Amos is a Features Editor at Rehack.