Home » Security

ZorroSign team members, Cassidy Alexander, Kristen Harder, and Michael Jones were pleased to attend the ninth annual Cybersecurity Summit in Scottsdale on May 12, 2022, hosted by the Arizona Technology Council, Arizona Commerce Authority, and Arizona Cyber Threat Response Alliance (ACTRA).

The educational event provided an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters via panel discussions, keynote speakers—Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona, and John Davis (Major General, US Army, Retired), VP Public Sector at Palo Alto Networks—sponsors and other cybersecurity presentations.

Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona

Key Themes of the Summit

CISO Panelists

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

https://www.zorrosign.com/media-press-room/zorrosign-announces-strategic-partnership-with-provenance-blockchain/

How does this blockchain architecture contribute to cybersecurity?

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to any organization’s security stack, and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Unlike any other digital signature solution, ZorroSign seals all our clients’ documents with the Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

To learn more about how ZorroSign helps companies and IT departments elevate data privacy and security, please contact us or start a Free Trial today!

Since 2013, the security world recognizes the first Thursday of May as World Password Day—promoting better password habits such as changing passwords, moving to more complex passwords, and turning on multi-factor authentication (MFA) to improve digital security.

In advance of this year’s World Password Day, ZorroSign is proud to remind our users that ZorroSign’s platform not only accommodates complex passwords and MFA, but also supports “password-less” logins!

How?

First, ZorroSign leverages the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans. Such biometric login facilitates password-less user authentication at the device-level for subsequent ZorroSign digital signatures and document management.

Further, our multi-chain blockchain platform can validate multiple dimensions of authentication based on the transaction security needs:

  • What you know — your ZorroSign login password or knowledge-based authentication
  • What you have — your PC or mobile device
  • Who you are — biometrics such as finger prints, eye iris on the device securing who can access it

ZorroSign’s dynamic knowledge-based authentication (KBA) feature—provided by LexisNexis—requires the knowledge of private information of the individual to prove that the person providing their identity information is the actual person.

With ZorroSign’s user authentication options, it is almost impossible for an imposter to sign a document on the ZorroSign platform, ensuring:

  • Legal Enforceability — Using digital signatures with real digital information
  • Signature Attribution — Incorporating high-level security provisions and multifactor authentication (including biometrics) to ensure signatory attribution to a specific user

To learn more about our password-less login capabilities and how ZorroSign provides superior privacy and data security with our blockchain platform, contact us today or sign up for a Free 14-Day Trial to see for yourself!

https://www.zorrosign.com/z-vault/

Block it down!  Now, you can count on regulatory compliance and the immutability of your signed documents within your stored data and workflow records on ZorroSign’s blockchain.

Z-Vault enables ZorroSign platform users to store, structure, organize and search documents in folders and subfolders natively, with the peace of mind that comes from superior privacy and security.

Digital Signatures on Blockchain

Since 2000, several technologies have come to market to deliver digital signatures, but when a distributed ledger technology—or DLT, such as blockchain—is used for digital signatures, signers gain the unique advantages of:

  • Privacy — with a private blockchain, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
  • Immutability — all records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
  • Security — all records are individually encrypted and distributed for better protection from phishing and ransomware attacks

ZorroSign was built from the ground up on Hyperledger Fabric to deliver digital signatures with the superior privacy and security of blockchain. And we recently announced a partnership with Provence Blockchain to add their DLT to our architecture as well, effectively becoming a multi-chain blockchain platform.

Z-Vault for Better Contract Lifecycle Management

Contract lifecycle management, or CLM, spans the entire process of generating contracts, the workflows of approving and negotiating changes to contracts, the signing (or executing) of the contracts, storing and archiving the executed contracts, plus tracking and audit trails to retrieve contracts and review their lifecycle of approvals, iterations, and signatures.

If contracts are critical to your business or organization, then a secure, reliable solution for managing the contract life cycle is imperative.

Key functionality to look for when assessing CLM solutions include visibility (a dashboard or overview of where individual contracts are in the life cycle), integration with communications and storage systems, automation (as few contracts start from scratch—most are iterations of previously created agreements), and of course change tracking to readily see how contracts changed during negotiations and what final version was executed by all parties.

ZorroSign’s platform unites and uniquely delivers:

  • Digital signatures via Z-Sign to quickly execute legally binding contracts
  • Patented Z-Forensics token to prevent fraud and tampering
  • Z-Flow workflow automation to quickly build templates and approval chains
  • Z-Fill leveraging ZorroSign’s artificially intelligent, machine-learning engine
  • Z-Verify to know exactly who signed what and when, with full validation of every document’s authenticity and immutability
  • Z-Vault to securely store contract and transaction records immutably on blockchain

ZorroSign’s platform can be accessed via PCs and mobile devices, allowing your legal department, operations and procurement teams, and sales teams to efficiently generate, negotiate, communicate, and sign agreements. And with our Z-Vault, contracts reside on an immutable DMS where they can be saved, searched for, and managed easily from a single, intuitive user interface.

Z-Vault Benefits

  • Superior privacy and security to PKI-based solutions using a centralized database
  • The latest privacy and security technologies, delivering powerful encryption safeguards
  • Secure, yet intuitively navigable and easily accessible (for authorized users) platform
  • Ability to share and review eSign and architectural drawings, adding your own comments
  • Time savings with access to specific folders and documents in seconds, no loss of records

ZorroSign Privacy & Security Compliance

Our combination of security architecture and data privacy functionality ensure your compliance across many international standards for privacy and security, including:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: The Uniform Electronic Commerce Act (UECA)
  • EU: Data Protection Regulation (GDPR) for data privacy and security
  • EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India: The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA: California Consumer Privacy Act (CCPA)
  • USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA: The Digital Millennium Copyright Act (DMCA)
  • USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA: The Health Insurance Portability and Accountability Act (HIPAA)
  • USA: The Uniform Electronic Transactions Act (UETA)

To learn more about Z-Vault and how ZorroSign can help you securely store contracts, data, and documents on blockchain, contact us today or start your 14-day Free Trial subscription!

It is no secret that cybercrime has skyrocketed within the last few years, in fact, cybercrime in the U.S. jumped by 55%. This increased risk drives a greater need for privacy and security, especially within IT companies and departments responsible for digital data and cybersecurity.

ZorroSign can help your IT company or department combat the elevated security risks with our digital transaction platform, built on blockchain architecture, and calibrate your company and customers for success!

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your company’s and customers’ digital transactions, while preventing fraud and ensuring regulatory compliance.

How does this blockchain architecture contribute to ZorroSign being the best platform for IT companies?


Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to your security stack, and brings the cybersecurity capabilities of blockchain to your company’s and customers’ digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token.

This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification); 
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and, 
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Your IT company or department gains peace of mind when you Z-Sign!

Cloud Configuration

On top of providing the security that your company and customers need, ZorroSign’s software-as-a-service (SaaS) model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform.

Our multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

Your IT company or department can scale and deliver data privacy and security aligned to your existing deployment architecture—as public, private, or hybrid as it may be!

To learn more about how ZorroSign helps IT companies and departments elevate your data privacy and security, please contact us or start your 14-day Free Trial today!

In a digital environment, transactions take place between people and organizations who may not know each other, and likely cannot verify each other’s identities using traditional, physical means.

Yet as the world moves more and more to digital transactions—exchanging real-world assets such as automobiles, financial instruments, goods and services, even real estate, to exchanging digital assets such as cryptocurrencies, in-game purchases, metaverse assets, NFTs, and even more in the years ahead—it becomes critical to verify exactly who signed what and when, with full validation of every transactional document’s authenticity and immutability, to prevent forgery, fraud, or tampering.

CNBC reports that “Sales of real estate in the metaverse topped $500 million last year and could double this year, according to investors and analytics firms.” And transactions in the metaverse were expected to cross $6 billion in 2021, according to India’s Business Standard.

To facilitate commerce in digital realms, ZorroSign is pleased to include the Z-Verify feature in our multichain blockchain platform to protect privacy, secure transactions, and prevent fraud.

Digital Signatures for Digital Transactions

To transact business, commerce, government operations, or individual trade in a digital environment requires legally enforceable digital signatures to prove agreement and intent. There are several technologies supporting digital signatures, but how do such solutions provide legal enforceability? 

  • They must ensure WHO is signing the legal documents via user authentication; plus,
  • They must ensure WHAT was signed (agreed upon) via immutable document control with full audit trail of changes for document verification; and
  • They must ensure WHERE, WHEN, and HOW digital signatures were executed in signing ceremonies via metadata captured on digital devices and digital network.

On June 30, 2000, then President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act (E-Sign Act), establishing that electronic signatures have the same legality as traditional signatures on paper, and defined the criteria for legality. The legislation opened the door for digital transactions and digital commerce has boomed in its wake.

Digital Signatures on Blockchain

Since 2000, many technologies have come to market to deliver digital signatures, but when a distributed ledger technology—such as blockchain—is used for digital signatures, transaction parties gain the unique advantages of:

  • Privacy — with a private, permissioned blockchain such as Hyperledger Fabric, only participants to the transaction can see details of the transaction, and those participants share equal access to such details
  • Immutability — all blockchain records and changes are tracked and cannot be changed, providing important chain-of-custody audit capabilities for courts
  • Security — all records are individually encrypted and distributed for better protected from phishing and ransomware attacks

Perhaps most importantly, digital signature platforms that incorporate Identity-as-a-Service (IDaaS) can authenticate users across multiple dimensions, such as what you know (your login password), what you have (your laptop or mobile device), and who you are (biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Digital Signatures with Z-Verify

ZorroSign’s Z-Verify unites multi-factor authentication, the biometric capabilities of your hardware devices, the opportunity for password-less logins, and even knowledge-based authentication (KBA) features—requiring the knowledge of private information of the individual to prove that the person providing identity information is the actual person—to ensure each party to the digital transaction is who they claim to be.

Further, Z-Verify features allow ZorroSign users to maintain and review a chronological, immutable, real-time record of transactions: Ensuring the security and privacy of users’ information and that of the data itself!

Z-Verify Benefits:

  • Immutable attribution of the signatory of any document secured in ZorroSign
  • Globally accepted security certificates that never expire – unlike any competitive solution certificates
  • Secured by private, permission-based blockchain technology built on Hyperledger Fabric
  • Authentication, verification and validation of digital and paper versions of documents using our patented Z-Forensics token
  • Verification applies to internal (registered) and external (not registered) users alike!

To learn more about Z-Verify and how ZorroSign can ensure you know exactly who signs your digital documents, when they signed, how they signed, and what they signed has not changed—contact us today or start your Free 14-Day Trial subscription to test us yourself!

The way that the legal industry conducts business has changed drastically over the last few years, foremost due to the shift during the COVID-19 pandemic to a remote lifestyle. A recent survey by the American Bar Association shows that more than half of all attorneys are now working from home almost exclusively. This switch to remote work has caused the legal industry to look towards technology to move the bulk of their processes and workflows online.

With that industry shift in mind, here are three ways that ZorroSign helps to law firms, legal departments, and attorneys worldwide to thrive in an online environment!

Automation

Lawyers are often swamped with paperwork and the hassle of printing, signing, and scanning documents. While much of this work is important to the successful operation of legal services, future-thinking law firms and legal departments are identifying repetitive, manual processes and incorporating automation to drastically improve their workflows. This allows attorneys to spend more time on client development and for staff to become more productive.

Incorporating technology into your legal service workflows can expedite operations, accelerate growth, and increase the value of the services delivered to clients. When used strategically, technology can also free up your teams from mundane tasks and enable them to apply their expertise to higher-value work. As a result, law firms and legal departments become more efficient, innovative, competitive, and profitable.

ZorroSign’s blockchain platform allows firms to build and automate templates and approval workflows, ensuring compliance with business regulations while streamlining processes from a single dashboard. Our contract lifecycle management (CLM) capabilities support automation and help move attorneys to digital record-keeping, digital communications, and digital chains-of-custody.

Expanding Privacy Regulations

Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. It is also expected that more state legislatures will enact privacy laws similar to the California Consumer Privacy Act (CCPA) which gives consumers more control over the personal information that businesses collect about them. Eventually the United States can expect a law that mirrors the EU’s General Data Protection Regulation (GDPR)—one of the toughest privacy and security laws in the world.

The increased demand for privacy has been driven by individuals’ demands for improved protection of their personally identifying information (PII), healthcare records, autonomy, and digital data privacy. Expanding regulations have pushed organizations to take the necessary steps to support data sharing, while preserving the privacy of those that they are working with and who are within their organization. All in all, organizations that choose to prioritize privacy have an opportunity to win greater loyalty and more business from their customers.

So how can ZorroSign help?

ZorroSign was created with the privacy of users in mind. Built from the ground up on blockchain technology for a zero-trust digital ecosystem, we deliver top notch security that has evolved to meet the legal enforceability needed in a court of law. ZorroSign is already compliant with CCPA and the EU’s GDPR policy—plus many Canadian, Indian, UAE, and United States data protection and privacy standards, ISO 27001 certification, American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit, and International Standard on Assurance Engagements (ISAE) No. 3402 Type II audited.

For the growing list of ZorroSign privacy and security standards, visit our recent blog on global compliance.

Transfer to the Cloud

While storing information on a hosted cloud server is not a new concept, the legal industry has been slow to migrate its data because of the security concerns that this presented. Telecommute work, however, has pushed legal organizations towards cloud solutions to better connect remote workers. The cloud’s cost-effective delivery of near-unlimited storage, paired with technology like blockchains, bridges the gap between the risk of remote connections and the need for elevated data security.

ZorroSign’s multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud, while ensuring your data and privacy and security needs are met:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your law firm or department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

To learn more about how ZorroSign serves the Legal Industry, please contact us or start your 14-day free trial subscription today!

The Move to Digital

Since the invention of microchips and semiconductor transistors in the 1950’s, the world has moved steadily to more and more digital information. Computers for government, then computers for business, then home computers brought vast amounts of data into digital formats, and with the birth of the World Wide Web digital information has exploded in volume.

Today, we rely on digital documents for our business operations, our finances, our government, our healthcare, our legal system, and vast amounts of news and information—both personal and public. Trusting such digital documents is critical to ascertaining truth and accurately conveying facts.

“Documents comprise evidence, and are generally assumed to amount to evidence upon which the parties and the court can rely,” explains Helen Brander for Counsel magazine. “For every point that is made, one hopes there is a document to support that point.”

The Risk of Fraud

Throughout history, there have been various techniques to authenticate documents. In the pre-industrial age, it was common in Europe for someone to sign a document in ink and to then press a wax seal on the document to indicate the authenticity of that document. It was always possible, of course, that someone could tamper with the document and forge signatures, information, or the wax seal itself.

In the modern age, the United States has notary publics who can witness a person signing a document and endeavor to authenticate the signer’s identity by inspecting a driver’s license, passport, or other form of identification for that person. Again, the risk remains that it is possible to forge such identity materials, or alter the actual documents or signatures after signing.

More recently, with the popularity of electronic or digital documents, the digitization of business processes is taking place. In other words, from the creation of documents, to the signing of documents, to the storage and subsequent retrieval of documents, one or more steps may be conducted digitally.

For example, a document may be created on a computer and subsequently printed, signed with wet ink or electronically, then faxed, delivered via courier, or scanned into the computer and finally shared electronically via email or by using other file transfer mechanisms. Despite the technology advances, such documents can still be tampered with and signatures can be forged within this process as well.

“Detecting fraud within documents that have been digitally altered with graphics editors or ‘print-manipulate-scan’ evasion techniques requires more sophistication,” notes Martin Rehak in a Help Net Security article. “Often undetectable to human fraud specialists, building an automated solution requires specialist knowledge of the metadata and digital footprints left by scanning and printing devices.”

As such, modern digital documents require a level of security as evolved and nuanced as the technologies producing, storing, and sharing the digital documents themselves.

The Security of ZorroSign

Facing this historical need, ZorroSign has developed a unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification);
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and,
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

ZorroSign’s patented Z-Forensics token is a tamper and fraud-detection seal for your digital documents, creating an unprecedented, immutable audit trail and complete chain-of-custody validation.

This revolutionary security system allows a validated user to create an electronic document, then allow one or more other users to complete and sign that document in a particular sequence—”the workflow”—all the while capturing the chain of custody and an audit trail of the changes made to the document by the parties in the workflow, such as recording key authentication, security and validation information when an action took place.

Unlike any other digital signature solution, ZorroSign seals all documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments. 

Only the Z-Forensics token:

  • Allows ZorroSign customers to manage permissions as to who gets to see what level of information about the transaction and the contract
  • Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire
  • Can verify, validate and authenticate both digital and printed (paper) version of electronically signed contracts

Our Z-Forensics feature enables ZorroSign users to create a virtual seal for every uploaded document:  initiating a verifiable trail, tracking every step of a document’s journey through users, so that any attempts at tampering, fraud, revision or other alterations are immediately captured.

To learn more about Z-Forensics and how ZorroSign can help you prevent fraud with digital documents, contact us today!

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyber attacks begin with phishing.

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”

Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.

Phishing Attacks

In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”

“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”

This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.

“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”

“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” adds Crowdstrike.

Blockchain Cybersecurity Against Phishing

“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.

Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.

  • In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.

    Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates.  With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
  • In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

    Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs private, permissioned Hyperledger Fabric blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/


Banks, credit unions, investment groups, lenders, and other financial service providers use ZorroSign’s digital platform to lower operating costs while protecting privacy and data security. Only ZorroSign pairs digital signatures with blockchain technology—delivering 21st century security to the age-old ceremony of signing agreements.

FINANCIAL SERVICES INDUSTRY NEEDS

Anyone managing technology for a financial services provider feels the stress of managing data, networks, and endpoint devices in a world where cyber attacks, regulatory compliance, and customer needs are changing quickly. 

To ensure their financial organizations are secure, compliant, and delivering easy to use customer-facing solutions, IT departments need the latest technologies but also proven solutions. ZorroSign is proud to protect financial services data—for customers, for regulators, and for the institutions themselves.

TRANSFORM YOUR FINANCIAL SERVICES WITH SUPERIOR SECURITY

Whether you’re a financial advisor or lender, a bank, credit union, or other services provider, you need fully compliant, automated, blockchain-level security and digital transactions you can trust. ZorroSign delivers:

  • Unbeatable user authentication, validation and privacy, with superior data and document security
  • A secure, paperless digital signature solution that’s easy to use, so you can “sign it and forget it”
  • Workflow automation that saves times and eliminates paper—streamlining approvals, signatures, and workflows
  • Error-free forms filled out and processed faster via artificial intelligence and machine learning

Financial institutions need privacy and security, but also need to know their technology solutions meet regulatory compliance.  ZorroSign’s platform is compliant with the Digital Millennium Copyright Act, UETA, the ESIGN Act, GDPR, plus ISAE 3402 Type II certified, SOC II Type 1 certified, and ISO 27001 certified while supporting HIPAA, ADA, WCAG 2.1, CCPA, New York SHIELD Act, and other standards varying country by country.

For banks, credit unions, and other financial service providers that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity.

As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

ADD IDENTITY-AS-A-SERVICES (IDAAS) TO KNOW-YOUR-CUSTOMERS (KYC)

Beyond digital signatures, ZorroSign delivers identity-as-a-service (IDaaS) to verify financial services users and support know-your-customer (KYC) requirements:

  • ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities
  • ZorroSign is the first to adopt password-less login amongst our digital signature competitors
  • ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.

Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

We invite you to request a copy of our ZorroSign Security Brief to learn how our private blockchain architecture, document storage and protection, and platform security measures can support your financial service clients today!

Identity-as-a-Service (IDaaS) is a relatively new—and somewhat nebulous—concept in today’s market.  Gartner, a global research and advisory firm, has a category defined as “identity management as a service” but most Software-as-a-Service (SaaS) companies providing identity and identity management functionality tend to define IDaaS to their own strengths and capabilities, so it is hard to find a consistent definition.

 

Yet the world of digital data we engage today requires digital identities for access and operations. Using digital identities we can trust is at the heart of modern cybersecurity—and hacking, phishing, or stealing identity credentials is one of the most common attack vectors for cybercriminals seeking to penetrate digital systems. As such, IDaaS has a very well-defined need, if not yet a well-defined category.

 

Atos, a French multinational IT service and consulting company, summarizes the space as such: “Digital identities are essential for continued digital growth. If digital services were insecure or data were inaccurate or irrelevant we couldn’t trust them. At the center of digital transformation, the international mobility and e-business issues are becoming more and more essential for today’s organizations to remain competitive.”

 

What is IDaaS?

At a basic level, all IDaaS platforms are created to enhance online user experiences, secure access to critical enterprise applications, and reduce IT resource-related expenses with efficient identity and access management (IAM) and privileged access management (PAM).

 

“There’s no way around it: sound identity management is essential,” writes Mark Diodati at Gartner. “Without good IAM, you are at real risk for data breaches and denial of service attacks. And IAM is hard to get right.”

 

The overarching goal of IDaaS solutions is to ensure users are who they claim to be—and to give users access to applications, data, systems, or other digital resources as authorized by their organizations.

 

Why Organizations Need IDaaS?

Foremost, IDaaS solutions can improve data security and cybersecurity. Knowing with confidence who your digital users are can elevate privacy and security across all digital systems. With an estimated 81% of hacking-related breaches leveraging either stolen and/or weak passwords, effective IDaaS solutions can eliminate one of the most glaring gaps in cybersecurity.

 

For government agencies and public-sector organizations, IDaaS is quickly becoming a critical need. “Cyber attackers always target government agencies to gain access to confidential government data,” explains Markets and Markets™, the world’s largest revenue impact company, headquartered in Pune, India.

 

Another key advantage of IDaaS is operational cost savings. Provisioning IAM with onsite solutions can be expensive:  IT teams have to manage servers and software—purchasing, installing, upgrading, and managing backup data. Plus, onsite teams must shoulder the burden of monitoring network security and endpoint device management.

 

With IDaaS, however, costs can be minimized to subscription fees and administration. In one-ready example, secure single sign-on to applications can significantly reduce IT help desk costs related to password resets.

 

Besides security and savings, the ROI for IDaaS solutions can include improved user experiences with saved time via faster logins and fewer password resets. “Whether a user is signing in from open WiFi at an airport or from a desk in the office, the process is seamless and secure,” notes Fabrice Berté, director at Weborama.“The improved security can keep companies from facing a hack or breach that might topple their business.”

 

Today, Gartner defines key market drivers for IDaaS as access to SaaS applications, provisioning, managing, vertical communities, ensuring strong authentication, and gaining SaaS efficiency. And trends in IDaaS that Gartner reports include information breach concerns, the broader use of consumer authentication, and reverse-proxy WAMs.

 

“We’ve been talking about this for a very long time,” said Diodati in a CSO Magazine article. “But didn’t have the big data/analytics capabilities and the mobile platform architectures until recently.”

 

How ZorroSign Delivers IDaaS to Verify Users

While it used to be acceptable to grant access via username and password, the industry standard is two-factor authentication and rapidly evolving to MFA with password-less logins. Here are ways ZorroSign delivers IDaaS to verify users:

     *  ZorroSign technology leverages the biometric capabilities of hardware endpoints to verify user identities.

     *  ZorroSign is the first to adopt password-less login amongst our digital signature competitors.

     *  ZorroSign MFA provides maximum security, as before a user can sign a document, our platform can validate multiple dimensions of authentication based on the transaction security needs: What you know (i.e., your ZorroSign login password), what you have (e.g., your laptop or mobile device), who you are (e.g., biometrics such as fingerprints or eye iris on the device securing who can access it), etc.

 

Additionally, ZorroSign users can optionally use our dynamic knowledge-based authentication (KBA) feature provided by LexisNexis. KBA requires the knowledge of private information of the individual to prove that the person providing identity information is the actual person.

 

These technologies secure the endpoints of our private, permissioned blockchain architecture where only approved nodes (endpoints) are allowed to access our Hyperledger Fabric distributed ledger. Hyperledger emerged as an open-source collaborative effort, hosted by the Linux Foundation, to advance cross-industry blockchain technologies and improve trust, transparency and accountability.

 

For governments, companies, and individuals that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (endpoint users) can write to ZorroSign’s blockchain. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Moving forward, ZorroSign will be adding further user verification capabilities, including integrations with U.S. driver licenses via state motor vehicle departments, verification via passports (with approximately 72 countries to start), other government-issued identities (with approximately 100 countries to start), and even tapping U.S. credit union databases for identity verifications.

 

Further, we will be implementing a blockchain-based audit trail for all user activities—including profile updates, signature changes, etc.—and will maintain a separate blockchain to maintain users’ signatures. With these immutable blockchain records, we can uniquely validate users in ways no competitive solution can.

 

Patented 4n6 Token

Finally, ZorroSign’s patented 4n6 (“forensics”) token is a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

 

ZorroSign’s 4n6 token securely reads the information from the secure ZorroSign servers so it can be accessed by the document originator or third parties (with permission from the originator) when requested. Only the 4n6 token:

     *  Allows ZorroSign to manage permissions as to who gets to see what level of information about the transaction and the document

     *  Stores the ZorroSign security encryption certificates, which—unlike other digital security certificates—never expire

     *  Can verify, validate and authenticate both digital and printed (paper) version of electronically signed documents

 

Together, this dynamic and integrated set of technologies allows ZorroSign to provide unmatched privacy and security for our users. Our IDaaS capabilities augment our blockchain architecture to ensure users/signers are who they say they are and deliver trusted connections in a zero-trust environment.

 

Contact us today to learn more.

ZorroSign’s primary focus is the security and privacy of our customers’ data.

 

Our technology platform was built for the highest levels of security and compliance—from our blockchain architecture to our patented 4n6 token, to our multi-factor authentication—all ensuring our platform is compliant with dozens of international privacy and security standards.

 

BLOCKCHAIN ARCHITECTURE

ZorroSign has implemented its own secure instance of Hyperledger Fabric—the world’s most trusted blockchain technology, created by the Linux Foundation—using proprietary technology. This blockchain architecture is permissions-based and requires users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the ledger.

 

As a private blockchain, ZorroSign can ensure privacy is always maintained, as only approved nodes (endpoint users) can write to ZorroSign’s blockchain—as opposed to public blockchains (like Bitcoin and Ethereum) where anyone can be an endpoint and write to the blocks. As a result, ZorroSign’s architecture has even tighter privacy and security than other blockchains. If users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead, the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.

 

Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity-focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.

 

PATENTED 4N6 TOKEN

The ZorroSign patented 4n6 (“forensics”) token is a digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

 

The key benefits of ZorroSign’s blockchain and 4n6 token technology include immutability of chronological records, permissions-based private blockchain security and privacy of the users’ information (i.e., PII or PHI), fraud prevention, and lifetime escrow (as ZorroSign issues its own certificates that never expire).

 

MULTI-FACTOR AUTHENTICATION (MFA)

With the growing number of data breaches affecting user authentication, protecting one’s account credentials has become a top priority. Many solutions are now moving towards a Zero Trust model where the user must prove their identity. While it used to be acceptable to rely on a username and password, the current industry standard is two-factor authentication which is rapidly evolving to MFA with password-less logins.

 

ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors—validating what you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), and who you are (e.g., biometrics such as fingerprints or eye iris on the device, securing who can access it).

 

GLOBAL PRIVACY & SECURITY COMPLIANCE

This unique combination of security architecture and data privacy functionality grants ZorroSign compliance across many international standards for privacy and security, including but not limited to:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: The Uniform Electronic Commerce Act (UECA)
  • EU: Data Protection Regulation (GDPR) for data privacy and security
  • EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India: The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA: California Consumer Privacy Act (CCPA)
  • USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA: The Digital Millennium Copyright Act (DMCA)
  • USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA: The Health Insurance Portability and Accountability Act (HIPAA)
  • USA: The Uniform Electronic Transactions Act (UETA)

 

We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures today!

U.S. law enforcement agencies such as police departments, sheriffs, probation offices, prisons, prosecutors, and district attorneys are relying more and more on digital records.  In serving the public, LE agencies need to ensure data privacy and security no matter if their records are paper or digital.

 

ZorroSign offers a technology platform built on blockchain to support law enforcement, including digital signatures, documents, workflows and archives to enhance the privacy, security, and efficiency of any LE administrative process.

 


“Law enforcement increasingly needs to have access to data residing in remote data centers, and investigators frequently face multiple barriers in this process.  As more data routinely collected by investigators have come to reside in remote locations, these barriers have become a growing challenge for stakeholders.”

 

~Michael J. D. Vermeer, Dulani Woods, Brian A. Jackson
Identifying Law Enforcement Needs for Access to Digital Evidence in
Remote Data Centers
(Rand Corporation white paper)


 

ZorroSign can help LE agencies with:

  • Digital signatures across personnel records, payroll, budgeting, contracts, and finances
  • Digital documents related to court commitments, jurisdictional and warrant transfers, and supporting depositions
  • Expediting the collection of Uniform Crime Reporting (UCR) statistics—providing officers in the field with an easy-to-use tool to scan licenses and automatically populate a digital ledger with all required UCR data
  • An immutable audit trail for all LE, administrative, and legal documents in digital formats

 

Chain of Custody

Perhaps ZorroSign’s greatest value to law enforcement is protecting the chain-of-custody.

 

According to a 2020 white paper issued by the National Center for Biotechnology Information (NCBI), “Maintaining the chain of custody should be considered a professional and ethical responsibility by those in charge of the evidence. It is imperative to create appropriate awareness regarding the importance and correct procedures of maintaining the chain of custody of evidence among the people dealing with such cases… it must remain in mind that it is the most critical procedure which ultimately decides the admissibility of evidence in the court of law.”

 

ZorroSign’s platform can place all aspects of evidence documentation—audit trail, chain of custody, documents and attachments, user authentication information, and digital signatures) on a private permissions-based blockchain to create an immutable and legally-binding record.  This ensures the highest levels of security are observed, all evidence is legally defensible, and gives LE agencies a high level of confidence in every step of the evidence documentation process.

 

Further, ZorroSign’s technology can easily be integrated into a law enforcement organization’s existing document management system—augmenting their ability to protect and secure all sensitive data, while delivering operational efficiencies that can lower costs and raise administrative productivity.

 

The Security of Blockchain Plus the Privacy of Hyperledger Fabric

Blockchains are a distributed ledger technology (DLT) using digital cryptography to secure information records (blocks) distributed across users (nodes) on peer-to-peer (P2P) networks.  They can be run publicly (open to anyone becoming a node, used for cryptocurrencies like Bitcoin) or privately (permissioned to limit who can become a node, used for business applications like Hyperledger Fabric).

 

ZorroSign’s platform is built entirely on a private, permissioned Hyperledger Fabric to protect identities and data—uniquely authenticating users, encrypting communications, and securing digital data immutably through that data’s lifetime.

 

For LE agencies that desire to securely transform paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce errors, and increase productivity. As a private blockchain, ZorroSign can ensure privacy is always maintained as only approved nodes (users) can write to ZorroSign’s blockchain.

 

Uniquely, ZorroSign also uses a patented 4n6 (“forensics”) token—a kind of digital seal that captures the complete audit trail and the document’s DNA. The token is digitally encrypted and contains all the details about the transaction including timestamps, user authentication, document, and attachments. As a result, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.

 

Committed to the Men & Women in Blue

ZorroSign strongly supports the men and women in law enforcement who put their lives on the line every day to defend our communities and protect our freedoms.  ZorroSign has partnered with the National Law Enforcement Officers Memorial Fund (NLEOMF) and committed to 10% of ZorroSign’s sales to law enforcement be donated to the Memorial Fund.

 

 

We believe our digital signatures and document management solutions to be the most private, most secure available and we are eager to prove it for law enforcement.  Contact us today to learn more!

ZorroSign’s digital signature and document management platform not only brings the privacy and security of a private, permissioned blockchain technology, but our software-as-a-service (SaaS) model can be deployed in various configurations to meet your organization’s data security requirements.

 

Public Cloud SaaS

 

Our standard deployment is on Amazon Web Services (AWS) public cloud computing network.  This configuration benefits from AWS data centers and a network architected to protect your information, identities, applications, and devices.Built with the highest standards for privacy and data security, AWS is designed to help ZorroSign deliver secure, high-performing, resilient, and efficient infrastructure for our applications.

 

 

Two big advantages of ZorroSign’s public SaaS configuration are our simple pricing model and the ability for new customers to quickly sign-up, login, and start uploading and sending documents for signatures.  Pairing superior security with user-friendly operations, ZorroSign’s public cloud configuration is our most popular deployment.

 

Private Cloud SaaS

 

In ZorroSign’s private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization.  This fully managed service is ideal for financial services institutions or any organization requiring that your data resides only in servers where you have full control.

 

 

The benefits of private cloud deployments include unlimited API usage, complete control over privacy and security measures, a system configuration much easier to manage and maintain than on-premise deployments, plus the ability to implement custom ZorroSign features and functionality.  Private cloud deployments require that customers have IT and security staff trained to manage cloud networks, but ZorroSign works closely with such customers to ensure successful and secure configurations.

 

Hybrid (Public/Private) Cloud SaaS

 

Sitting between fully-public and fully-private cloud deployments is the option for a hybrid cloud configuration.  Here, storing your data on our private, permissioned blockchain can occur on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations.  We collaborate with your organization to configure the right mix of public self-service, scalability, and elasticity with private control and customization available with dedicated hardware.

 

 

Like a private cloud, hybrid cloud benefits include unlimited API usage and a system configuration much easier to manage and maintain than on-premise deployments.  Hybrid cloud deployments can be a strong option for financial services institutions, and ideal for healthcare organizations, law firms, legal departments, real estate firms, and other industries where data security is highly regulated.

 

On-Premise Configurations

 

Finally, for those customers who require both the ZorroSign platformand their data reside behind their own firewall or demilitarized zone (DMZ)—where a physical or logical sub network contains and exposes your organization’s external-facing services such as ZorroSign digital signatures, workflow management, and identity-as-a-service applications—we support on-premise deployments.

 

 

On-premise deployments require your organization to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes.  On-premise deployments of the ZorroSign blockchain platform can be ideal for government agencies and departments, critical infrastructure organizations, large financial institutions, and other organizations that prefer to fully manage their own IT infrastructure.

 

Whichever configuration your organization requires, ZorroSign has the staff, the architecture, and the deployment experience to ensure your data privacy and security needs are met.  To learn more about ZorroSign’s cloud configurations for various SaaS deployments, and how we deliver greater privacy and security for digital signatures and documents, contact us today!

Is your organization effectively protecting its information?

 

Happy Data Privacy Day! Or perhaps a more appropriate greeting: Is your organization employing information privacy best practices today . . . and everyday?

 

Data Privacy Day focuses on raising awareness among businesses, consumers, and families on the importance of protecting the privacy of their personal information online.

 

At ZorroSign, our corporate mission is to leverage blockchain technology to deliver a lifetime of security and privacy for your digital signatures and documents that is easy-to-use and legally compliant. Data privacy is one of our core values as we strive to provide the most trusted and secure paperless experience.

 

A Short History of Data Privacy in the United States

 

“In recent years, information privacy has emerged as one of the central issues of our times,” notes Daniel J. Solove in a George Washington University Law School publication on information privacy laws. “Today, we have hundreds of laws pertaining to privacy: the common law torts, criminal law, evidentiary privileges, constitutional law, at least twenty federal statutes, and numerous statutes in each of the fifty states.”

 

Solove traces privacy protections from early American census and government records, through post mail and telegraph communications, to personal papers and information. Then “the development of the computer in 1946 revolutionized information collection. Throughout the second half of the twentieth century, the computer revolutionized the way records and data were collected, disseminated, and used,” writes Solove and “the increasing use of computers in the 1960s raised a considerable public concern about privacy.”

 

Congress passed the Privacy Act of 1974 to regulate the “collection and use of records by federal agencies, and affords individuals right to access and correct their personal information,” then passed the Electronic Communications Privacy Act (ECPA) of 1986 which “protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.”

 

The 1990’s saw the rise of the Internet which changed the game for data collection, storage, and dissemination. Initially, the U.S. passed the Children’s Online Privacy Protection Act (COPPA) of 1998—which “prohibits unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet”—then the Gramm-Leach-Bliley Act (GLBA) of 1999 defining personal identifying information privacy for financial institutions which expanded privacy policies across many industries.

 

The September 11, 2001 attacks on the United States initially brought challenges to data privacy as the USA PATRIOT Act of 2001 granted federal agencies greater power to collect personal information and expanded the investigative powers of law enforcement based on the Foreign Intelligence Surveillance Act (FISA).

 

At this time, “the U.S. doesn’t (yet) have a federal-level general consumer data privacy law, let alone a data security law,” notes Varonis, a cybersecurity company.

 

But individual states are taking up the cause for data privacy and—often emulating policies and practices set by the European Union’s General Data Protection Regulation (GDPR)—defining stronger privacy protections. For example, the California Consumer Privacy Act (CCPA) of 2018 (and copycat laws in other states such as Hawaii, Maryland, Massachusetts, New York, and North Dakota) gives “consumers more control over the personal information that businesses collect about them, including: The right to know about the personal information a business collects about them and how it is used and shared; the right to delete personal information collected from them (with some exceptions); the right to opt-out of the sale of their personal information;  and the right to non-discrimination for exercising their CCPA rights.”

 

Information Privacy Today

 

2020 was not a great year for world health or for data privacy. The news was filled with stories of data breaches, and the Great Supply Chain Hack of 2020 may haunt government data systems for years—“This is looking like it’s the worst hacking case in the history of America,” says one U.S. official. “They got into everything.”

 

In this climate of fear and risk, ZorroSign’s CEO and co-founder, Shamsh Hadi, has built a company culture where “trust is everything.” Private businesses, government organizations, educational institutions, legal departments, real estate companies, and many other industries trust ZorroSign technologies to protect their data and secure their information privacy.

 

Our private, permissioned blockchain platform is compliant with dozens of international privacy and security standards, including United States eSign Act, Uniform Electronic Transactions Act (UETA), Health Insurance Portability and Accountability Act (HIPAA), Americans with Disabilities Act (ADA) and Web Content Accessibility Guidelines (WCAG 2.1), the Federal Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian Provincial Uniform Electronic Commerce Act (UECA), the Information Technology Act 2000 (IT Act of India), and GDPR in Europe, and many more.

 

Request a copy of our ZorroSign Security Brief for details on our unique blockchain architecture, document storage and protection, and platform security measures or contact us today to learn how ZorroSign’s digital business platform can protect your data privacy!

“Modern digital technology that supports information sharing,

communication, collaboration, and learning are

central to daily living and to the function of government.”

~Teri Takai, Executive Director at the Center for Digital Government

 

Local governments in the United States such as counties, municipalities, and school districts serve the public with codified processes for business, education, health and safety, law enforcement, property development, transportation, utilities, and more. The sheer volume of legal agreements, licenses, permits, records, and reports are daunting to manage, and digital solutions are becoming more and more necessary to effectively administrate public services.

 

Further, local governments know the value of operating more efficiently both in cost-savings (by reducing administrative costs in paper, printing, reproduction, storage, etc.) and in resource allocation (by being able to serve more constituents with the same resources). Technology solutions that speed clerical work, reduce errors, and lower administrative costs can readily generate a return on investment for the public.

 

As local governments strive to move paper administration to digital environments, privacy and security become top priorities. Beyond simply digitizing forms, processes, and records, these government organizations must:

 

  • Validate end users as constituents engage digital public services
  • Authenticate digital data as it is moved between users and offices
  • Secure digital documents for storage, archiving, and retrieval—ensuring immutability with non-repudiation audit trails and post-execution fraud/tamper protection

 

Digital Benefits for Local Governments

The COVID-19 pandemic has accelerated local governments’ need to move to digital services.

 

“When offices were forced to close, many local governments were unable
to conduct business without physical access to legacy systems,
holding up everything from building permits to license renewals
and access to land records.”
~Doug Harvey, VMware Head of U.S. State & Local Governments & Education

 

As local governments add remote administration capabilities, the promise of digital transformation is tremendous. Large municipalities to the smallest administrative districts can leverage digital signature and document management software to protect the chain of custody (CoC) for documents and securely review, approve, archive, and retrieve:

 

  • Across-agency or inter-department agreements
  • Architecture and engineering drawings/schematics for construction permits
  • Benefits administration programs and processes
  • Certificates of occupancy
  • Court decrees and orders
  • Facilities management forms
  • Housing programs and building permitting management
  • Human resources processes (e.g., employment agreements, expense forms, payroll sign-off sheets, etc.)
  • Licenses for alcohol, auctions, business, construction, farming, plumbing, restaurants, retail, valet services, etc.
  • Logistics and procurement processes
  • Permits for building, carnivals and fairs, exhibit and trade shows, explosives, fireworks, gas, hazardous waste, hospitals, lumber, medical facilities, nursing homes, public assemblies, waste handling, etc.
  • Public health programs administration
  • Purchase agreements for public assets, products, or services

 

ZorroSign blockchain digital signature, a secure, encrypted platform provides a means for local governments to digitize records—eliminating duplication errors, streamlining clerical work, decreasing costs and time spent, and ensuring public record immutability for legal enforceability and transparency.

In today’s digital world, data privacy and security are critical. At ZorroSign, we are proud to put privacy and security at the heart of everything we do—including how we’ve built our digital transaction management (DTM) platform. With our private, permissioned blockchain foundation, our commitment to security and privacy meets important regulations and standards upheld by countries around the world. Here are some quick examples…

 

NORTH AMERICA

 

In the United States, there have been many laws and regulations enacted around data privacy and digital security, including:

 

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) set national standards for electronic health care transactions and codes, unique health identifiers, and security—ZorroSign DTM helps organizations meet HIPAA compliance.
  • The Digital Millennium Copyright Act (DMCA) of 1998 is an anti-piracy statute protecting digital rights management—ZorroSign’s digital signatures support DMCA.
  • In 1999, the Uniform Electronic Transactions Act (UETA) established the legal equivalence of electronic records and signatures, with paper documents and manually-signed (wet) signatures—ZorroSign digital signatures meet UETA compliance.
  • In 2000, the Electronic Signatures in Global and National Commerce Act (E-Sign Act) validated electronic records and signatures for commerce across states and countries—ZorroSign digital signatures fulfill ESIGN compliance.
  • The Sarbanes–Oxley Act of 2002 (SOX) set regulations for the financial practice and corporate governance of U.S. public company boards, management, and public accounting firms—ZorroSign DTM helps organizations fulfill SOX requirements.

 

In Canada, similar laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) defined how organizations can collect, use or disclose personal information; and the Uniform Electronic Commerce Act of 1999 (ULCC) regulated the provision and retention of electronic information, and the communication of electronic documents. Again, ZorroSign digital signatures meet both Canadian standards for privacy and security.

 

EUROPE

 

The European Union has enacted two major regulations for data privacy and security in the General Data Protection Regulation (GDPR) and Electronic Identification and Trust Services Regulation (eIDAS) of 2018. This elaborate set of rules and requirements are also met by ZorroSign’s digital signatures and DTM platform.

 

MIDDLE EAST

 

In the Middle East region there are two major laws that govern electronic signatures in the United Arab Emirates (UAE) and Saudi Arabia. ZorroSign meets the United Arab Emirates’ Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect. ZorroSign also meets the KSA laws in Saudi Arabia as governed by the Electronic Transactions Law, Royal Decree No. (M/8) 8 Rabi’ I- 1428H from 2007.

 

ASIA

 

In 2000, India passed a sweeping Information Technology Act, with further amendments in 2008, providing legal recognition for transactions performed by electronic data interchange, eCommerce, and digital signatures, plus rules for electronic records and certifying authorities. Again, ZorroSign DTM meets the security and privacy requirements of India’s IT Act.

 

UNMATCHED PRIVACY & SECURITY

 

While ZorroSign’s platform ensures compliance with these (and other) regulations around the world, we separate ourselves from our competition by going even further to protect our customers’ data and privacy. ZorroSign’s patent-pending blockchain architecture uniquely ensures:

 

  • Immutability—maintaining a chronological record of transactions in multiple copies on a ledger to avoid doubt or ambiguity.
  • Legal Enforceability—ZorroSign uses patented and legally-binding electronic signature with real digital information versus competitors who simply superimpose a flat image of a signature on a document… legally distinguishing intent to sign a document vs actually signing a document.
  • Signature Attribution—signatures are protected and validated using ZorroSign’s private permissioned blockchain, plus high-level security provisions and multifactor authentication (including biometrics) to ensure signatory attribution.
  • Fraud Prevention—our proprietary 4n6 token detects document fraud, document tampering and signature forgery (as a tamper seal that runs on the blockchain).
  • Lifetime Escrow—while competitors often use third-party digital security certificates that expire every two years, ZorroSign issues its own certificates that never expire for lifetime document escrow.

 

We are proud to be the digital signature solution of choice for organizations around the world committed to privacy and security.

If your office becomes inaccessible for any period of time, are you prepared to ensure business continues as normal? Having a Business Continuity Plan (BCP) in place is a great start when preparing for the worst. When COVID-19 started to spread throughout the globe, many companies were not prepared to shift their workforce to a primarily work from home team.

 

Early on, ZorroSign executives made the decision that all employees across the globe would work from home until further notice. This decision was easy to make, as the organization had a solid BCP in place, so invocation was seamless.

 

Develop a Business Continuity Plan

 

A Business Continuity Plan (BCP) is when a company develops a plan for preventing and recovering from any potential harm to the company; knowingly or unknowingly. These could include fire, flood, natural disaster, cyber attack, criminal mischief, global pandemic, etc. The goal of the BCP is to prevent unnecessary damage to organizations assets or personnel and to ensure company assets are recovered and personnel can quickly get back to work after a disaster or crisis.

 

Wondering if your company is on par with companies around the globe when it comes to disaster preparedness? A recent survey conducted by AvidXchange determined that only 37% of 500 companies surveyed had the appropriate technology in place to abruptly shift employees to telecommute, also known as working from home, in the event of an emergency. This survey was eye-opening and demonstrated a large gap in BCP. Below are a few of those gaps:

  • Only 61.8% of businesses have a BCP in place.
  • 48% of businesses that have a BCP in place can only operate two to three weeks with their current plan.
  • 19% of businesses reported none of their employees have the right company provided technology to work from home.

Based on the survey results above, it’s easy to see that most companies are not prepared for the current global pandemic. Below are some key elements that all companies should include in their BCP.

 

Business Continuity Plan Elements

 

Each company’s BCP will be different and unique to the individual business. However, there are four main elements every BCP should include, this will ensure that all business operations have a prevention and recovery plan. The four elements are:

  1. Identify purpose and scope – Clearly identify and state the purpose and scope of the BCP. Include all business operations and detail any exclusions.
  2. Determine responsibilities – Clearly identify who has permission to invocate BCP, along with what employees have authority before, during and after an incident. These identified employees should be given clear roles on the Business Continuity Response Team (BCRT).
    1. Documentation – identify a document owner that will be tasked with keeping track of BCP approvals and change history for company records. The document owner should be responsible for ensuring BCP procedures are reviewed and tested regularly.
    2. Change management – BCRT leaders should control the message and get employee buy-in for the BCP. The BCP document owner should publish it where it is easily accessible to all stakeholders in both digital and hard formats.
  3. Develop Business Continuity Plan – Information in the plan must be understood by and accessible to everyone in the organization, and details of how and when the BCP will be invoked should be included. In order to create a thorough BCP a few items should be addressed:
    • Define potential risks to the company and conduct a business impact analysis.
    • Identify how potential risks will affect company operations.
    • Identify and implement safeguards to mitigate identified risks. Be sure to identify how to recover critical business operations.
    • Practice and test out safeguards to ensure they accomplish the desired outcome.
    • Continually review and update the BCP so it is always up to date.
  4. Communicate and Train – Clearly determine how, and under which circumstances, the pre-identified BCRT will communicate with employees, stakeholders and emergency contacts. The last step is to thoroughly train the BCRT, as well as employees.

 

Quick List – 5 Actions to Take Today to Prepare for Tomorrow

 

ZorroSign takes business continuity very seriously. Having 100% of the workforce fully functional independent of location is the standard for the company’s BCP. Here are a few things we recommend any company without a robust BCP implement immediately, in order to prepare employees for an emergency that could result in an extended time away from a physical office:

 

  • Company Issued Equipment – Issue all employees company laptop at start of employment. Desktop computers are not useful in emergency situations, as work location may abruptly change, not allowing transition of equipment that is not easily portable.
  • Collaboration Software – Implement use of team collaboration software; this allows employees to effectively and efficiently communicate, before, during and after a disaster. Microsoft Teams is an example of a great tool. During a crisis where employees change their work location abruptly, having a communication collaboration tool is essential.
  • Mobile Device Management (MDM) – A MDM tool is software used by IT departments that allows them to identify what company issued mobile devices are accessing, their location, remotely lock a device, and even wipe a device clean if lost or stolen. MDM capabilities are very important with an increase in remote workers, as this can protect company intellectual property, as well as physical assets. An example of an MDM tool is Microsoft Intune.
  • Virtual Private Network (VPN) – Ensure all employees are using a VPN when accessing office network and resources. A VPN is the easiest way to protect company data and be cyber aware, while protecting data security.
  • Employee Internet Connectivity Audit – Make sure all team members have good internet connectivity. This can be accomplished through a simple employee survey. Work to help employee’s with unreliable internet connectivity to either use a secure mobile hot spot or identify solutions for increasing their stability of a reliable internet connection.
  • Cloud Hosting – Host all critical environments in the Cloud. This will allow full continuation of ongoing projects independent of employee location. Cloud hosting should include disaster recovery options.

 

Communication & Training

 

Having a BCP in place is a great start to having a business being able to function during a disaster. However, without proper communication with all stakeholders and employees, and without proper training, a company’s BCP will not be effective. It is important to communicate the plan with all employees, not just those on the Business Continuity Response Team. Training employees on what to do in the event of an emergency and when to execute the BCP is a key part of a successful plan.

 

A tip for maintaining a usual level of communication and efficiency when working remotely is to have team leads prepare daily task lists that include all project dependent variables and ensure they are assigned to appropriate employees. Conducting quick stand-up meetings at the start and end of each day via a collaboration software tool like Microsoft Teams can also identify employees that need a little extra help to achieve their targets. Restricting all communication to trusted tools like Microsoft O365, Outlook and Microsoft Teams can help protect the company’s intellectual property.

 

Conclusion

 

Having a Business Continuity Plan is kind of like purchasing insurance, you invest in it hoping to never have to use it. The unprecedented impact that the COVID-19 pandemic has had on the business world is reassurance that a BCP should be a part of all business’ operations plan.  Having a strong BCP in place could mean the difference between being in business once the crisis ends and continuing business operations as usual and not experiencing negative business fallout do to a disaster. It’s not too late, if your business doesn’t have a BCP in place start the process of creating one today. If you have a half-baked BCP in place, take the time and build your plan out completely. Meanwhile, the COVID-19 epidemic is impacting every part of business and society, so we encourage you to stay safe, work smart, stay home.

For most organizations, apps, programs and systems, using a username and password is how they authenticate users, identity and access management (IAM). This protocol often leads people to use passwords that are simple. When passwords get complicated users forget them. As a result, people use the same password or copy and paste passwords.  This leads to cybersecurity vulnerabilities. Passwordless environments provide total security without users having to remember complex passwords.

 

Multi-factor authentication (MFA) used to be a premier option only offered by organizations highly focused on cybersecurity. Recently this has changed, and more organizations are utilizing MFA within their login protocols. MFA is increasingly becoming a requirement for small, midsize and large organizations, regardless of the industry.

 

A new methodology incorporating MFA being implemented by IT Leaders is called Passwordless login and authentication, which eliminates potential cybersecurity vulnerabilities. By using this new methodology to login to applications and systems, users can be validated and authenticated in a more secure manner. With software solutions like electronic and digital signature programs, passwordless login allows users not only to sign electronic documents more efficiently and securely while maintaining complete privacy but also have the highest level of confidence that the intended party is the actual party that is executing the document.

 

According to Verizon’s 2019 Data Breach report, 80% of data breaches are the direct result of compromised or reused passwords. What’s even more astonishing is Lastpass reports in its 3rd Annual Global Password Security Report that 59% of seasoned IT professionals agree that strengthening user authentication is necessary in order to identify their identity capabilities.

 

Often when password complexity increases, users are more likely to reuse a password. When passwords are reused security risks increase. Ever wonder just how easy it is for someone with ill intent to crack your password using a computer program? The following table demonstrates the correlation between password strength and the potential time it can take to crack using a specialized computer program.

 

 

What is Passwordless login?

 

Passwordless login incorporating multi-factor authentication is a process in which two or more factors are used to verify a user. A passwordless login is an authentication system that uses alternatives to a password to permit the right users’ access to their account. Popular web-based email systems like Gmail use passwordless logins and users can confirm intent to login via a message on their mobile device, thus controlling access to the account.

 

For those wondering if multi-factor authentication and two-factor authentication are the same thing, they are not. While they are related, two-factor authentication often secures a user’s account using two separate factors like a password and a separate device pin. While two-factor authentication seems like you are using two separate means to authenticate an account, in actuality a single factor is being used, thus making two-factor authentication and multi-factor authentication different. One-Time Password (OTP) functionality is an example of two-factor authentication. Physical security key, Knowledge Based Authentication and biometrics are examples of MFA.

 

A physical security key is another way passwordless login can be achieved. To complete login with a physical USB security key a user would plug in the token device into their computer. The service would then authenticate the user and validate account access. Knowledge Based Authentication authenticates users by asking secret questions that only the intended user would have the correct answers. Biometric login is when a system uses biometric login procedures to authenticate a user and provide appropriate access using a device with biometric capabilities. Examples of biometrics is using Apple’s Face ID or the fingerprint scanner on an Android or Apple mobile device.

 

One MFA method gaining popularity is the use of QR codes. Once the QR code is scanned the mobile device prompts the user for biometric verification. If the device doesn’t have biometric capability the user would receive a pin code via email or text. When authenticated the user would be logged in automatically, achieving a passwordless environment for increased cybersecurity.

 

Why Governments should adopt Passwordless login as the gold standard

 

Governments should go passwordless and MFA should be the minimum standard because it is more secure. While many agencies currently use Common Access Cards (CAC) or Personal Identity Verification (PIV) cards to authenticate users, these login protocols are useless on mobile devices and sometimes even cloud based applications. With more applications utilizing the cloud and an increase in users relying on their mobile devices it’s easy to see why CAC and PIV cards need a refresh. Another issue with legacy passwordless protocols in many government agencies is the use of dated Public Key Infrastructure (PKI). Technology drastically changes on average about every six months, this is problematic when you think that the average agency PKI stack is at least 15 years old.

 

Identity as a Service (IDaaS)

 

Identity as a Service (IDaaS) is an additional security protocol that corporations and governments can adopt to further secure their systems. An example of IDaaS is the use of Knowledge Based Authentication (KBA) in order to validate a user.

 

Identity as a Service (IDaaS) will have a major impact on how governments and companies verify users in the future. Advancements in technology, specifically in the space of Artificial Intelligence (AI) and Machine Learning (ML) show promise in the ability to use ML in areas like identification, facial recognition and to recognize a true signature on a digitally signed document.

 

Launch your organization’s passwordless future

 

The bottom line is that government agencies and the private sector will have to start adopting new technologies to not just keep up with technological advances, but to ensure cybersecurity of their systems and data. It’s important to the public sector and private sector alike to be cyber savvy and have a plan in place to adopt the latest cutting-edge MFA technologies and protocols. For anyone looking for clear benefits of being ahead of the passwordless future, remember that using a passwordless protocol allows an organization to eliminate passwords, which can be a vulnerable access point, while maintaining total control of an organizations access points. Passwordless protocols also increase efficiency by eliminating time spent remembering and recovering lost passwords.

 

Click here to get in touch with us. You can also email us at [email protected]

The increased popularity of, demand for, and mainstream use of electronic signature is the result of the global “go digital” movement, significant enhancements in the technology, and  governments passing laws to go completely digital in the near future. It does not suffice to use an image of your signature as an “intent to sign” or use incomplete electronic signature solutions that do not include an audit trail. Security, privacy, legal acceptability, signatory attribution, and authenticity of electronic signatures, electronic records, and document transactions have become key decision factors for users in legal, financial services, real estate, insurance, banks, healthcare industries and more.

 

In this article we outline the clear competitive advantage that ZorroSign has over its competitors, their products and why we believe we have developed the most advanced electronic signature and digital transaction management platform, that was created to meet the past, current and future needs of both the private and public business sector.

 

ZorroSign Competitive Advantages

 

ZorroSign is an advanced Digital Transaction Management (DTM) platform. There are less than a handful of competitors who may qualify as DTM providers, but studies show that those solutions do not meet basic DTM requirements of many customers. ZorroSign, on the other hand, is considered an Advanced DTM due to its enterprise-grade workflow automation, workflow builder, content automation, bank-grade security, built-in Document Management System, and intelligent forms.

 

  1. ZorroSign uses (patented) true legally-binding electronic signature with real digital information vs our competitors who simply superimpose a flat image of a signature on a document. It’s about capturing intent to sign a document vs actually signing a document.
  2. We use high level security provisions and multi-factor authentication (including biometrics) to ensure signatory attribution. This is increasingly becoming a problem when it comes to legal matters.
  3. Our proprietary technology, the Document 4n6 (forensics) Token, detects document fraud tampering and signature forgery. It is  a tamper seal that runs on the Blockchain.
  4. Our competitors use 3rd party digital security certificates that expire every two years. ZorroSign is authorized to issue its own certificates and they never expire. We call it Lifetime Document Escrow.
  5. ZorroSign is a true Advance DTM platform complete with workflow automation and exception handling.
  6. ZorroSign is built on permissions-based private Blockchain technology. We take advantage of its security, privacy and trust features to manage all our customer’s document signature transactions.
  7. For ZorroSign, privacy and security are at the core of everything with do. We think security and privacy first for every product design, policy, and business practice decision. We use bank-grade security protocols, AES Encryption, biometrics, MFA, and other heuristics for handling our customer’s document signature transactions.

 

For a complete competitive analysis including analysis of a particular ZorroSign competitor, please contact our customer advisors.

 

Disclaimer: All competitive information is based on publicly available information.  When reviewing competitive information including pricing, please consider that products are continuously enhanced and modified by vendors and pricing published on the website is MSRP. ZorroSign does not disclose product roadmap and features that are in development and not yet released to the general public. ZorroSign also does not disclose feature-by-feature comparison for the same reason.

 

Signing agreements, contracts, documents, and forms with electronic signatures is becoming the norm. Using electronic signatures is easy, fast, and convenient. People use different ways to e-sign documents. Some paste images of their signatures captured off of a laptop camera onto documents and some use computer generated signatures. Yet others use more sophisticated tools which allow them to sign documents with pen or finger onto a touch-sensitive screen. The act of signing a document is one aspect of it, security and privacy is another. In this article we share tips on how to protect your identity and think security first when eSigning agreements.

 

As we use electronic signatures to sign more high value, critical and sensitive documents we must make sure that our signatures, documents, information, and the entire transaction is secure and protected against fraud, tampering, and miss-use.  Examples of high value transactions are buying a home or business, signing sales contracts, promissory notes, loan documents, credit card applications, your child’s medical information release forms, and more. Over the years, ZorroSign has helped thousands of customers sign contracts and agreements securely, in this article we share best practices that we have learned.

 

Tips for protecting your identity

  1. Avoid signing documents by pasting an image of your signature on documents. Use highly secure online eSigning solutions instead.
  2. Shy away from eSign products that distribute documents via email attachments.
  3. Never use the same password for more than one online profile.
  4. Make the length of your passwords across different online profiles different.
  5. Avoid using obvious strings and numbers as your passwords that people can easily guess by knowing little about you.
  6. Take advantage of free online random password generators.
  7. If you use a password manager program, make sure to take full advantage of all of its features. For example use its random password generator and also review reports showing where you are repeating passwords and strengths of your passwords.
  8. Even if you are using a random password generator, make sure to change your password at least 4 times a year.
  9. If your online profile offers options to use Biometrics, like ZorroSign does, take full advantage of it.