What is Cyber Security? | DocuSign
What is cyber security?
Cyber security protects organisations and individuals organisations by reducing cyber-attack risks. Cyber security refers to the protection of company data, networks, technology and devices against cyber-attacks and cyber security threats like leaks, theft, unauthorised use or damage. A successful cyber security system often involves the whole organisation, including people, processes and technology.
Government-backed initiatives like the UK Cyber Essentials scheme help organisations protect themselves against common threats. The UK Government requires all suppliers that bid for contracts that include the handling of sensitive data to be certified against the Cyber Essentials scheme. As operating online is a regular part of life, it's important to take steps to prevent cyber criminals from getting hold of our accounts, data, and devices.
What is the difference between information security and cybersecurity?
There is a crucial difference between cybersecurity and information security. Cybersecurity is just one part of information security. In an organisation, information can be found in many places and information security specifically refers to organisations protecting the confidentiality, integrity and availability of information. Cybersecurity is a particular type of information security that focuses on protecting electronic data.
What are the benefits of cyber security?
Before you can understand the benefits of cyber security, it’s essential to establish what’s at risk if your organisation suffers a cyber attack or similar incident. The damage can include widespread business disruption and loss of time and finances. A cyber security policy can help prevent malicious attacks and speed recovery from an attack. Here are some of the many benefits of cyber security:
A well-planned cyber security policy will help train your staff on cyber security. This training could ensure your team follows best password practices and that individuals know what to look for if a malicious email arrives. Training staff in cyber security best practices can help prevent an attack, and is a crucial part of any cyber security plan. An awareness program can help users identify phishing attempts, avoid downloading malicious attachments, and report suspicious activities.
Reduce financial risk - downtime of systems in any business has an economic impact, so good cyber security can help improve profits and reduce data breach risks.
Cyber security can protect the brand and reputation of your organisation. A data loss or inability to trade from a cyber attack can affect how much customers trust your organisation. A good cyber security policy shows that you take your customer’s data protection seriously.
Get back to business faster - having a solid policy on cyber security and a plan in place if there is an attack helps to reduce downtime. The business can be up and running much faster.
What are the different types of cyber security threats?
However, despite its significance, cyber security faces several challenges. The rising sophistication and dynamic nature of cyber threats necessitate constant adaptation and innovation in security measures. The risk of data breaches transcends industries; it affects businesses, government entities, and individuals. There are several different types of security threats, which include:
Phishing - Cyber-attacks can manifest as phishing attempts, where attackers manipulate individuals into divulging sensitive information. Phishing is often done via email, and it can be tricky to distinguish a real message from a fake one.
Malware is a type of software that is designed to harm a computer, server, or network. It can be used to delete files or steal information. Malware comes in different forms, including Spyware, Trojans and viruses. Ransomware is one type of malware that encrypts a user’s files and demands a ransom be paid to decrypt them.
DDoS attacks are a type of attack where a malicious person tries to disrupt a network by overwhelming it with traffic from multiple sources.
Cyber attacks attempt to exploit vulnerabilities and flaws in a security system. A cyber break can have a negative impact on your business in several ways, but it is possible to plan to both prevent and deal with security risks as they happen.
What authentication mechanisms does DocuSign employ to verify the identity of signers?
Utilising robust cybersecurity measures, DocuSign employs authentication mechanisms to verify the identity of signers. Electronic signatures and encryption technologies, including digital keys, are employed to secure documents and ensure the authenticity of signatures. Identity verification can take many forms, from basic measures sufficient for low-risk transactions to more advanced methods that provide a higher level of trust for more sensitive, valuable, or highly regulated interactions. Basic information typically collected during the process of identity verification may include an email address or an Access code – where signers provide a code received by either a phone call or an SMS text message. DocuSign customers may opt to use a digital signature where more security is needed. This is a specific type of e-signature that complies with strict legal regulations. It provides the highest level of assurance of a signer’s identity and enhances the security of a transaction. Relying on a technology called Public Key Infrastructure (PKI), a digital signature uses algorithms and encryption to both sign and verify the authenticity of a document.
How does DocuSign ensure the confidentiality of documents and data uploads?
DocuSign builds trust in every step of the agreement process and ensures your contracts and documents are safe and meet the highest international security standards. DocuSign has dedicated security professionals embedded in every aspect of our engineering, technology and development teams, while specialist intelligence and investigations experts monitor our systems and data around the clock. Learn more about DocuSign’s enterprise-grade security and compliance controls by downloading this ebook.
All eDocuments created by our customers when using the DocuSign eSignature service are automatically encrypted with an AES 256-bit, or equivalent, encryption key. DocuSign's systematic encryption (and key escrow management) doesn’t allow DocuSign personnel to view or read eDocument content sent through DocuSign eSignature for electronic signature. DocuSign’s permission level and authorisation chain require direct manager approval, application/data source owner approval, and, in cases of sensitive applications and data sources, security management approval to access transactional data surrounding an envelope where required.
In summary, DocuSign protects both data and systems to ensure the confidentiality of documents. Most organisations should take a holistic approach to cyber security, including end-user education, robust authentication mechanisms, and secure document management practices.