Hi community...I am assessing the risk of sending documents as attachments (as opposed to the embedded link solution / option). I appreciate this is way more risky but have some basic questions I need help with before I engage with my DPO!! From my analysis / research...my understanding is that emails sent to a recipient are transmitted via HTTPS utilising TLS 1.3 (or lower, depending on the recipients end point capability) so as to prevent interception by a bad actor en route...but once that email has landed in the recipients email account - that’s where the risk lies as if that email account is hacked, the data contained within the .PDF is unencrypted (so whoever gains unauthorised access to that account, can freely access and ‘see’ the personal data contained within)...is that correct Please?
You are absolutely correct in your understanding. When documents are sent as attachments, they are transmitted over HTTPS with TLS (Transport Layer Security) 1.3 (or lower, depending on the recipient’s configuration) to secure the communication from sender to recipient, minimizing the risk of interception during transmission. However, the risk increases once the email lands in the recipient's inbox.
DocuSign provides several features and options that help ensure security at the recipient’s side, even after the document has been delivered. Here are some effective security options you can implement:
Access Authentication for Recipients
DocuSign offers multiple ways to authenticate recipients before they can access or sign the document:
-
Access Code Authentication: The sender can set a one-time passcode (OTP) or access code, which the recipient must enter before viewing the document. This code can be shared separately (e.g., by phone).
-
SMS Authentication: A verification code is sent to the recipient’s mobile phone via SMS. The recipient must enter this code to access the document.
-
Knowledge-Based Authentication (KBA): For U.S.-based recipients, KBA can be enabled, where the recipient must answer a series of questions based on public and personal information.
-
ID Verification: DocuSign provides options to verify the recipient’s identity using government-issued ID or similar methods. This adds an additional layer of security.
By implementing these options, you can enhance the security of DocuSign envelopes and ensure that the recipient accesses the document in a secure manner.
Thanks John - that is v much appreciated!
Reply
Sign up
Already have an account? Login
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
Customer Login/Registration Developer Login/RegistrationDocusign Community
You can login or register as either a Docusign customer or developer. If you don’t already have a Docusign customer or developer account, you can create one for free when registering.
Customer Login/Registration Developer Login/RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.