The distanced, out of office (off campus) operational dictates of the 2020 pandemic have imposed the requirement to evolve and deliver New Age Working Practices (NAWP) to sustain secure, assured operability and communication in support of the business mission
However, in this impasse of criminal opportunity, hackers, organised criminals and even state sponsored actors have sought to leverage the enhanced surface of attack presented by multiples of international companies. In some cases, manifesting in social engineering to persuade the transfer of multi-million £/$ transactions into illicit accounts through the use of manipulated communications; or the uttering/presentation of falsified documents to lure the recipient into believing what they are reading is the truth – all of which create a real-world, everyday security trust vulnerability for users and their companies alike.
By example, one such case of the abuse of trust, and the lack of assured provenance of a document security is that of the leaked document used by an MP as proof that the Conservative Party were planning to sell off the NHS – documents which have now been discredited, and linked to a Russian disinformation campaign of “Secondary Infektion”, uncovered by Facebook in 2020. Here there is a very strong argument in favour of assuring document provenance and trust with solutions such as Galaxkeys Digital Signing system to robustly secure an object in the electronic form. It is also worthy of note that on 21/07/20 the Intelligence and Security Committee of the UK Parliament published their paper on the threat posed by Russia, which outlined the Russians and their circulation of disinformation. It is here, where again we see a very strong case for document and security.
One obvious solution is to deploy an assured and trusted methodology which provides an additional level of assurance that the object in view is a single qualified representation of the truth, is genuine, and thus can be trusted. Clearly, when it comes to a Face-2-Face (F2F) commercial negotiation, with one party signing a document in presence of the other, with the attendance of witnesses is of course considered a trusted, none-refutable transaction.
However, with a communication that is distance based, or one which has evolved as a product of NAWP, in pure pragmatic terms businesses must evolve a trusted operational capability to promote and support ‘Trust’.
Here one very solid solution is that of Digitally Signing a document to support the objects provenance and trustworthiness. However, I am aware from many discussions that there are questions and confusions within organisations when such solutions are considered, and so in this independent paper I seek to address some of the main concerns and observations in a positive way
In conclusion, the case for deployment of Document Digital Signing technologies is strong in both legal, and operational security terms. For companies seeking to secure their NAWP business interests and sensitive information assets, such mechanisms should be a asserted to be a must have security technology to inbuild into their cyber defence capabilities – provisioning robust assurance and provenance for documents they produce, and distribute. It is clear the benefits of document signing are a highly effective underpin of security, trust, and legally acceptability that are asserted to exist within a professional, operational world driven by technology and electronic commercial business transactions.
