Is my information secure?

Security is architected into the Seraf platform.  Any information that you provide to Seraf is designed to be as secure as current computer and web technology will allow. Seraf enforces a SSL/TLS encrypted session every time you log on. SSL certificates protect data in transit between users and the websites they are connected to. The lock box before the Seraf URL at the top of your screen is your visual confirmation that a session is secure, and can be clicked on for more information. Read about our Privacy Policy and Terms of Use for additional information.

For those interested in further security details, read below to better understand how seriously Seraf takes security.

Seraf runs on a secure stack. We start with the Pantheon platform described here - https://pantheon.io/security - and we run Drupal 7 on top of that. Drupal 7 is subject to regular security audits and updates. Drupal is used by government agencies and large organizations who depend on its security. Both we and Pantheon monitor security developments, and we implement all security patches, usually the same day they are released. Drupal's architecture implements protections against SQL injection, CSRF attacks, XSS attacks, and similar common problems. We follow best practices for all custom code we write on top of the Drupal 7 platform, including those enumerated here - https://www.drupal.org/docs/7/security/writing-secure-code.

We require HTTPS for all connections to the website, and use an HSTS header so that even the initial visit is encrypted.

Phishing attacks are a problem for everyone. However, our staff members are knowledgeable, and their activities on the website are logged. We keep daily backups, and can roll back the site in the event we are compromised.

Even the most secure websites are vulnerable to attack. Weak credentials of users is a possible issue, so it’s important for users to choose a strong password. We require 8 characters minimum and 2 character types. We also recommend that our clients try to minimize the amount of personal data they load into Seraf. For example, any documents that contain detailed personal information such as social security numbers shouldn’t be uploaded.

In fact, we have a few clients who wish to remain anonymous and have chosen to provide a non-traceable account name and use an email address that is specific to Seraf. This limits a hacker’s ability to track down the individual investor.

Security is a process.  No website is ever 100% secure, and we regularly review our own practices to try to improve where we can.

Please note that the Seraf Help Center is supported by a different platform, and as such, will not have the lock box before the URL.

Have more questions? Submit a request

Comments

Powered by Zendesk