Sertifi’s Security Corner: How to Protect Your Business from The Inside Out

Welcome to Sertifi’s Security Corner! I’m Nick Demetralis, vice president of security and compliance at Sertifi, and I’m excited to share more about my top cybersecurity best practices. 

As always, Sertifi is here to help you and your team bolster your fraud prevention strategy to effectively protect your business and your customers’ data – and in today’s digital age, strong cyber and data security is more critical than ever. Every day, 402.74 million terabytes of new data – equivalent to 402.72 billion encyclopedias – is created by online users, giving fraudsters more opportunities to steal sensitive information and develop new, more sophisticated attack tactics. 

By prioritizing safe data practices and cybersecurity training – helping employees to spot risks, avoid phishing, and handle data securely – companies can build a strong line of defense. 

Here are my top recommendations around security best practices to prevent fraud and safeguard your business. 

Employee Training and Awareness 

Why It’s Important: Employees are often the first line of defense but can also be the weakest link if untrained on the basics of fraud. Fraudsters frequently target staff through phishing scams, social engineering, and other deceptive tactics. By educating employees about these schemes and teaching them how to recognize red flags, companies can prevent inadvertent errors that lead to breaches. Continuous training reinforces good habits and keeps employees updated on evolving threats, fostering a vigilant workforce. 

Strong Password Policies 

Why It’s Important: Weak passwords are among the easiest ways for attackers to gain unauthorized access to your teams’ systems. Enforcing policies that require complex passwords, a character minimum, regular password updates, and the avoidance of reused credentials adds a basic but crucial layer of security, protecting systems from brute force and credential-stuffing attacks. 

Two-Factor Authentication 

Why It’s Important: Passwords alone are often inadequate due to weak practices like reusing credentials or falling victim to phishing. By requiring two-factor authentication, you add a second verification layer by requiring the user to authorize the login using a personal device or biometric scan, making it significantly harder for unauthorized users to gain access, even if passwords are compromised. 

Access Control 

Why It’s Important: Not all employees need access to every system or dataset. Implementing role-based access controls limits exposure to sensitive information, reducing the risk of accidental misuse or intentional exploitation. This "least privilege" approach ensures employees only access what they need to perform their duties. 

Data Encryption 

Why It’s Important: Even if sensitive data is intercepted during a breach, encryption renders it unreadable to unauthorized parties. This protects valuable customer and business information, reducing the potential harm and liability from data theft or leaks. 

Audit Trails 

Why It’s Important: Detailed logs of transactions and system activity are invaluable for detecting, investigating, and resolving fraud. Audit trails provide a clear timeline of events, enabling organizations to identify the source of a breach and prevent recurrence. 

Regular Software Updates and Patching 

Why It’s Important: Outdated software is a common entry point for attackers, as vulnerabilities in older versions are often well-documented. Regular updates and patches ensure that systems are protected against known exploits, closing potential loopholes for fraudsters. 

Third Party/Vendor Vetting and Management 

Why It’s Important: Third-party vendors can introduce vulnerabilities if their security practices are inadequate or don’t align with your organizations’ security frameworks. Conducting thorough vetting and regular audits ensures that these external partners meet your organization’s security standards, protecting your business from risks introduced through the supply chain. 

Regular Risk Assessments 

Why It’s Important: As organizations grow and evolve, unmonitored risk can often arise when a secure aspect is changed due to the influence of new technologies, business operations, employee behavior, and external threats becoming insecure. Risk can show up in processes, systems, frameworks, and more. Regular risk assessments can help you proactively identify and address vulnerabilities, ensuring resources are allocated effectively to mitigate risks. This minimizes potential damage and strengthens overall organizational resilience. 

Incident Response Plan 

Why It’s Important: A well-defined plan ensures that the organization can respond quickly and effectively to fraud incidents, minimizing disruption and damage. Without a clear roadmap, companies risk delayed responses that can amplify financial loss and erode customer trust. 

By implementing these strategies, companies can build a multi-layered defense system that reduces vulnerabilities, detects threats early, and minimizes financial and reputational harm. These proactive measures not only protect the organization but also foster trust with employees, customers, and partners. And rest assured: at Sertifi, we take our role in securing your data seriously, taking every measure to keep you and your customers safe. Click here to learn more about our security profile.