Introduction
As promised as a follow up to our recent video interview with Tokenomy CTO, Rick Behl (Episode 42: Relax, your funds are safe with Tokenomy), we have prepared this article to help users keep their private data secure online. First we will cover some of the actions that we take at Tokenomy to keep our users and their funds secure. After that we will give some useful tips and advice on other steps people can take to make their online activities even more secure.
Application Security
At Tokenomy as a crypto investment platform, we have to consider the security of our users and their funds as our highest priority. We are constantly reviewing our security practices and processes while maintaining a very close eye on developments and news about cybersecurity events around the world. Some of the actions Tokenomy takes as part of securing our platform are:
- Employ DDoS protection to prevent malicious attacks on the platform
- Use smart monitoring to ensure the minimum funds are kept in ‘hot’ wallets
- Utilise the additional security of our partners such as Coinbase Custody and Fireblocks for safeguarding users assets
- Maintain strict access controls for all parts of the Tokenomy platform from front to back
- Constantly monitor user activity for signs of any potentially suspicious behaviours
- Conduct regular periodic security audits using external cybersecurity experts
- Run a continuous public bug bounty program for white hat hackers to report potential vulnerabilities
- Provide 24/7 customer support should users wish to report anything suspicious
Personal Security
In addition to the security measures that we take at Tokenomy to protect our users there are however a number of actions which we suggest users should take to further increase their own protection for any online activity. With provided recommendations these are:
1. Strong Passwords
Whenever setting up a new account we advise using the strongest password you can. This will usually mean choosing a random sequence of both uppercase and lowercase letters, numbers, and symbols. Passwords should be at least 12 characters long with longer being even more secure. Creating such a strong password obviously makes it harder to memorise so we do recommend using a password manager to store all your passwords across all your devices. Password managers will both create randomized very strong passwords as well as encrypt and store these so that you do not have to remember them when using their browser extensions or mobile integrations.
Recommendations:
2. Two-Factor Authentication
Users should enable and set up Two-Factor Authentication (or 2FA) on all platforms which provide the feature. This extra protection greatly reduces the ability for hackers to obtain access to an account which is otherwise only protected by a single password. 2FA is usually set up on a mobile device which is used in conjunction with a username/password to access an online platform. Sometimes 2FA will be offered as a more secure alternative to receiving ‘One Time Pins’ (or OTP) through SMS message. In recent years there are increasing reports of SIM swap attacks whereby hackers can ‘take over’ a user’s mobile number. Once they have this then the OTP security method is effectively compromised. Using 2FA removes this attack vector.
Recommendations:
3. Email Protection and Phishing
As so many of our online lives are protected via email accounts these are really the areas which need to be locked down the tightest. This means using super strong passwords (using a password manager) together with 2FA by default. In addition to protecting access to your email account all users should be aware of ‘phishing’ attacks whereby a malicious hacker will attempt to disguise themselves as someone else in order to obtain useful information which can then subsequently be used to obtain access to your account. Everyone should be very suspicious of any email which requests sensitive information no matter how ‘official’ it may look. No platform including Tokenomy will ever request user passwords or other sensitive information by email or social media. If in doubt, ignore the message and contact the original platform directly yourself through their official support channels to check if any correspondence has been sent
4. Hardware Security keys
For the highest level of protection online we do recommend users protect their accounts with hardware security keys when the feature is offered. Hardware keys have to be attached to a computer through USB before a platform can be accessed. This offers the highest security available as a physical device has to be obtained before a platform can be accessed. Hardware keys can be obtained for a relatively affordable price from USD 30 upwards.
Recommendations:
Conclusion
In conclusion, cybersecurity is a constantly evolving field whereby hackers and platforms/users are constantly facing each other. As the level of sophistication grows amongst hackers we will ensure that the Tokenomy crypto investment platforms are safe and secure. In combination with general user awareness and good security hygiene as outlined above we can continue to make our online activity as safe as possible.