Not if, but when
When people think about cyber security, they tend to be concerned with the headline news of hacking and large scale attacks. This of course is the final part of the security story, but at ROCKZ we take a much more holistic approach, starting with our users.
A chain is as strong as its weakest link, and the weakest link of a system is always the users, because they are the least trained, and least aware of threats. So from the beginning we are diligent in educating all of our users about threats, and how to avoid them. This will be a continuous and ongoing process, with useful articles and training sessions on our website, helping everyone to become ever more security conscious.
In addition, the onboarding of customers has to be rigorous, and we have a lot of sophisticated identification processes to ensure that every customer is exactly who they say they are. These include passport information, physical presence, bio-metrics and other features which will then be used on future occasions to authenticate the user. This principle is further enshrined by deploying multi-factor authentication by default; where not only username and password are required but also further proofs of identity, using something owned by the user. To do this a user’s phone is mapped to the backend of the ROCKZ system and used to answer challenges to establish that all is well, and that it is really the user trying to login to the account. In short, every component of the system must ‘prove’ to every other component that it is genuine.
All interactions with the platform are encrypted using HTTPS with an EV TLS/SSL certificate; and to impede man-in-the-middle attacks, where a “black-box” is used to decrypt HTTPS, we use end-to-end encryption — still relatively rare in the banking and financial world. This ensures all client data is secure from our servers to the client’s browser (and vice-versa).
In terms of Operations, our staff will of course be highly trained, very security conscious, and security-cleared to a high level. They must have a total overview of ROCKZ operations and be able to patch in effective responses to possible cyber-attacks at the maximum possible speed and accuracy. At the same time, all ROCKZ employees work on a ‘Need to Know’ basis and have very clear segregation of duties. For example, day-to-day operations staff have no access to clients’ data, so personnel do not know who they are working an order for.
The key to meeting, and defeating, potential attacks is always to ‘buy time’ and apply ‘brakes’ at every point of the system. Even if an attack can penetrate one layer of security, because it is multi-layer, responses are immediately deployed to confront the threat at the next level. This is a continuous process, backed by regular organized attacks conducted by professional hackers in the employ of ROCKZ. An important addition to this is that ROCKZ does not have access to users’ wallets or private keys, so their funds cannot simply disappear, as has happened in crypto exchange hacks.
All this is underscored by the Developers who write the code that protects the entire system, and which is also under continuous review and testing. Any security expert will tell you that in relation to cyber-attack, it’s “Not if, but when.” Cyber-attack is inevitable, but every aspect of the ROCKZ system is designed and executed around the bulletproof concept that underscores ROCKZ.
From every viewpoint our systems and operating methods make ROCKZ massively secure.