Why Enforcing Security for your ICO is one of the Most Important Tasks

No matter how successful your ICO becomes or how vast your project gets, it means nothing without proper security. Every single bit of your hard work could go to waste without the right security enforcement. Let’s explore how you can ensure your ICO is protected.

As initial coin offerings (ICOs) take over the market, we have seen a huge surge in cryptocurrency cybercrime. About 10% of Ethereum investments in ICOs this year (or $150M in value) were hijacked. (1) With hackers mainly using DDoS attacks as a distraction, we have witnessed various attempts made to take control over ICO websites along with stealing from coin buyers (investors). After gaining control over the website, changes were made to the wallet address for coin buyers and at times, hackers also replaced the content of the users’ page using the original website address for a more effective phishing attack.

ICOs are definitely hot targets for hackers and scammers who work around the clock to steal your money. To counter such threats, there is a need to have strong cyber security measures as well as having the responsibility to guide your investors to protect their investment. Such secure environments can only be attained with strong security features ultimately resulting in a successful ICO. At GIG9, our security team’s motto “Security first” runs our daily routine.

TO COUNTER THE ABOVE-MENTIONED THREATS

· Never use any outdated software. Additionally, you must invest in using only licensed software which must be updated on a regular basis.

· One of the most important aspects is to ensure your team members are clear about their roles and responsibilities regarding the system security. They must also be held accountable.

· Regular penetration testing must be done on your website to detect any errors/vulnerabilities that can be exploited by hackers.

· Never discuss the security plan of your ICO or its tiers of security with anyone; such a disclosure may help hackers penetrate the system.

· All available measures must be taken to safeguard against well-known software vulnerabilities that have well-publicized fixes. A strong defense against common hacking techniques such as proactively monitoring your systems to discover vulnerabilities and timely remedial action are very much necessary.

· To secure your ICO, it is important to choose sound robust web-services to be protected from a DDoS attack.

· The system and website must be evaluated after which you must decommission any unrequired services while periodically reviewing remaining services.

· It is important to update yourself regarding the latest technologies and hacking attempts. Through this, you will learn how hackers exploit vulnerabilities and how to avoid such attacks.

· Client-side refers to you and you alone having full control over your account and its keys. Remember to use it sensibly because it is not just a mere transaction but a financial transaction. It is also important to note that ICOs must offer guidance to investors (through FAQs or checklists available on the website prior to a fund transfer). Additionally, this should include any measures to be taken to protect transactions and information from cyber attackers. A quick example: instructions on what to do when someone has put up a phishing website to try and divert funds from the official ICO website.

· It is safer to register all possible subdomains for your website to ensure all purchases use your official address to handle and execute transactions.

· Strong encryption schemes must be enforced to secure the communication of data over the internet.

Through the methods, you can sit back knowing your ICO is secured. But of course, security maintenance is an ongoing process. The safer your ICO, the greater the chance for success.

(1) [2017]. Almost 10% of all money invested in initial coin offerings using cryptocurrency Ethereum has been stolen [Online]. Available at http://www.businessinsider.com/ethereum-cyber-criminals-icos-threft-2017-2017-8 [Accessed Mar 15, 2018]

About the Author:

Qaiser is a highly experienced Information Technology Adviser with an impressive established history of working in various companies and sectors of the information technology and services industry. Exceedingly skilled in Requirements Analysis, IT Governance, Enterprise Software, Enterprise Architecture, and Databases, Qaiser has indeed helped in laying down the IT foundation for GIG9. Furthermore, he is a very reputable information technology professional in his field who has worked for the Government of Pakistan. He has obtained a Masters focused in Management from UET Taxila as well as certification as a Chief Information Officer from the United States.