Over the last two instalments, we have been exploring how to better secure blockchain assets. In part one, we looked at two simple ways to build resilience by avoiding single points of failure. In part two, we examined how to mitigate risks of digital theft by:
This week, we will introduce three effective ways to keep your assets out of harm's way...
MITIGATE RISKS OF DIGITAL THEFT - PT III
Whilst securing your assets with multi-signature schemes is a must, your company may still become the victim of hackers should they get their hands on a sufficient number of your private keys.
Sophisticated hackers usually employ a combination of techniques to attempt to gain control of your private keys. A typical strategy begins with a phishing attack targeted at all employees in your company. The purpose of the email attack is to inject a keylogger virus within your network. The purpose of the virus being to locate and transmit the private keys found on the computer hard drives used by your key personnel along with the intercepted passwords protecting them.
The most effective way to thwart this kind of attack is to provide hardware wallets to each and every key employee. Hardware wallets are a must because they keep your private keys disconnected from the internet at all times even when connected to a computer or a smartphone (infected or not).
The Ledger and Trezor wallets are two of the most popular choices. Both support over a thousand coins and tokens (at the time of writing). Both are protected by a PIN number which itself is protected by a time-lock mechanism making it exponentially more difficult for a thief to brute force your wallet open. The Ledger Nano’s private key is further isolated and shielded within a Secure Element chip similar to those used in debit, credits and SIM cards.
PROVIDE TWO HARDWARE WALLETS TO EACH KEY INDIVIDUAL IN CHARGE OF CO-MANAGING YOUR COMPANY'S ASSETS. USE THE SECOND WALLET AS A PRE-CONFIGURED BACKUP.
MITIGATE RISKS OF ACCIDENTAL DAMAGE
Hardware wallets can help protect your private keys from hackers but, as with any other critical piece of hardware, your company must mitigate against the risk of losing or accidentally damaging them.
Backing up your private keys on paper does provide some form of remediation, but it doesn’t protect your business from the risks of fire or water destroying your backups. To date, the most efficient way to secure them is to engrave them on stainless steel devices such as those offered by Cryptosteel and Billfoldl.
Both companies manufacture pocket-sized stainless steel devices designed to securely store alphanumeric data.
Each device comes with its own kit of stainless steel letter tiles engraved on each side. Recovery words are assembled manually from the supplied set of characters.
These stainless steel devices are resistant to physical damage including fire, flooding, corrosion, electric shock and impact from accidents.
BACKUP YOUR PRIVATE KEYS ON STAINLESS STEEL DEVICES TO BEST MITIGATE RISKS OF ACCIDENTAL DAMAGE.
Mitigating risks posed by hackers and accidental damages is critical to achieve resilience but not always sufficient… Companies managing blockchain assets must also mitigate against other less sophisticated yet equally dangerous risks such as burglary, deadlocks, insider fraud, and coercion.
Aside from using the right people, processes and tools, your company can further protect its assets by leveraging services provided by trusted independent 3rd parties.
MITIGATE RISKS OF BURGLARY
But beware, as soon as your company becomes publicly known to own and / or manage blockchain assets, it may become the target of burglars who may decide to pay your office a visit after hours. So, storing your hardware wallets and steel backups in your office safe is a good start but will this be capable of fending off an experienced crew with the right skills and tools?
To mitigate this risk, you should consider using safety deposit boxes held in separate bank vaults in different geographic locations.
Never store your hardware wallets and stainless steel devices in the same safe. If you sharded your private keys, never store the shards in the same safe. Store each item in a separate vault. Should any of the vaults become compromised by burglars, your blockchain assets should be safe for long enough to neutralise the threat by moving them to un-compromised wallets.
STORE YOUR HARDWARE WALLETS AND STAINLESS STEEL BACKUPS IN SEPARATE SAFETY DEPOSIT BOXES HELD IN BANK VAULTS SPREAD ACROSS SEVERAL GEOGRAPHIC LOCATIONS.
To be continued...
Next week, we will be introducing three strategies to protect your assets against risks of deadlocks, insider-fraud and coercion.
Can't wait for next week? Subscribe to Knabu's newsletter and we'll send you our free guide: 10 TIPS TO BETTER SECURE BLOCKCHAIN ASSETS. In this guide, you will discover HOW TO BEST MITIGATE RISKS OF:
We just sent you an email. Please click the link in the email to confirm your subscription!