Data Security Breach Avoidance

ImmVRse has taken applicable procedures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to the token, personal data, including a breach of the token sale contract address. ImmVRse has invested thousands of pounds in order to protect our investor’s funds. Incidents may occur within two periods of time:

  1. During ICO
  2. Post ICO

We have also allocated 10% of the operation funds to security experts and developers dedicated to protecting user data and up-time guarantee. Following steps have been taken in order to avoid breaches:

  • Token sale event is administered through fully secured platforms, only one person will have access to the contract address in order to monitor and process funds
  • Funds are processed into cold storage and cold hardware wallet
  • Multiple copies of private key and encrypted key files are safely stored in a bank safety-deposit box
  • DDoS Attack prevention which automatically stops TCP SYN, UDP and ICMP attacks before they reach the original token sale server
  • Fully encrypted Security Socket Layer for website
  • Dedicated Status Page on token sale page for supervising performance
  • Professional Grade Distributed Denial of Service (DDoS) Attack Protection
  • Rate Limiting to protect against denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer
  • Deploy collective intelligence to identify new threats and reputation-based threat protection
  • Block and challenge visitors, block spam bots

However, cybersecurity breach isn’t exceptional in the arena of blockchain and ICOs. A security breach can also happen for the following reasons:

  • Loss or theft of data or equipment on which data and token is stored
  • Inappropriate access controls allowing unauthorised use
  • Unforeseen and unprecedented Distributed Denial of Service (DDoS) attack (typical scenario during ICO fundraising)
  • Orthodox hacking attack e.g. brute force login attempts
  • Scam websites and scam bots to pursue users to send funds to wrong contracts

Assessment of Risks

Disclaimer: ImmVRse will take actionable measures to protect user data, information and investor funds to protect those against cyber criminals. However, minor security threats at times may not lead to a major investigation. Our clients and investors are warned through ToS that the if any funds are stolen from their personal wallets, it will not be our responsibility. It is client’s responsibility to purchase a cold storage, a hardware wallet and utilise cold storage and to securely accumulate the token. However, any incident that directly affect this website and distresses app functioning will be monitored and eventually lead to a major investigation.

Major Breach Containment and Recovery

  • Breach investigator ensures appropriate steps are taken to examine the incident and undertake necessary procedure
  • Rapid deployment of new contracts and relocating funds into new contracts
  • Isolating or closing a compromised section of the network protocol
  • Prompt information distribution on scam address in order to blacklist on public explorer (ethplorer.io and etherscan)
  • Immediately announcement rollout to stop bleeding any further investor funds
  • If necessary, appropriate steps to refund investors who have already purchased tokens using stolen contract
  • Post ICO – development funds will be transferred and securely stored on corporate bank accounts in order to avoid hacks
  • Where appropriate, informing the police in case of a cyber hack

Notification To Investors

In case of an incident, ImmVRse team has necessitated notifying investors and users. Our investors and users will be informed straight away about a security breach. The announcement will have a clear purpose, whether this is to enable individuals who may have been affected to take measures to protect themselves or to allow the appropriate regulatory bodies to perform their functions, provide advice and deal with complaints.

Notes

This guidance will be reviewed and considered from time to time, in line with new decisions of the Information Commissioner Office and the UK government. ImmVRse is registered under Information Commissioner’s Office, and a registered entity under the trading name of VRtualise Ltd, registration number ZA246772.  For more information, please contact us, or for more information, please read our token sale Terms of Sale. More documents will be released prior to the ICO.

ImmVRse may retain the right to freeze IMVs token in user addresses, therefore any address which might be deemed as scam will be blacklisted and tokens in that address might be frozen and reported to the relevant explorer/authority to flag the address as a scam.