Cyber Security Policy
ImmVRse has taken applicable procedures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to the token, personal data, including a breach of the token sale contract address. ImmVRse has invested thousands of pounds in order to protect our investor’s funds. Incidents may occur within two periods of time:
- Before ICO
- During ICO
We have also allocated 10% of the operations funds (to be raised via ICO) to security experts and developers dedicated to protecting user data after the ICO.
ImmVRse has decided to enter into a partnership with a renowned and FinTech Award-winning global cybersecurity company, Entersoft. A leading company in the field of guarding electronic data against criminal and illicit use, Entersoft has worked alongside Cyber intelligence and anti-phishing solutions provider Segasec to provide assistance to a large number of organisations globally to secure their ICO launch tokens. With their help, ImmVRse firmly believes it will be able to run their ICO successfully and securely.
Following steps have been taken in order to avoid breaches:
- Token sale event is administered through fully secured platforms, only one person will have access to the contract address in order to monitor and process funds
- Funds are processed into cold storage and cold hardware wallet
- Multiple copies of private key and encrypted key files are safely stored in a bank safety-deposit box
- DDoS Attack prevention which automatically stops TCP SYN, UDP and ICMP attacks before they reach the original token sale server
- Fully encrypted Security Socket Layer for website signed by Cloudflare
- Dedicated Status Page on token sale page for supervising performance, visit: status.immvr.se
- Professional Grade Distributed Denial of Service (DDoS) Attack Protection via Cloudflare Inc.
- Rate Limiting to protect against denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer
- Deploy collective intelligence to identify new threats and reputation-based threat protection
- Block and challenge visitors, block spam bots
- Block bots and scams using Segasec’s Cyber Security Bot.
However, cybersecurity breach isn’t exceptional in the arena of blockchain and ICOs. A security breach can also happen for the following reasons:
- Loss or theft of data or equipment on which data and token is stored
- Inappropriate access controls allowing unauthorised use
- Unforeseen and unprecedented Distributed Denial of Service (DDoS) attack (typical scenario during ICO fundraising)
- Orthodox hacking attack e.g. brute force login attempts
- Scam websites and scam bots to pursue users to send funds to wrong contracts
Assessment of Risks
Disclaimer: ImmVRse will work alongside Entersoft and Segasec to take actionable measures to protect user data, information and investor funds to protect those against cybercriminals. However, minor security threats at times may not lead to a major investigation. Our clients and investors are warned through ToS that the if any funds are stolen from their personal wallets, it will not be our responsibility. It is client’s responsibility to purchase a cold storage, a hardware wallet and utilise cold storage and to securely accumulate the token. However, an incident that directly affects this website and distresses app functioning will be monitored and eventually lead to a major investigation.
Major Breach Containment and Recovery
- Breach investigator ensures appropriate steps are taken to examine the incident and undertake necessary procedure
- Rapid deployment of new contracts and relocating funds into new contracts
- Isolating or closing a compromised section of the network protocol
- Prompt information distribution on scam address in order to blacklist on public explorer (ethplorer.io and etherscan)
- Immediately announcement rollout to stop bleeding any further investor funds
- If necessary, appropriate steps to refund investors who have already purchased tokens using stolen contract
- Post ICO – development funds will be transferred and securely stored on corporate bank accounts in order to avoid hacks
- Where appropriate, informing the police in case of a cyber hack
Notification To Investors
In case of an incident, ImmVRse team has necessitated notifying investors and users. Our investors and users will be informed straight away about a security breach. The announcement will have a clear purpose, whether this is to enable individuals who may have been affected to take measures to protect themselves or to allow the appropriate regulatory bodies to perform their functions, provide advice and deal with complaints.
This guidance will be reviewed and considered from time to time, in line with new threat assessments provided by Entersoft PTY LTD and Segasec, and also decisions of the Information Commissioner Office and the UK government. ImmVRse is registered under Information Commissioner’s Office, and a registered entity under the trading name of VRtualise Ltd, registration number ZA246772. For more information, please contact us, or for more information, please read our token sale Terms of Sale. More documents will be released prior to the ICO.
ImmVRse may retain the right to freeze IMVs token in user addresses, therefore any address which might be deemed as a scam will be blacklisted and tokens in that address might be frozen and reported to the relevant explorer/authority to flag the address as a scam.