By Michael Ade, Information & Cyber Security Lead
As the interest in crypto continues to grow, the need for protecting digital assets has never been greater. It’s important to note that no cyber defence or information system can be regarded as 100% impenetrable. What is deemed safe and secure today won’t have the same vigour tomorrow, due to the lucrative nature of cybercrime and the hacker’s ingenuity to seek new methods of attack. Combating cybercriminals should be standard practice in business. It is vital that every organisation implements strong security procedures, undertakes the necessary security qualifications, imposes internal policies, carries out independent security audits as well as constantly monitoring architecture.
It’s essential that best practices are consistently adhered to, and here at Omnia DeFi this is something we take very seriously. We are in the process of running Orchid, which provides the best crypto powered VPN by utilising the power of blockchain technology to ensure digital secrecy. Coupled with this, we also enforce a reputable anti-virus solution across our systems. Furthermore, we conduct a thorough device registration checking system to ensure that our employees’ software is always up to date with the latest patches. As well as that, we constantly run attack simulations on our infrastructure which allows us to fill any holes in our architecture. Finally, all staff at Omnia have undergone detailed Information Security and GDPR training, with refresher sessions conducted every couple of months.
Implementing Cyber Security certifications help to protect an organisation against many threats and demonstrates that it has taken the necessary steps to defend the business. Omnia DeFi will begin by obtaining Cyber Essentials and Cyber Essentials Plus. This certification is a government backed scheme which is led by the National Cyber Security Centre. It looks to educate organisations on the best Cyber Security practices.
The Assessment is broken into five critical controls:
- Access Control
- Firewalls and Internet Gateways
- Secure Configuration
- Patch Management
- Malware Protection
Once we have gained the above, we will then push forward with our ISO27001 implementation.
We have several policies in place that help our staff adhere to best Information Security practices. These include a Bring-Your-Own-Device security policy, Password Policies, Access Control Policies, Firewall Policies, as well as a plethora of others.
Independent Security Audits
We have hired an independent firm ‘Blockchain Consilium’ to conduct an audit of our Smart Contract, to verify that the code does what it is supposed to do. As well as this, the auditors have manually reviewed the Smart Contract line-by-line, keeping in mind industry best practices and known Smart Contract attacks, looking for any potential issues and vulnerabilities, and areas where improvements are possible. Some of the attacks considered whilst auditing include:
Overflows and Underflows
Short Address Attack
Accidental Token Loss