In recent weeks, the crypto currency sector has been getting much media attention concerning security. Several exchanges have announced they are undergoing security investigations into possible hacking, resulting in the loss of many bitcoins. This brings into question what security measures are in place.
Information Security Fundamentals
Within the information security profession, high focus is placed on confidentiality, integrity and availability of information and their systems. Confidentiality is about who or what has access to information stored within the system and when. The information does not need to be personal, it could be configuration logs or source code that may be useful to another party. Integrity is about systems that information passing through, or is stored upon, do not accidentally change or misconstrue the information thereby misinforming the person or system and causing bad decisions. Lastly availability is about ensuring information is available on demand and systems are resilient enough to overcome any problems that may prevent access. So what does this all mean to ourselves as end users of crypto currency? We want to ensure our personal information; passwords and accounting transactions are kept confidential, this is one reason some end users use crypto currency. Secondly, we don’t want our accounts to become corrupt or some badly structured code to alter our balance sheets. Lastly, we don’t want to be denied access to our funds when we most want it.
What is Regulation and Why?
Within the fiscal finance sector there’s regulation governing how financial information must be gathered, processed and stored. Regulation includes frameworks such as Sarbanes Oxley that was implemented partially in response to the Enron Corporation, who filed for bankruptcy in 2001. This regulation is designed to protect Investors and Customers of services operating within financial markets. Using Sarbanes Oxley as an example, when integrated into an organization, it brings transparency enabling people to make a decision on the organizations financial standing and internal business processes. Regulatory reports enable people to decide whether they want to exchange business with an organization. The issue within the crypto currency sector is there’s no specific specialist regulator present, leaving end users heavily reliant upon other laws and regulations local to countries where services are performed. These regulations may not be suitable for someone trading from overseas and could have no process for recall if a problem occurred. We as a sector need to agree on a common set of security standards that will minimize re-occurrences witnessed this year.
The Sectors First Step Towards Regulation
During this last week in response to the Mt.Gox closure, some major exchanges announced they would be publishing independent security reports providing assurance their systems were appropriately secured. This is a welcoming message that shows some exchanges are moving forward to ensure security best practices are implemented and functioning as intended. But for the exchanges which have not announced their intention to go through an independent review it could be crippling to their business as Customers move their accounts elsewhere.
What it Means to Us?
So what does it all mean to end users? We should be diligent in whom we select as our currency exchange and online wallet providers. We should place more focus upon systems our transactions pass through and data is stored upon has suitable security controls in place to safeguard our coins. By taking this time and insisting upon specific standards being abided by, user demand should dictate to the sector what we expect and, therefore, minimize the chances of another major catastrophe.