Employees of Payward, which operates U.S. cryptocurrency exchange Kraken, work under a rigorous security regime, to preempt potential cyber-attacks.
According to the company’s chief security officer, Nick Percoco, ransomware attacks often start with cybercriminals discovering employees’ personal information online. They then use this information to craft personalized phishing emails that contain malicious software.
In order to address this, Percoco has instilled a company culture of vigilance about guarding personal information. “Security has become part of our culture in a way that I don’t even have to say it much anymore,” Percoco said, “I feel it.”
Payward’s security regime
The guiding principle at Payward is that a relaxed security perspective in one’s personal life eventually seeps into the professional. Accordingly, new Paywards employees are drilled about security protocols from day one.
The first two days are spent in security classes, while the next three are taken up with setting up office PCs and passwords. After this, new employees spend a week going over a 70-item checklist of recommended personal security measures. These include setting up hardware token login authentication for personal devices, installing alarms and surveillance cameras at home, and closing social networking accounts.
Following this initial onboarding, employees can neither identify themselves as Kraken employees, nor share their office locations with family members. Employees are also restricted from using public USB charging ports. Additionally, any devices that download unusually large amounts of data, or access suspicious websites are immediately locked down. This happens even if a phone is used in an unusual way, followed by a call seeking an explanation. Children of employees are even forced to sign non-disclosure agreements before attending company events.
Increase in crypto cyber attacks
Despite the potentially paranoid perception of the pervasively persistent precautions, the heightened vigilance appears to be paying off. So far, Payward’s cybersecurity defenses have yet to be breached, Percoco said. This, despite crypto trading platforms being an attractive target for hackers and the company regularly getting hit with hacking and phishing attacks.
Apart from crypto exchanges, many other businesses and infrastructure have become targets for cryptocurrency ransomware attacks. The U.S. Department of Justice just reported recovering $2.3 million in bitcoin from the DarkSide ransomware attack on the Colonial Pipeline. The hacking group had earlier targeted the Colonial Pipeline infrastructure, putting critical services out of operation.