Asset Protection Against Digital Threats

Requirements

1. Any change to a supplier's, contractor's, or counterparty's payment details must be verified by telephone before the payment is made. The verification call must use a number obtained independently — from a previously established contact record, the company's official website, or a prior invoice. The number provided in the email requesting the change must never be used for verification.
2. No significant financial transfer may be initiated based on email instruction alone, regardless of how legitimate the email appears. A secondary confirmation via a separately established communication channel is required for any transfer above a defined individual threshold.
3. Significant cryptocurrency or digital asset holdings must be held in hardware wallets under the member's direct control, not on exchanges. An exchange account is only as secure as the exchange itself — which is not the member's security to manage.
4. Hardware wallet seed phrases must be recorded on physical media — paper or metal — and stored in a physically secure location. They must never be photographed, typed into any device, stored in any cloud service, or transmitted through any digital channel, under any circumstances whatsoever.
5. Hardware wallets must be purchased directly from the manufacturer only. Second-hand or third-party resellers present an unacceptable risk of pre-compromised hardware. Authenticity must be verified through the manufacturer's official verification process before first use.
6. Every cryptocurrency transfer destination address must be verified character by character immediately before confirming the transaction. Clipboard hijacking malware silently replaces a copied address with an attacker-controlled one; the substitution is undetectable without manual verification. No exception applies regardless of the apparent source of the address.
7. Inbound wire transfer and banking credentials must not be communicated via email alone. Sensitive payment details shared with counterparties must be confirmed through a secondary channel before funds are sent.

How Assets Are Actually Lost

The dominant assumption about financial fraud is that it involves technical sophistication — exploited systems, broken cryptography, compromised servers. In practice, the dominant method is simpler: an attacker convinces a person to voluntarily transfer funds to the wrong account. The target does not know the account is wrong. The transfer is authorised. The funds are gone.

This pattern — manipulation rather than intrusion — accounts for the majority of large-scale financial losses reported by businesses and high-net-worth individuals. The technical barriers to account intrusion have risen steadily. The human barriers to social engineering have not. An attacker who can craft a convincing email does not need to compromise a system.

Business Email Compromise

Business email compromise — BEC — is consistently among the most financially damaging fraud categories globally. The mechanism is straightforward: an attacker compromises or convincingly impersonates a supplier's email account, then sends updated banking details ahead of a large upcoming payment. The victim pays, believing they are settling a legitimate invoice. By the time the genuine supplier chases the unpaid invoice and the fraud is identified, the funds have been moved through multiple accounts and are unrecoverable.

The countermeasure is simple, reliable, and absolute: any change to payment details must be verified by telephone using a number obtained independently of the message requesting the change. This single rule, applied consistently without exception, defeats this entire category of attack. The rule must apply even when the request comes from a long-standing counterparty, even when the email appears entirely legitimate, and even when the circumstances feel routine. Especially when the circumstances feel routine.

Digital Asset Custody

Cryptocurrency and other digital assets present security considerations that differ materially from traditional financial accounts. Transactions are irreversible — there is no chargeback, no regulatory recourse, no institution to escalate to. The attack surface is larger: wallet software, exchange accounts, browser extensions, clipboard contents, and the seed phrase itself are all potential targets. And the value stored can be significant while leaving no trace that a normal security audit would identify.

The core principle is custody. Holdings of significance should be under direct control via hardware wallets — physical devices that store private keys offline and sign transactions without exposing the key to the internet. An exchange holds your assets on your behalf; its security posture is not yours to control, and its insolvency or breach is not yours to prevent. For significant holdings, this is not a theoretical risk.

The Seed Phrase

A hardware wallet's seed phrase — typically twelve or twenty-four words — is the complete backup of everything in the wallet. Anyone who holds the seed phrase holds the assets. If it is lost, the assets are unrecoverable. If it is exposed, the assets should be treated as compromised immediately and moved to a new wallet.

The requirement is absolute: the seed phrase exists only on physical media, in a physically secured location, held by no one other than the owner. It is never photographed. It is never typed. It is never shared. It does not exist in any cloud backup, any notes application, any email draft, any messaging thread. The convenience of digital storage does not outweigh the permanence of the loss that follows its compromise.