Clients and individuals rightfully demand accountability from any organisation handling their personal and confidential data.

​

We understand the importance of taking appropriate steps to safeguard information and are committed to protecting information relating to our clients and to our people.

​

We have developed and implemented a comprehensive information security and business resilience framework aligned to industry best practices for Business Continuity Management Systems (BCMS). Information is critical to all of our clients and is therefore a key priority for CV5 Capital. The security of client information is of the utmost importance and we continually make sizeable investments to protect our information, IT systems, applications, infrastructure and processes.

​

Digital networks are a key enabler in the expansion of our business. They dramatically enhance our ability to communicate, share and store information, and engage with colleagues and clients. New technologies bring new capabilities and, with new capabilities, an increased risk of uncontrolled data disclosure, modification or unavailability.

​

We use industry standard 4096-bit RSA for users' private keys and 256-bit AES for per-file and per-folder keys. Authentication is the process of verifying that you decrypted the right data. Many experts consider it a mandatory part of encryption.

​

Authentication is done by calculating cryptographic hash of the data during encryption and decryption, and comparing the results. There are two popular approaches to that: one is to calculate the checksum of the whole file, another is to calculate checksums of small blocks in the file. The downside of the first approach is that you need to have the whole file in order to authenticate it, which may not be the case. Partial file modifications are also problematic in this case and might also require access to the full file. The second approach is vulnerable to several types of attacks. Most likely, the service provider may construct a version of the file that never really existed by combining different small blocks in different ways. Third party data suppliers provide zero-knowledge privacy, meaning that encryption keys are not uploaded or stored on any third-party servers.