If you hold cryptocurrency – or plan on doing so – you should seek the advice of an information security professional about the best ways to secure your assets; an expert can evaluate the particulars of your own environment and situation to help you best defend yourself against risk while accomplishing your financial goals. That said, here are 18 pieces of advice to think about – and ideas to discuss with any expert with whom you consult:
1. If you own, or plan to own, cryptocurrency, educate yourself about cryptocurrency, and the various ways that criminals attempt to steal it. Make sure that you understand enough about cryptocurrency so as not to make a serious blunder that costs you dearly.
2. Use unique, strong passwords to protect your cryptocurrency wallets. For ideas on how to create strong passwords that you can easily remember, please see the article, How to Create Strong Passwords That You Can Easily Remember.
3. Ideally, do not store significant amounts of cryptocurrency on a computer (and certainly not an Internet-connected computer) – and by “computer” I mean not just classic-form-factor laptops, but also tablets, smartphones, and other general-purpose computing devices. Criminals know how to target these devices, and there are multiple strains of cryptocurrency stealing malware that can literally steal your crypto from your device. Either store your digital money on a hardware wallet (discussed below) or a USB drive (with encryption enabled) that you keep disconnected from any computers, and stored in a safe location such as a safe deposit box. Keep a backup in a second safe location. Remember, several online exchanges and wallets have suffered security breaches – so don’t think that outsourcing security to someone else is a panacea.
4. Consider storing your cryptocurrency on a specialized cryptocurrency hardware wallet. Wallets such as those from Trezor or the Ledger Nano S cost a little over $100, and are relatively simple to use. Typically, cryptocurrency hardware wallets require you to set up a password or PIN (similar to the PIN that you use at the ATM machine – but do not pick the same one), and what is known as a “seed,” which is effectively a passphrase that you can use to recover your cryptocurrency if your wallet malfunctions, or, if, somehow, you forget your PIN.
5. When you need to carry cryptocurrency with you in a mobile wallet, only take what you need. Keep the rest stored safely offline. Remember, a cryptocurrency mobile wallet is like carrying cash in your pocket – if you would not walk around with $5,000 in cash in your pocket, don’t walk around with $5,000 of cryptocurrency in the same pocket.
6. Backup all items related to your cryptocurrency (cryptocurrency, PIN, Private Key, and/or seed), and store them encrypted, in safe places – ideally, keep ½ of each in one location and ½ in another, both in safe deposit boxes or waterproof and fireproof safes.
7. Think hard about how and where you store any private keys – which are effectively the secret that lets you authorize payments and transfers of your cryptocurrency to others. Private keys should also be stored in an encrypted form, and should never be on devices that are out of your control, with the possible exception of when cryptocurrency is stored at certain exchanges for trading purposes.
8. Never store the backups of your cryptocurrency and of your PIN, Password, Private Key, and/or Seed in the same place.
9. Use security software on any and all computers from which you will ever perform a cryptocurrency transaction – and, once again, by computers I mean laptops, smartphones, tablets, etc.
10. Use multi-factor authentication for any exchanges that you use for trading cryptocurrency – and, if your exchange does not offer it, consider taking your trading business somewhere else. If you use app based second-factor authentication, make sure to turn off email/SMS based authentication.
11. Ideally, do not use a single exchange for a significant amount of cryptocurrency – spread your trading wealth across exchanges. If one exchange is hit by hackers, you do not want all of your eggs to be in its basket.
12. Use a unique email address for any exchange account that you open. The address should not be used for any purpose other than the exchange.
13. Do not overshare on social media – the world does not need to know what cryptocurrencies you hold, where you trade them, or what wallets you use. (One notable exception to this rule applies to columnists such as myself, who, despite any increased security risks inherent in doing so, should disclose any cryptocurrency holdings in relevant articles so as to avoid any potential conflicts of interest.)
14. Use multi-signature when possible – Some cryptocurrencies include multi-signature features (AKA multiple-signatures-required features) that prevent cryptocurrency from being transferred out of a wallet (i.e., spent) unless approvals have been issued for an outgoing transaction by multiple independent parties. The multi-signature feature can both help implement proper authorization controls and audit trails for organizations, as well as prevent money from being stolen by crooks who have infected a single person’s computer with malware or otherwise breached a single person’s accounts.
15. Plan for your demise – If you die, or are otherwise rendered incapacitated, and have not previously created a method for leaving your cryptocurrency to your heirs or others, your cryptocurrency will likely be lost forever. So, plan ahead.
16. Protect your cellphone number – make sure to password protect your cellphone number. Criminals try to steal people’s cellphones’ numbers – if you are using your phone for multi-factor authentication to a cryptocurrency exchange and a criminal steals your number, you could lose access to your cryptocurrency – and, if your password is not properly protected, a criminal could potentially steal all of your digital money in seconds.
17. Consider using decentralized exchanges, meaning exchanges that do not actually hold your cryptocurrency, but rather, let you trade it directly from your own wallet.
18. Practice good cybersecurity hygiene – there is no substitute for doing so, and failure to do so could lead to criminals stealing your cryptocurrency when you access exchanges or at other times.