Online security

Online security is not a luxury but an essential aspect of our digital lives. Understanding the basics of protecting our sensitive information and digital assets empowers us to navigate the online landscape with confidence.  

From managing finances to sharing personal information, it's crucial to adopt best practices for online security. By following a few simple guidelines, you can protect yourself from cyber threats and enjoy a safer online experience. 

Let's dive in!

 

Create Strong and Unique Passwords:

One of the fundamental steps in securing your online presence is to create strong and unique passwords. Avoid using obvious choices like "123456" or "password." Instead, create complex passwords by combining uppercase and lowercase letters, numbers, and special characters. Furthermore, refrain from reusing passwords across multiple accounts. Consider using a password manager such as 1password, NordPass or Keeper,  to securely store and generate strong passwords for you.

While passwords should be complex, length is a more important factor than just additional numbers and symbols. An 8 character password with uppercase, lowercase, numerical, and special characters can still be cracked in minutes to hours. Whereas, a 16 character random password with just uppercase, lowercase, and numerical characters can take millions of years to crack. The time it takes to brute-force guess passwords increases *exponentially* with each additional character, but doesn't increase much by increasing the character set.

 

Enable Two-Factor Authentication (2FA):

Two-factor authentication provides an additional layer of security by requiring an extra verification step, typically a unique code sent to your mobile device, in addition to your password. 

Enable 2FA whenever available, especially for critical accounts like email, banking, and social media. This added security measure significantly reduces the risk of unauthorized access to your accounts.

There are multiple types of 2FA; wherever possible, use the best available type of 2FA for your account. 

Authenticator app or hardware security key 2FA,  offer less potential avenues for compromise, outside of stealing the device itself.   A hardware security key is a device, similar to a USB stick, that offers extra security for online accounts. Used with a password, it's part of two-factor authentication (2FA). Like a house key, even if someone knows your password or address, they can't access without this physical key.

Authenticator app (auth-app) based 2FA (Microsoft, Google, Duo, etc.) provide a greater level of security than SMS (text message) or email based 2FA. SMS 2FA is vulnerable to "sim swap" attacks, where the attacker tricks the phone company into porting your number onto their phone (so they can then steal your accounts). 

2FA is "something you have" where the password is "something you know". These offer additional layers of security than simply having the password, because an attacker must now compromise both layers to steal the account.

 

Keep Your Software and Devices Updated:

Regularly updating your devices, operating systems, and software applications is vital for online security. These updates often include important security patches that address vulnerabilities and protect against emerging threats. Enable automatic updates or set reminders to ensure you're always running the latest versions.

 

Be Vigilant against Phishing Attempts:

Phishing attacks continue to be a prevalent threat. Exercise caution when interacting with emails, messages, or pop-ups requesting personal or financial information. Be skeptical of suspicious links or attachments, and avoid providing sensitive data through unsecured channels. Verify the legitimacy of requests by contacting the organization directly through official channels.

Phishing attacks can be sophisticated or simple. Always be vigilant if someone is asking for information such as wallet seed phrases, passwords, or 2FA tokens. If you receive an email, text or other communication asking for information, go directly to the website in question instead of following links provided in the message. For example, if you receive an email about KYC verification from someone claiming to be Coinbase, don't follow the link in the email. Go directly to Coinbase.com to log in and see if the request is legitimate. 

Never give out a seed phrase for a cryptocurrency wallet, no matter why someone claims they need it. Only enter your seed into a piece of wallet software you want to use. Even then, be vigilant and ensure the software is legitimate. Anyone with your seed phrase has *full access* to all of the money in that wallet. 

 

Utilize Secure Wi-Fi Networks:

Public Wi-Fi networks are convenient but often lack adequate security measures. Avoid accessing sensitive information, such as online banking or shopping, when connected to public Wi-Fi. If you must use public networks, consider using a virtual private network (VPN) to encrypt your data and protect your privacy. Most critical websites such as online banking will use Hypertext Transfer Protocol Secure (HTTPS), which offers a layer of encryption between you and the website. It is helpful to ensure websites you use always use HTTPS, especially if you use them to "log in" via a password. 

 

Practice Safe Online Shopping:

Online shopping offers convenience, but it also presents potential risks. Stick to reputable websites and ensure they have secure connections (look for "https://" and a padlock icon in the address bar). Avoid making purchases on public computers or using public Wi-Fi networks. Regularly review your credit card and bank statements for any suspicious activity.

 

Protect Your Personal Information:

Be cautious about sharing personal information online. Avoid posting sensitive details, such as your full address, phone number, or financial information, on public forums or social media platforms. Adjust privacy settings on social media to limit who can access your personal information, and be mindful of what you share with third-party apps or services.

 

Regularly Back Up Your Data:

Data loss can occur due to various reasons, including cyber attacks, hardware failure, or accidental deletion. Regularly backup your important files and documents to an external hard drive, cloud storage, or both. This ensures that even if something unexpected happens, your data remains safe and recoverable.

Backups should follow the "3-2-1" rule: 3 copies of the data in total, 2 different types of media, and 1 offsite backup. So for example: one copy on your PC solid state drive, one copy in "cloud storage", and another on an external hard drive. 

 

Educate Yourself about Online Threats:

Staying informed about the latest online threats and security best practices is essential. Keep yourself updated on common scams, new hacking techniques, and emerging vulnerabilities. Follow reputable online security blogs or subscribe to newsletters from trusted sources to stay informed and better protect yourself.

 

Invest in Reliable Security Software:

Equip your devices with reputable antivirus and anti-malware software. Ensure these programs are up to date and regularly perform scans.

Conclusion

By adopting strong passwords, recognizing phishing attempts, and staying updated on security practices, we strengthen our defenses against ever-evolving cyber threats. 

Whether for individuals or businesses, online security is the key to safeguarding our financial well-being, personal privacy, and online reputation and embracing this responsibility ensures that we can fully enjoy the boundless opportunities of the digital age while minimizing the risks.

 So, let us commit to being informed and proactive, creating a safer digital environment for ourselves and future generations.

This article was written by our CryptoCurrency Essentials (CCE) Committee, with special thanks to committee member Michelle Demarest and Josh McIntyre.

Disclaimer

The information presented in this article is for educational and informational purposes only. It does not constitute financial advice, investment recommendations, or any form of endorsement. 

The views and opinions expressed by individuals in this article are solely those of the speakers and do not necessarily represent those of C4 or any other organizations with which they are affiliated.

The mention or inclusion of any individuals, companies, or specific cryptocurrency projects in this video should not be considered as an endorsement or promotion.

Regulations and legal frameworks around cryptocurrencies may vary in different jurisdictions. It is your responsibility to comply with the applicable laws and regulations of your country or region. 

inheritance planning

Why Have a Plan?

Your digital assets should be treated like any other personal property when estate planning, and it is important that you take steps to include them in your Will. However, the assets will only be available to your heirs if you have developed a plan. That plan should include detailed instructions for them about what you have and how to access it.

Where Do I Start?

Before diving into inheritance planning, make sure you have a solid understanding of cryptocurrencies. Use trusted sources, such as C4, to familiarize yourself with the basics of blockchain technology, private keys, wallets, and the specific cryptocurrencies you hold. This knowledge will empower you to make informed decisions and communicate effectively with your beneficiaries.

Start Simple:

Although it may seem overwhelming, start with a simple pen and paper to create an inventory of your assets. There are templates available online that can be printed off, filled out, and stored in a safety deposit box or in a secure location in your home.

You can also to explore the growing number of cryptocurrency estate planning tools and services available. These tools can assist you in securely storing and transferring your digital assets.

They often offer features such as multi-signature wallets, time-locked transactions, and contingency plans for managing your cryptocurrencies in specific circumstances.

Pamela Morgan’s book “CryptoAsset Inheritance Planning: A Simple Guide for Owners”, has templates to help get you started and offers additional guidance as you develop your plan. (Disclosure: Pamela is a board member at C4.)

Regardless of where or how you start, we urge you to use the knowledge provided in this article to further educate yourself with the plan and options that best suit your needs and situation. Unlike other assets, there is no ‘Bank Manager’ and not having a plan could almost certainly guarantee some or all of your crypto assets may be lost when you’re gone.

In general, a balance of both legal and technical assistance will help ensure your assets can be properly passed down to your loved ones, while still keeping them secure.

Here are some general best practices to get you started with a simple inventory to help with the creation of your cryptocurrency inheritance plan.

Inventory Planning:

Start by creating an inventory of all your cryptocurrency holdings. Include information such as the name of the cryptocurrency, wallet addresses, private keys, and any relevant account information. Keep this inventory updated as you acquire or sell cryptocurrencies. You may also want to include information relating to:

  1. Exchanges — Write down the exchanges you are currently using or have used in the past. Do not list your password or login credentials at this stage.
  2. Wallets — If you use a wallet hosted by an exchange, note which wallet is connected to which exchange in the step above. If you are holding your own keys, then your heirs should be made aware of at least two things: Name(s) of the wallets you use and where your wallet backups are located. Remember, anyone who has access to these backups could steal the funds. Be aware of this when considering anyone that may be assisting you or has access to your plan.
  3. Devices — List the devices that you are using to access your wallet accounts, such as your phone or laptop. This will ensure your heirs know not to throw away, donate, gift, or destroy these devices until the funds have been successfully retrieved/moved. It is good to note that you do not need to provide your passwords for these devices at this stage. A picture may also be beneficial to ensure they know the devices they are looking for (i.e., a generic photo of your hardware wallet model).

Consider Wallet Seed Storage

Your wallet seed is a combination of random words that enable you to access your cryptocurrency on the blockchain in case you lose access to your wallet. It is recommended to store your wallet seed using an element proof device, such as a steel wallet.

 

Example of mnemonic seed

Don’t Overcomplicate:

In order to make sure that your loved ones understand your cryptocurrency holdings and how to access them, provide clear instructions on where to find the inventory, how to access wallets, and any necessary passwords or recovery phrases. It’s crucial to communicate your intentions and wishes regarding the distribution or management of your cryptocurrencies.

At a minimum, it is best to avoid unnecessary costs and it should not take years for your heirs to follow the ‘clues’ to uncover where your more detailed plan is stored or solve a riddle to determine where you have hidden all the diversely distributed portions of your seed.

Don’t overestimate the technical ability of your heirs.

Define Support for your Heirs:

It is recommended at minimum, your heirs know 3 main areas: Exchanges, Wallets, and Devices.

Identifying helpers/individuals your heirs can go to for assistance is a good option to avoid your inheritors going to untrusted sources, such as the Internet, for help. Identifying people who might be able to assist doesn’t mean, however, that you give them your passwords or keys. These helpers will simply be people that your beneficiary(s) can contact to help direct them with the proper asset retrieval.

Consider people you trust to help and simply list them at this stage. 

As you develop your plan, it may be prudent to provide your helpers with trustworthy resources, where they can access content that focuses on helping crypto — C4’s CCE content is always a great place to start.

Take a First Step:

Ultimately, without a plan, your heirs may not be able to access or retrieve your cryptocurrency holdings. This first step should assist you in building a more comprehensive plan, especially if you’re holding a large amount of cryptocurrency. Remember, planning for distribution of your cryptocurrency assets will take time and should be included in a will, testament, or legal trust.

We recommend you also take the time to educate yourself and consult with legal and financial professionals to develop a robust and secure cryptocurrency inheritance plan.

Safeguard your crypto legacy and leave a lasting digital footprint for future generations.

This article was written by our CryptoCurrency Essentials (CCE) Committee, with special thanks to committee member Michelle Demarest.

Disclaimer

The information presented in this article is for educational and informational purposes only. It does not constitute financial advice, investment recommendations, or any form of endorsement. 

The views and opinions expressed by individuals in this article are solely those of the speakers and do not necessarily represent those of C4 or any other organizations with which they are affiliated.

The mention or inclusion of any individuals, companies, or specific cryptocurrency projects in this video should not be considered as an endorsement or promotion.

Regulations and legal frameworks around cryptocurrencies may vary in different jurisdictions. It is your responsibility to comply with the applicable laws and regulations of your country or region. 

The CryptoCurrency Security Standard (CCSS) has been updated to version 9.0. See the updated CCSS here.

Systems certified under 8.1 are still valid.