Online security

Online security is not a luxury but an essential aspect of our digital lives. Understanding the basics of protecting our sensitive information and digital assets empowers us to navigate the online landscape with confidence.  

From managing finances to sharing personal information, it's crucial to adopt best practices for online security. By following a few simple guidelines, you can protect yourself from cyber threats and enjoy a safer online experience. 

Let's dive in!

 

Create Strong and Unique Passwords:

One of the fundamental steps in securing your online presence is to create strong and unique passwords. Avoid using obvious choices like "123456" or "password." Instead, create complex passwords by combining uppercase and lowercase letters, numbers, and special characters. Furthermore, refrain from reusing passwords across multiple accounts. Consider using a password manager such as 1password, NordPass or Keeper,  to securely store and generate strong passwords for you.

While passwords should be complex, length is a more important factor than just additional numbers and symbols. An 8 character password with uppercase, lowercase, numerical, and special characters can still be cracked in minutes to hours. Whereas, a 16 character random password with just uppercase, lowercase, and numerical characters can take millions of years to crack. The time it takes to brute-force guess passwords increases *exponentially* with each additional character, but doesn't increase much by increasing the character set.

 

Enable Two-Factor Authentication (2FA):

Two-factor authentication provides an additional layer of security by requiring an extra verification step, typically a unique code sent to your mobile device, in addition to your password. 

Enable 2FA whenever available, especially for critical accounts like email, banking, and social media. This added security measure significantly reduces the risk of unauthorized access to your accounts.

There are multiple types of 2FA; wherever possible, use the best available type of 2FA for your account. 

Authenticator app or hardware security key 2FA,  offer less potential avenues for compromise, outside of stealing the device itself.   A hardware security key is a device, similar to a USB stick, that offers extra security for online accounts. Used with a password, it's part of two-factor authentication (2FA). Like a house key, even if someone knows your password or address, they can't access without this physical key.

Authenticator app (auth-app) based 2FA (Microsoft, Google, Duo, etc.) provide a greater level of security than SMS (text message) or email based 2FA. SMS 2FA is vulnerable to "sim swap" attacks, where the attacker tricks the phone company into porting your number onto their phone (so they can then steal your accounts). 

2FA is "something you have" where the password is "something you know". These offer additional layers of security than simply having the password, because an attacker must now compromise both layers to steal the account.

 

Keep Your Software and Devices Updated:

Regularly updating your devices, operating systems, and software applications is vital for online security. These updates often include important security patches that address vulnerabilities and protect against emerging threats. Enable automatic updates or set reminders to ensure you're always running the latest versions.

 

Be Vigilant against Phishing Attempts:

Phishing attacks continue to be a prevalent threat. Exercise caution when interacting with emails, messages, or pop-ups requesting personal or financial information. Be skeptical of suspicious links or attachments, and avoid providing sensitive data through unsecured channels. Verify the legitimacy of requests by contacting the organization directly through official channels.

Phishing attacks can be sophisticated or simple. Always be vigilant if someone is asking for information such as wallet seed phrases, passwords, or 2FA tokens. If you receive an email, text or other communication asking for information, go directly to the website in question instead of following links provided in the message. For example, if you receive an email about KYC verification from someone claiming to be Coinbase, don't follow the link in the email. Go directly to Coinbase.com to log in and see if the request is legitimate. 

Never give out a seed phrase for a cryptocurrency wallet, no matter why someone claims they need it. Only enter your seed into a piece of wallet software you want to use. Even then, be vigilant and ensure the software is legitimate. Anyone with your seed phrase has *full access* to all of the money in that wallet. 

 

Utilize Secure Wi-Fi Networks:

Public Wi-Fi networks are convenient but often lack adequate security measures. Avoid accessing sensitive information, such as online banking or shopping, when connected to public Wi-Fi. If you must use public networks, consider using a virtual private network (VPN) to encrypt your data and protect your privacy. Most critical websites such as online banking will use Hypertext Transfer Protocol Secure (HTTPS), which offers a layer of encryption between you and the website. It is helpful to ensure websites you use always use HTTPS, especially if you use them to "log in" via a password. 

 

Practice Safe Online Shopping:

Online shopping offers convenience, but it also presents potential risks. Stick to reputable websites and ensure they have secure connections (look for "https://" and a padlock icon in the address bar). Avoid making purchases on public computers or using public Wi-Fi networks. Regularly review your credit card and bank statements for any suspicious activity.

 

Protect Your Personal Information:

Be cautious about sharing personal information online. Avoid posting sensitive details, such as your full address, phone number, or financial information, on public forums or social media platforms. Adjust privacy settings on social media to limit who can access your personal information, and be mindful of what you share with third-party apps or services.

 

Regularly Back Up Your Data:

Data loss can occur due to various reasons, including cyber attacks, hardware failure, or accidental deletion. Regularly backup your important files and documents to an external hard drive, cloud storage, or both. This ensures that even if something unexpected happens, your data remains safe and recoverable.

Backups should follow the "3-2-1" rule: 3 copies of the data in total, 2 different types of media, and 1 offsite backup. So for example: one copy on your PC solid state drive, one copy in "cloud storage", and another on an external hard drive. 

 

Educate Yourself about Online Threats:

Staying informed about the latest online threats and security best practices is essential. Keep yourself updated on common scams, new hacking techniques, and emerging vulnerabilities. Follow reputable online security blogs or subscribe to newsletters from trusted sources to stay informed and better protect yourself.

 

Invest in Reliable Security Software:

Equip your devices with reputable antivirus and anti-malware software. Ensure these programs are up to date and regularly perform scans.

Conclusion

By adopting strong passwords, recognizing phishing attempts, and staying updated on security practices, we strengthen our defenses against ever-evolving cyber threats. 

Whether for individuals or businesses, online security is the key to safeguarding our financial well-being, personal privacy, and online reputation and embracing this responsibility ensures that we can fully enjoy the boundless opportunities of the digital age while minimizing the risks.

 So, let us commit to being informed and proactive, creating a safer digital environment for ourselves and future generations.

This article was written by our CryptoCurrency Essentials (CCE) Committee, with special thanks to committee member Michelle Demarest and Josh McIntyre.

Disclaimer

The information presented in this article is for educational and informational purposes only. It does not constitute financial advice, investment recommendations, or any form of endorsement. 

The views and opinions expressed by individuals in this article are solely those of the speakers and do not necessarily represent those of C4 or any other organizations with which they are affiliated.

The mention or inclusion of any individuals, companies, or specific cryptocurrency projects in this video should not be considered as an endorsement or promotion.

Regulations and legal frameworks around cryptocurrencies may vary in different jurisdictions. It is your responsibility to comply with the applicable laws and regulations of your country or region. 

The CryptoCurrency Security Standard (CCSS) has been updated to version 9.0. See the updated CCSS here.

Systems certified under 8.1 are still valid.