Metro North Computer Consulting logo — IT support White Plains Westchester
METRO NORTHComputerConsulting
Security

Crypto Security PSA: How to Protect Your Digital Assets

Robert Brake January 1, 2024 4 min read

You should have an email address specifically for crypto, with a unique password. Never run the crypto app on your phone, and never save the password for it on your phone. Coinbase has known vulnerabilities that allow people to transfer out any amount of money without daily limits. Other platforms have similar hidden vulnerabilities.

Protecting Your Social Media Footprint

Delete any identifiable information from your Facebook settings, including cities and work locations. Consider doing the same for LinkedIn. Attackers use social media to quickly build a large data profile on people — your city, employer, birthday, and phone number together are enough to launch a convincing social engineering attack or bypass security questions on financial accounts.

Change your birth year and phone number to private, accessible only to you. The less public information available, the harder it is for someone to impersonate you or answer your security questions.

Use an Authentication App, Not SMS, for Crypto MFA

For crypto accounts, use an authentication app — not text message — for multi-factor authentication. SMS-based MFA is vulnerable to SIM swapping attacks, where an attacker convinces your carrier to transfer your phone number to their device. Once they have your number, they receive your MFA codes.

One important warning: when you change phones, you need to export and import your authenticator app data to the new phone. Your carrier will not do this for you. If you lose access to your authenticator app without a backup, recovering access to your accounts can be extremely difficult.

The Golden Rule for Email

Do not open attachments or click on links in emails you were not expecting. If you are unsure about an email, open a browser window and manually log into the site directly — do not use any link in the email. Phishing emails have become sophisticated enough that even experienced IT professionals can be fooled. The rule of thumb is simple: if you are not expecting it, expect it to be a scam.

If anyone wants a deeper dive on anything discussed here, or if I missed something, just reach out.

— Robert

Need IT Help in Westchester?

No contracts. No monthly fees. Just expert support when you need it.