Your Handbook for Everyday Security

This series of articles is based on a handbook used as an outline for cybersecurity courses, viewed from a user perspective. The handbook, or these articles, is copyrighted by Vasco F. Gonçalves, working for SDNC sàrl.

Introduction

Staying Safe in a Connected World

Our lives are increasingly lived online. We bank, shop, communicate and store important information digitally. With so much of our personal data out there, it is essential to protect ourselves, even against cyberbullying.

This section gives you the basics of staying secure in today’s technology. Whether you are using a phone, computer or dealing with cryptocurrency, these core principles will help shield you from online threats.

We will look at everyday things like using strong passwords and avoiding email scams. You will also learn about cryptocurrency wallet security and how exchanges work. Other topics include keeping your devices protected with antivirus software and making sure apps and programs are up-to-date.

Everything is broken down into simple, clear steps. Do not worry if technology is not your thing – we will make even complex security concepts easy to grasp. Following these foundational guidelines will prepare you to safely enjoy all the digital world has to offer.

This section provides a solid starting point for anyone using the internet. Read on to build your security knowledge from the ground up. Feel empowered to strengthen your online protections and keep what matters most secure in today’s connected age.

Using a Password Manager: KeePassXC

Why Strong Passwords Matter

Passwords are like the locks on your online accounts. Using strong, different passwords for each account helps protect you from hackers trying to break in.

Creating Strong Passwords

Length Matters: Aim for passwords that are at least 16 characters long. Longer passwords are harder to crack. For instance, you may use password as passphrases as “Les chatons du château jouent joyeusement dans le jardin ensoleillé.” (billions to trillions of years to decode).
Mix it Up: Use a combination of uppercase and lowercase letters, numbers, and special characters.
Avoid Common Phrases: Steer clear of easily guessable passwords like “password123” or “I love you” or “New York” or “123456789” or …

KeePassXC: Your Secure Vault

Open Source Security: KeePassXC is an open-source password manager, meaning its code is transparent and continuously reviewed by the community for security.
Local Database: Your passwords are stored locally on your device, encrypted with a master password, enhancing security.
Cross-Platform Compatibility: KeePassXC is available for various operating systems, ensuring access across multiple devices.
Password Generator: Easily create strong and unique passwords with the built-in password generator feature.

Action Steps:

Download KeePassXC: Visit the official website ( https://keepassxc.org ) and download KeePassXC for your operating system.
Set Up Your Database: Here are some screenshots
( https://keepassxc.org/screenshots ) to set up and create a new database, and set a strong master password that you can remember but is difficult to guess.
Add Your Passwords: Enter your existing passwords or generate new ones using the password generator feature.

Remember, regardless of the password manager you choose, enable two-factor authentication (2FA) wherever possible for added security.

Setting Up 2-Factor Authentication with Microsoft Authenticator, and Google Authenticator vs. Microsoft Authenticator

Understanding Risks and Safety Measures

In the fast-paced world of digital currencies, there’s an alarming trend making headlines – cryptocurrency heists, or robbery. These cybercrimes, often orchestrated by skilled hackers, have governments and investors on edge. Let’s break down:

What’s happening?
What’s at risk?
How to stay safe in this crypto world?

What’s Worrying Governments?
Governments, especially in Western countries, are sweating over the potential for huge crypto heists funding shady activities and the bankruptcy of individuals and companies. Imagine nuclear weapons programs or money laundering schemes, all funded by stolen cryptocurrencies.

That’s not all, some governments are waiting for the heist of the century – behind doors, many mention up to half a trillion dollars. It’s not a tale. Recently, hackers linked to the supposed North Korean government pulled off a jaw-dropping $100 million heist from a California-based company, even more recently HTX with its Heco Chain had a heist of $115 million (see TikTok and Instagram for more information*). That money was quickly laundered, leaving authorities scrambling.

As this article says: “[Many] discovered the hard way that trading cryptocurrencies such as bitcoin happens in an online Wild West where sheriffs are largely absent.” [1].

The Troubling Trends.

Cryptocurrency heists are on the rise, and quite fast. Think of 2022 as the “Year of Crypto Hacking,” with a staggering $3.8 billion swiped from crypto businesses [2]. And here’s a shocker: most attacks, a whopping 82.1%, targeted decentralized finance (DeFi) platforms [2]. Those North Korean hackers? They’ve made off with over $2 billion in various attacks over the past few years [3].

Who’s in the Center of attention?

Picture this: hackers setting their sights on cryptocurrency exchanges and DeFi platforms. These are like treasure troves for cyber bandits. They’re using sneaky tactics like tricking people (that’s called social engineering – see these TikTok and Instagram accounts*) or finding weaknesses in software, especially software wallets, to get into these systems [4].

What Happens Next?

When these heists occur, it’s chaos for individuals and companies. Sometimes, the thieves vanish with the loot because tracing cryptocurrencies is nearly impossible. Other times, law enforcement manages to reclaim some funds [5]. The FBI’s been busy chasing after North Korea’s Lazarus Group, which has snatched hundreds of millions of dollars in crypto [6].

Keeping Safe in the Crypto Jungle

Now, how do you protect yourself from these sneaky thieves? Strong security measures are key. Imagine having a lock with two keys instead of one – that’s two-factor authentication. It’s like having an extra security guard for your digital wallet. Staying informed about the latest tricks hackers use is also crucial.

Big Fish and Small Fish

Whether you’re a big investor (called crypto whales) or a small one, these heists can seriously sting, in average almost $100,000.[7] But there are ways to safeguard your assets. Crypto whales often use what’s known as multi-key wallets, a super-secure way to store their digital money [8] – generally more complicated, as slower speed in transactions, need a certain technical know-how, and it takes longer to recover your funds [8A]. For everyone else, using secure hardware wallets, along with extra authentication steps, can help keep those digital coins safe.

The Ledger Lockdown

Speaking of secure wallets, let’s talk about Ledger wallets. These are like ultra-safe piggy banks for your digital cash. They use a fancy thing called a Master Seed, which generates lots of keys. Although it’s not exactly the usual multi-key system, it’s close enough to make it super secure [9]. My colleague tested some hardware wallets. Most of them were extremely secure, but Ledger came out in first place.

Here’s my recommendation for a hardware wallet. The reason for it is its multi-versatility among our computers and smartphones (works securely on the major platforms, Windows, MacOS, iOS and Linux systems):

https://shop.ledger.com/pages/ledger-nano-x/?r=56eeff14bf75

ONLY DOWNLOAD Ledger Live from verified and official sources. For the smartphones through their respective stores, Apple and Android or from https://www.ledger.com/ledger-live for computers. NOWHERE else !!! It prevents phishing attempts or malware infections.

In Conclusion

Cryptocurrency heists are like modern-day bank robberies, only way sneakier. But understanding the risks and taking steps to protect yourself can make a world of difference in this fast-evolving crypto world.

Disclaimer:

I have an affiliation with Ledger due to their top-notch security features.

References

[1] https://www.reuters.com/investigates/special-report/bitcoin-exchanges-risks/

[2] https://www.chainalysis.com/blog/2022-biggest-year-ever-for-crypto-hacking /

[3] https://www.trmlabs.com/post/inside-north-koreas-crypto-heists

[4] https://blog.cryptostars.is/how-cryptocurrency-exchanges-get-hacked-369633976322

[5] https://edition.cnn.com/2021/12/12/tech/crypto-exchange-hacks-explainer/index.html

[6] https://www.darkreading.com/threat-intelligence/fbi-warns-of-cryptocurrency-heists-by-north-koreas-lazarus-group

[7] https://usa.kaspersky.com/about/press-releases/2023_kaspersky-survey-finds-one-in-three-users-have-experienced-crypto-theft-average-loss-is-97583

[8] https://linen.app/articles/store-crypto-as-whales-do-the-definitive-guide

[8A] https://blockworks.co/news/what-are-multisig-wallets