The Achilles Heel of Crypto-Cyber Security : Your SIM card
Self custody is a risky game and hackers know it!
Cyber Security is a nightmare. Especially in the crypto-space
Not many people take it seriously because it is costly and you don’t see the value until you get hacked, and eventually you will.
That is a fact , hence it is best to set up your security processes with the idea of potentially getting hacked in mind.
Cyber Security is a structured process that tells you (or your machines) what to do whenever a layer of your onion gets compromised.
This is how SIM Hacks can happen
You are using complex passwords to prevent hacks.
In addition you are also using password Managers requiring two-factor authentication with text messages sent to your cell phone.
Naturally you think you are safe, right?
Wrong!
The weakest link to your cyber security is :
Your Cell Phone Network Provider
Hackers call your Cell Phone Provider. Pretend to be you and ask to activate a New SIM card with the same number.
At this point, the only thing you might notice is that your phone is out of service. You might even assume that it is a network issue.
Meanwhile hackers can change your password on your Gmail, Twitter, Facebook, Exchanges without you even noticing.
Once both your cell phone and primary email address is compromised, your nightmare begins.
Bottom line is that Google has virtually no customer service and will reply in 3-5 business days.
Furthermore, Out of the all the crypto exchanges - the ONLY crypto exchange that allows you to regain access over your assets within 24hours, given you present them with your ID, Photos of your transactions, trades, IP addresses used etc is: Bittrex.
The rest of the exchanges provide you with an email address or contact form and you have to wait for someone to reply.
What can you do to protect your Data and increase your cyber security?
#1 Call your Cell Phone Network Provider and ask them to LOCK your SIM
Request that any changes to your cell phone account or any new SIM card activation should ONLY be made:
If you show up In PERSON at a Specific store of your choice ( and not somewhere out of state or from a different country)
Presenting your Valid ID
( there is absolutely no reason why anyone should be able to bypass identification.
This includes employees of the Network provider )
- And you are Answering a secret question or providing a complex password
#2 If you have a Gmail account Make sure you set up the 2FA Authentication.
That way if someone gets hold of your password, they still can't take over your gmail.
Also make sure that no one can login without the 2FA Authentication from any device.
What about cloud based storage?
#3 If you use Google Docs or Any other Cloud based storage - DON'T
It's fine for your cat pictures, but all important documents should be kept on an external hard drive.
#4 If you have any crypto-exchange accounts - create a SECRET email on https://protonmail.com/ and link the exchange to that email.
Protonmail is an end-to-end encrypted email service.
DON'T TELL ANYONE about this email. It should be kept private so it is not subject to attack.
Storage:
Exchange vs Hardware wallet?
#5 Decide if you should keep your cryptocurrencies on an exchange or be your own custodian
Both come with their own set of challenges. Exchanges can be hacked and it happened numerous times before.
However Coinbase for example does a terrific job at securing your digital assets and maintains a commercial criminal insurance, which means your funds are insured.
The drawback is that you are not able to participate in certain airdrops. Also you only have access to a limited number of cryptocurrencies and you do not own the private key.
Not your keys, not your cryptocurrency. This is basically why Coinbase is able to provide insurance over your funds.
Being your own custodian comes with the risk of your seed phrases being stolen, lost, forgotten or becoming irrecoverable.
You should really weight the probability of the exchange being hacked vs the probability of your seed phrases being lost or stolen.
Therefore if you choose to go down the path of safe keeping your own funds, I highly recommend getting your own hardware wallet directly from Trezor or Ledger.
You are a target if you are in crypto.
For this reason design yourself a multi-layered security system, in order to keep your data safe.
Take preventative measures. For example control what apps are being installed on your phone. As much as possible avoid using social media apps and restrict messenger communications to apps with open source code
Besides that, remember to raise awareness so that this doesn't happen to anyone else.
" Companies spend millions of dollars on firewalls, encryption, and secure access devices and it's money wasted because none of these measures address the weakest link in the security chain: THE PEOPLE who use, administer, operate and account for computer systems that contain protected information. "
Kevin Mitnick