Securing Your Computer's Financial Transaction Activity

Security is never absolute. It is a balancing act of trade-offs. Effort/Cost vs. Potential Benefit.

Security is not one thing - it is the intentional creation of a layered defense-in-depth.

An IT engineer I know reported that his computer was compromised yesterday. He stepped away to have dinner with his family - and when he came back - his cursor was behaving erratically. Then, he noted that his crypto-wallets had been completely drained. He assumes that all of his passwords have been compromised.

A few things someone could/should do to help protect themselves:

1. Make sure your base OS is running the latest version/patch (e.g. Windows Update FAQ)
2. Ensure that you have a Firewall and Anti-Virus software installed and running.  On Windows - you should minimally be running two Anti-Virus products: Windows Defender - and Malwarebytes.
3.  Create two Linux virtual machines - running one of the security-focused Linux distributions (e.g. Kali or Qubes might be my first options to consider). Docker can be very helpful in setting these two VMs up. Both VMs are launched fresh each time. You only launch __ONE__ of those VMs when you need to do a transaction. Never both at the same time.
4.  Use the Chrome browser in one - just for financial/banking/bill paying transactions.
5. Use the Firefox browser in the other one - just for the crypo transactions. 
6. ***NEVER*** visit any other web sites with either of the browsers - in either of those VMs - other than the financial transaction sites you regularlyh use. 
7. Close those browsers and VMs when you are not using them.
8.  Use a USB for cold storage of all crypto-wallets. These should never be left connected to any machine.
9. The VMs should be configured with encrypted disk mounts.
10. Change passwords at least quarterly
11. Enable multi-factor authentication on every account that supports it.
12.  For financial accounts, enable alerts for any transaction activity above a specific threshold (my level is set at $1)

Isolation and launching a fresh/known Linux - can go a long way to protecting your financial assets - and help prevent the leaking of passwords that may be kept unencrypted in memory in the base OS (i.e. Windows).

But even with these precautions - it is important to note that there have been several critical security defects reported, over the past few years, in which the crypto-wallet itself was the key vulnerability in the attack vector.

Excuse me, I'm going to strap on my scuba gear to check on my gold & silver stash, in the safest place i know...