Staying safe online is harder than ever, and the stakes are even higher when there’s money involved. Someone can easily make a fake Twitter account using your profile image and copied bio, and in the time it takes you to report the account, another person might have mistaken it as you and already transferred money to them. It’s an easy mistake to make if you’re not being vigilant, and unfortunately, as soon as you report one account, another can pop up in its place. To keep your cryptocurrency safely in your possession, these suggestions will help you do that:

Know the attack vectors.

You can’t protect yourself if you don’t know what you’re up against. Fake sites have gotten very good at mimicking their targets – so good that if you don’t double check the URL, you might not even know the difference.

Use strong passwords.

This might seem like a no-brainer for digital natives, but it’s worth repeating. Don’t use words like street names, birthdays, or song lyrics. But don’t randomly keyboard smash, either, because a) you’re not as random as a computer generator and b) you want to be able to keep track of your keystrokes, or else risk not being able to sign into your account anymore.

Use cold storage.

All “cold storage” means is offline and unattached or “air gapped,” which is to say, unconnected to your home network in any capacity. You can do this by removing the network card from your computer, or by buying a hardware wallet. If you’re feeling really cautious, you can cover your computer’s camera and microphone, and even remove all electronic devices from that room.

Test everything.

Make small transactions beforehand to make sure everything works. Never manually type in a url – it’s too easy to make a mistake that way, and could cost you a lot of money in errors. Copy/paste and QR codes are your best friends, though make sure your scanning app is reliable! Test your seed phrase on your hardware wallet; test the MD5 checksum before and after you load the SD card on your air gapped computer. Check everything. You can never been too careful.

Store your seed phrases in multiple places.

Your seed phrase is the string of 24 words that you can derive a private key from. You want to make sure your seed phrase stays secure at all times. For some, this means writing the seed phrase down on paper, in which case, it is recommended you make two copies and store them in separate places. SD cards are also an option, though they don’t tend to last more than five years and can be wiped by an EMP bomb. A combination of analog and digital methods is the best option. For the most cautious, they will split the seed phrase in parts and store those parts separately. If you do this, be sure to remember the order they go in, or else lose access to seed phrase altogether.

Plausible deniability.

Most simply, this means be able to keep some of the data hidden. Like in the physical world, you don’t want to advertise how much money is in your bank account, so don’t do it in the digital world, either. Also look into using multiple wallets rather than storing all of your currency in the same place.

Keep your environment safe.

Require two-factor authentication, and educate others on how to stay safe. Help the community at large by reporting fake sites and teaching the less tech-literate about why strong passwords are important. Not only are you keeping yourself protected, but you are also protecting others and paying that forward.