All your sensitive accounts should have 2FA enabled. I’ve written a guide on how to setup 2FA all your P2P platforms.
2FA stands for Two-Factor Authentication, which means someone needs to know your password but also have something that only you have, like your phone. That’s why it’s more secure.
Use a password manager:
A password manager allows you to have a unique long and strong password which is hard to guess by an attacker while not forcing you to remember it, and avoids password reuse between sites. Also avoids you having to enter it which could be captured. Additionally, it prevents you from entering the password on a very similar but fake website which is trying to impersonate the real one in order to capture your email/password.
Don’t click links on emails/etc
If you get an email saying your password/email or other details were changed and “click here to change them back” be careful! That could be an attacker trying to get you into their copy of the real website to capture your credentials. Similarly, there are many variations of this attack, because of that, you should avoid clicking on links on emails unless you are 100% sure it’s from the official website/institution.
Use a different computer if possible:
If you can afford it, use a different computer just for dealing with money and keep it safe. This will prevent interference from your day to day activity because you might have been infected doing something else and not know it. Or if you share a computer with your family/kids you don’t know what they installed or did before you.
I would recommend you buy the cheapest Chromebook you can find. Usually 200€ - 300€. This is a computer with a more secure Operating System and is mainly built to only browse the web.
Use a secure Operating System:
In case you don’t know there are 3 main operating systems: Windows, macOS, and Linux. Windows is well known for being the less secure one.
If you know a technical person and want the most secure system I would recommend you ask them to create you a Linux bootable USB stick, which is an Operating System inside a USB stick which you turn on only to deal with money/investments online.
Otherwise, I recommend you buy a cheap Chrome book like mentioned above. Try to avoid using Windows at all costs.
Use multiple different accounts/cards
Try to separate your personal account from the one you use for the investments, it might be a headache but it will prevent an attacker to have access to 100% of your money. In the same vein use, multiple cards with limits like privacy.com offers if your bank doesn’t. This service offers you cards with a limit that you set up, that way if an attacker gets hold of them they can only do so much damage. For example, let’s say you have 1000€ in your account but want to make a purchase of 10€ on a random website that you don’t trust yet: you use one of these cards and if it tries to take more than 10€ it will get denied/rejected.
Use a unique email address
Having an email address that you only use for your money related accounts is a great way to stay secure, it will make it harder for an attacker to know the login credentials and you can trust links a bit more (but never fully!)
Even if the attacker knows your personal email and tries to log in to your bank account with it, he won’t get far because you use a unique email address for those accounts which only you know.
Lastly, it prevents password recovery attacks. This is when an attacker got access to your email but not your bank and he goes to the bank website and says “hey it’s me, I forgot my password” and the bank says “ok, give us your email and you will receive a link to change it” and then he changes your password because he had access to your email already.