The benefits of using blockchain for payments are immense, but when it comes to transacting with crypto—particularly as a business—safety and security must be top of mind.

The looming threat of theft, hacks and phishing attacks can be intimidating, but don't let that steer you away from making the most of crypto. By practicing proper crypto security hygiene, much of that risk can be mitigated.

Here are six ways to keep your company's crypto secure.

1. Choose the right crypto wallet(s)

Think of crypto wallets like you would any regular wallet: it’s where you hold your funds. There are two types of wallets—hot and cold—and you can choose between one or the other or take advantage of both.

Hot crypto wallets vs. cold crypto wallets

Hot wallets typically live on your browser, desktop or mobile device. They're connected to the internet, which makes them easy to use for transactions, but this also makes them more vulnerable to attacks than cold wallets.

Cold wallets are offline, tougher to access and transfer funds from and generally more secure as a result. Cold wallets are a better choice for long-term fund storage.

Custodial crypto wallets vs. non-custodial crypto wallets

Although non-custodial wallets (holding your keys) are typically considered more secure, many businesses prefer custodial wallets (where a centralized service holds them) because they’re easier to access and monitor with less responsibility.

We suggest using non-custodial, hardware wallets like Ledger or Trezor wallets to store your funds. But for regular transactions like paying employees, we recommend using a custodial wallet like a Coinbase account or a non-custodial browser wallet like MetaMask.

2. Define and set up proper controls for access to funds

For businesses, it’s essential to have multiple controllers to limit liabilities. Releasing only a certain number of funds from cold storage or designating how many signers are needed to move funds from a hot wallet to cold storage creates multiple layers of security.

That’s why you should have a multi-signature wallet (or multisig), like Gnosis, that requires two or more private keys to confirm and sign a transaction.

3. Decentralized vs. centralized exchanges

Similar to custodial vs. non-custodial wallets, decide whether you want to use decentralized exchanges (DEXs) like Uniswap or centralized exchanges (CEXs) like Coinbase (or use both!).

With DEXs, you don’t have to worry about exchange hacks or theft, but personal responsibility becomes much more important. You will need to store your private keys in a safe, offline place.

CEXs keep your private keys safe, but you don’t ultimately hold your money and may lose funds if the exchange is hacked or if there is a dispute preventing you from accessing your funds. Furthermore, CEXs are not known for their customer service. You also might risk your personal information being leaked by exchanges due to the AML/KYC processes.

4. Use a password management app to generate and remember unique passwords, but store private keys offline in a notebook

Private keys are the way you access your cryptocurrency on a blockchain—it’s essentially your claim to your funds. On the other hand, passwords and password phrases are another layer of protection to your private keys and accounts.

Although we recommend storing your private keys or phrases in a physical notebook, you should store passwords that you frequently use in something more accessible and secure like 1Password. Generate long, obscure passwords with special characters and never use the same password for more than one account.

5. Set up two-factor authentication (2FA) for all crypto accounts

Most wallets and exchanges give you the ability to set up 2FA.

But do not use SMS as your 2FA option unless it’s the only option. SMS leaves you vulnerable to SIM card swaps. Instead, you should use app-based or device-based codes and an authenticator app or device to store your passcodes.

6. Keep your computer up to date

Make sure you’re using an up-to-date computer to avoid malware. Best practice is to use a device with a modern operating system like Windows 10, macOS or Linux if that's your jam. If you’re using Windows XP, Windows 7 or a version of Mac OS X, then it’s time to upgrade. Also, make sure you don't neglect periodic updates to your computer's operating system.