Bitcoin is all the rage, and everyone is talking about it. Any discussion or write up about Bitcoin usually starts with the fact that is it a decentralized digital currency. Decentralized means that no government or company controls it and it also means each participant is on his/her own when it comes to protecting their Bitcoin investment.
With US fiat currency saved in a bank, you have a high level of confidence that the money will be there in a day, week, month or a year. If the unthinkable happens and the bank is hacked, most bank deposits are federally insured, and the government will make you whole.
Bitcoin does not have any insurance or governmental oversight. Any Bitcoin left on an exchange is only as secure as that exchange's platform.
In Bitcoin, your ownership is confirmed using a super secret private key. When you store coins on an exchange, they hold the private keys for these coins. Any hacker that manages to obtain these private keys can, therefore, control your (now their) coins and move them into a new account they control. Once your coins are gone, there is no way to recover them.
How to secure your Bitcoin
The first rule is: do not leave your Bitcoins on an exchange. Most theft happens from exchanges because hackers know that compromising one exchange can yield millions in gains.
Some Exchanges (e.g., Coinbase) offer offline cold storage options. These are more secure than their traditional active accounts (since they double check transaction requests and have long waiting periods), but if someone steals the private keys due to infrastructure insecurity, they would be able to access your coins.
The second rule: control your private keys. When managing your private keys, computer security becomes critically important. I have written dozens of articles about it, so I won't take a deep dive here, but you'll have to spend some time thinking about it.
In TL;DR form: I recommend that you chose the safest and most robust computing environment when processing your private keys or performing Bitcoin transactions (purchase, sale or transfer). For most individuals, I recommend using a name brand Chromebook. A Chromebook a purpose-built device running Google Chrome on a very secure Linux operating system. Google continuously updates Chromebooks. Chromebooks offer a small attack surface and are less susceptible to compromise than a Windows or MacOS device.
Now that you have a secure platform to complete your transactions, the next question is: Where do I store my private keys?
You should keep a small amount of Bitcoin in a reputable smartphone app, where you can access it quickly if you feel like spending it. I like the Jaxx wallet (it is simple, well written and cross-platform).
You should store most of your bitcoin in a purpose-built offline (not on your computer or connected to the internet) hardware device. My device of choice is the Trezor wallet, but there are other excellent options (e.g., Ledger). These devices generate and protect your private keys. By keeping your private keys offline, they are immune to infections on your computer or constant hacking attempts. A Chrome extension powers the Trezor wallet, therefore it works beautifully on a Chromebook.
When setting up these hardware wallets, you generate a special recovery sentence (typically consists of 20 unrelated words). You should write this down on paper and store it somewhere safe. Never save this online, since anyone with access to this code could recover your private keys and steal your money. In the unlikely event that your hardware wallet dies, you can order a replacement and restore your private keys (during initialization) by entering your unique secret recovery sentence.
As cryptocurrency matures and becomes more widespread, I believe people will have to take a more active role in protecting their own money. It's probably a good idea to dip your toe now and start learning the ins and outs of crypto currency.