BitGo is a wallet provider for your cryptomat with additional security features than node wallets, such as spending limits and limited user roles, as well as third-party key escrow for secure wallet recovery.
See our article on setting up BitGo if you wish to use them, then consult the security practices below.
Enable spending limits
As a proactive defence against unauthorised spending from your wallets, you can enable velocity limits for each of your coins' BitGo wallets.
Click on a wallet's name in the list of wallets, choose the 'Policy' tab, then scroll to Spending Limits. Input values in coin amounts for one or more limits. You must do this for each coin's wallet.
If one of these thresholds is crossed, either legimitately or from an unauthorised spend, you will need to log into the BitGo wallet to authorise or reject the withdrawal.
Limit user roles
If your associates benefit from viewing your machines' BitGo wallets, but they do not need access to spend from them, you may add additional users to your wallets with a 'Viewer' role.
Click on a wallet's name in the list of wallets, choose the 'Users' tab, then click 'Add Users' and select 'Viewer'. You must do this for each wallet you wish to invite a viewer to.
Freeze the wallet in case of emergency
If you need to immediately freeze all spending from a wallet, you may do so by clicking on the wallet name in BitGo, choosing 'Settings', then scrolling down to the 'Freeze' section.
Enable notifications for outgoing transactions
You can enable email notifications when funds are sent from your BitGo account under 'My Account > Preferences'.
Email notifications are also available from the Lamassu admin for authorised machine transactions, though enabling notifications at the BitGo wallet level would also provide an alert when a withdrawal from the wallet itself (or server command line).
Print and backup key card in a secure place
The key card backup PDF provided by BitGo during wallet creation will enable you (or someone with access to it) to recover your BitGo account in case you lose your passphrases and 2FA codes.
Print out the key card and/or save it to an encrypted USB drive, though do not store it on your computer or anywhere easily accessible. Delete your local copy after you've placed it somewhere safe.