Practicing Good OpSec on Social Media

According to Wikipedia “Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.”

• -Bulgarlars use social media to identify potential targets
• -Employers use social media to screen you before hiring
• -Serial killers scout out their victims using social media
• -People can use social media to stalk you in the real world
• -Foreign agents may be interested in you if you work for the government, work at a company that works on sensitive technology, or are in the military.

• Your address
• Your current location
• Where you intend to go
• Dates when you will not be at home
• Content that can be used to black mail you (e.g., embarrassing pictures)
• Information that can help reveal answers to your security questions (your pet’s name, the high school you graduated from, your mother’s maiden name etc.)
• Pictures of expensive items you own (e.g., that new TV you just bought and your wife's jewelry collection)
• Information about the banks and subscription services you use (these can be used to launch social engineering attacks against you)

Unless you are an influencer or use social media for business purposes your account doesn’t need to be accessible to the whole world. Leverage the privacy settings in your social media accounts to limit access to only people you know. Be sure to review your privacy settings in detail and test them to make sure that they are configured correctly.

Think before posting something to your social media timeline or before sending a direct message to someone. The easiest question to ask yourself is “what do I gain from posting this”? Another question to ask is “can someone use this content against me or my family”? Just assume that whatever post online is public even though only your friends can see it. Anyone can take a screenshot of your post or direct message and make it public.