Browser Extensions

Practicing Good OpSec on Social Media

Omer Aslim selfie
By: Omer Kaan Aslim
August 14, 2020
Social media can help you connect with friends and family, it can also be a way for bad actors to connect with you.

What is OpSec?

According to Wikipedia “Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.”

Why Everyone Needs to Practice Good Social Media OpSec

What You Should Not Post on Social Media

  • Your address
  • Your current location
  • Where you intend to go
  • Dates when you will not be at home
  • Content that can be used to black mail you (e.g., embarrassing pictures)
  • Information that can help reveal answers to your security questions (your pet’s name, the high school you graduated from, your mother’s maiden name etc.)
  • Pictures of expensive items you own (e.g., that new TV you just bought and your wife's jewelry collection)
  • Information about the banks and subscription services you use (these can be used to launch social engineering attacks against you)

Leverage Privacy Settings To Improve OpSec

Unless you are an influencer or use social media for business purposes your account doesn’t need to be accessible to the whole world. Leverage the privacy settings in your social media accounts to limit access to only people you know. Be sure to review your privacy settings in detail and test them to make sure that they are configured correctly.

Finally: Always Use Common Sense

Think before posting something to your social media timeline or before sending a direct message to someone. The easiest question to ask yourself is “what do I gain from posting this”? Another question to ask is “can someone use this content against me or my family”? Just assume that whatever post online is public even though only your friends can see it. Anyone can take a screenshot of your post or direct message and make it public.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance