Practicing Good OpSec on Social Media
By: Omer Kaan Aslim
August 14, 2020
Social media can help you connect with friends and family, it can also be a way for bad actors to connect with you.
What is OpSec?
According to Wikipedia “Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.”
Why Everyone Needs to Practice Good Social Media OpSec
- -Bulgarlars use social media to identify potential targets
- -Employers use social media to screen you before hiring
- -Serial killers scout out their victims using social media
- -People can use social media to stalk you in the real world
- -Foreign agents may be interested in you if you work for the government, work at a company that works on sensitive technology, or are in the military.
What You Should Not Post on Social Media
- Your address
- Your current location
- Where you intend to go
- Dates when you will not be at home
- Content that can be used to black mail you (e.g., embarrassing pictures)
- Information that can help reveal answers to your security questions (your pet’s name, the high school you graduated from, your mother’s maiden name etc.)
- Pictures of expensive items you own (e.g., that new TV you just bought and your wife's jewelry collection)
- Information about the banks and subscription services you use (these can be used to launch social engineering attacks against you)
Leverage Privacy Settings To Improve OpSec
Unless you are an influencer or use social media for business purposes your account doesn’t need to be accessible to the whole world. Leverage the privacy settings in your social media accounts to limit access to only people you know. Be sure to review your privacy settings in detail and test them to make sure that they are configured correctly.
Finally: Always Use Common Sense
Think before posting something to your social media timeline or before sending a direct message to someone. The easiest question to ask yourself is “what do I gain from posting this”? Another question to ask is “can someone use this content against me or my family”? Just assume that whatever post online is public even though only your friends can see it. Anyone can take a screenshot of your post or direct message and make it public.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance