Operational security (OPSEC) is for everyone. Whether you have important information or not you need OPSEC. Keep in mind that you are not the one who decides whether an information is important information or not. The one who does is the one who is targeting you. Thus, you should consider all information as valuable information. And you need to be so careful about what to post. In this post we will mention some practices to make OPSEC as a lifestyle.
You need to think before sharing or posting anything on social media. Think if this post has valuable information for attackers or how they may use it. Remember, what is considered invaluable for you is actually valuable for attackers.
Some information gives a hint for attackers to know your password such as username or birthday date. Thus, do not post any information that lets attackers know your password, do not make their reverse engineering attempt much easier to execute as well. Also, use a different password for each account and the same thing goes with the email. Do not use the same email for everything, this is the risk management approach, to diversify the risk for someone to gain access to one of your passwords and use it to unlock all the rest of the accounts. Create an email account for social media accounts, and an email for general use, and another email for sensitive information. And do use two-factor authentication (2FA), or multi factor authentication (MFA) if it is access to very important enterprise data.
Apply the five steps OPSEC process for your information. Thus, you can protect your information and know the ways to do so. These five steps are: What information do you want to protect? Who is your enemy? What are your vulnerabilities? What is the threat level? How can you protect your information? We have talked about these five steps in detail in another post “What is Operational Security (OPSEC)?”.
OPSEC is a serious matter that everyone should take seriously. Any information is valuable information. To make OPSEC as a lifestyle you need to follow some practices such as thinking before sharing, using different passwords for each account, and applying 5 steps OPSEC process.
E-SPIN Group in the enterprise ICT solution supply, consulting, project management, training and maintenance for customers across the region E-SPIN do business. Feel free to contact E-SPIN for OPSEC solution supply, advisory, project requirement or security awareness training.
