FORT LEONARD WOOD, Mo. — Social networking sites, or SNSs for short, are great ways to connect with people, share information and market products and services. However, they can also provide adversaries, such as terrorists and spies, with the critical information they need to disrupt your mission and harm you, your co-workers or even your family members. SNSs have also become a haven for identity thieves and con artists trying to use your information against you.

Practicing good operations security will minimize the risks that come with participating in SNSs and help you to recognize and protect your critical information.

Some examples of critical information to protect include:

  • names and photos of you, your family and co-workers;
  • usernames, passwords, computer and networking information;
  • job title, location, salary, grade and clearances;
  • operational, security and logistical data;
  • mission capabilities or limitations;
  • schedules and travel itineraries;
  • Social Security numbers, credit card and banking information;
  • work or personal addresses, birthdates and phone numbers; and
  • interests, hobbies, likes and dislikes.

Using countermeasures will help you to protect your critical information while using SNSs. Some example countermeasures include:

  • following computer security guidelines — adversaries prefer to go after easy targets, so keep your computer security up to date and make yourself a hard target;
  • never logging in from risky locations — public SNSs generally do not have secure login available, so if you log in from a hotel, cyber-café or airport hotspot, your name and password can be captured at any time;
  • keeping your password secure — use different, strong passwords for each online account, regularly change your passwords on critical sites you use, such as financial institutions, and never give your password away;
  • modifying your search profile, which means searching for yourself online and changing settings on SNSs if you feel too much data comes up;
  • treating links and files carefully because social engineers and hackers post links in comments to trick people into downloading something nefarious disguised as an “update,” “security patch” or “game;”
  • never trusting add-ons, because plugins, games and applications are often written by other users, not the SNSs themselves, and authors can easily gain access to your data once you install them;
  • reviewing your friends’ profiles for photos or information they post about you; and
  • controlling “friend” access by verifying a friend request via a phone call or other means before allowing access — it is also recommended you group “friends” (e.g., real life, coworkers, strangers, etc.) and control access permissions based on the groups.
Did you know?
  • A U.S. government official on sensitive travel to Iraq created a security risk for himself and others by posting his location and activities to his SNSs every few hours.
  • A family on vacation kept friends up to date via online profiles, and their home was burglarized while they were away.
  • New computer viruses and trojans that successfully target information on SNSs are on the rise.
  • Even SNSs that aren’t open and public by design can become so due to hacking, security errors, poor data management practices and data brokering. In some cases, the site terms of service explicitly claim ownership of all your posted content.
  • Several kidnapping, rape and murder cases were linked to SNSs, where the victims first connected with their attackers.
  • Some foreign investors, including government and commercial entities known to be involved with organized criminal activity, own large stakes in certain SNSs.
  • Information in SNS profiles has led to people losing job offers, getting fired and even being arrested. If you don’t want it public, don’t post it. Search engines and functions make it easy for anyone to find what they’re interested in. Once information is on the Internet, it is there forever.

For more information and resources on safe social networking, contact the OPSEC office at 573.563.2402.

(Editor’s note: Information for this article was obtained through the National Counterintelligence and Security Center in support of OPSEC Awareness Month.)