FORT CARSON, Colo. — March is commonly associated with luck, but don’t rely on the “luck of a Leprechaun” to protect your information. Furthermore, do you know what type of information to protect and what precautions to take to protect it?

Understanding how a threat could potentially exploit vulnerabilities to compromise your personal information and learning different countermeasures to prevent it are key to ensuring critical information doesn’t land in the adversary’s hands.

That leads to the importance of operations security (OPSEC), a systematic process that helps deny potential adversaries information about our capabilities and intentions by identifying, controlling and protecting generally unclassified information associated with the planning and execution of sensitive activities.

The OPSEC cycle helps us understand the threats and vulnerabilities while also determining the value of unclassified information. Understanding the cycle and the benefit of the process is the first step in making OPSEC principles second nature.

Here are the steps of the OPSEC cycle.

  • Analyze threat; an adversary with the intent and capabilities to compromise your mission or sensitive activities.
  • Identify critical information; the information about your intentions and capabilities that an adversary can exploit to compromise or interrupt your mission.
  • Analyze vulnerabilities; vulnerabilities are weakness that an adversary can exploit to get your critical information.
  • Assess risk, this involves a bit of math – it is the probability that an adversary will compromise your critical information or exploit a vulnerability and the potential impact of the adversary’s success.
  • Countermeasures are things that we can do to address our vulnerabilities.
  • And finally, assess the effectiveness and countermeasures to determine if what we are doing is working or do we need to make some changes.

Next, what is critical information?

Details about your intentions, capabilities and activities that an adversary can exploit to compromise or interrupt your mission.

How do adversaries collect critical information about you?

  • Open sources such as the internet, news outlets, professional journals and social media.
  • Casual conversation or by eavesdropping at places frequented by you.
  • Social engineering tactics to trick you into providing sensitive information.

What information should be protected?

Let’s start with a critical information list (CIL). A CIL is a list of your critical information such as capabilities, activities, limitations and intentions, also known as CALI. In addition, critical information can also include personal items such as personally identifiable information (PII), health information and travel plans.

Here are some common vulnerabilities faced by individuals and organizations:

  • Use of email, social media and the internet
  • Access to mail, trash and recyclables
  • Predictable patterns and procedures
  • How we conduct ourselves
  • Lack of awareness of threats and vulnerabilities
  • Increased connectivity on insecure devices

In most cases, if an individual is vulnerable, an organization can become vulnerable as well.

Ask yourself, how much information are you really sharing? What you or your family and friends share on social media can provide the adversary with important information about connections, habits and careers. This can support their efforts of elicitation, recruitment, social engineering, targeting and more, putting the community, families, organizations and missions at risk.

Start protecting your social media accounts.

These simple steps can protect you and others:

  • Avoid oversharing online, protect your critical information and ensure that your family and friends don’t overshare your information.
  • Check the privacy settings.
  • Be selective of friend and connection requests.
  • Turn off location settings and avoid check-ins, especially in real time.
  • Be cautious, watch out for suspicious messages, links and posts.
  • Report concerns to the appropriate contact; If you see something, say something.
  • Use strong complex passwords, protect all accounts.
  • Using social media can increase chances of information being compromised, but we can mitigate the risk by following OPSEC principles.

The big takeaway is control what you can and don’t make it easy for the adversary. Take precautions and safeguard information. Don’t rely on the “luck of a leprechaun” to protect your information.