FORT LEONARD WOOD, Mo. — Many people use social media, but not everyone understands the impact of what they are sharing and who can see their posts, pictures and information. It’s important to remember that everything on social media is up for grabs by anyone, including an adversary.
The internet is forever, anything you put online or post on social media can be copied and will likely be copied by other users, search engines, archives or other third parties.
Even with privacy settings in place, sharing information online is at risk by those you share with. Many service providers make copies when they back up their data and your data is likely included.
Once posted, it will be nearly impossible to track down and delete all copies of your data. And while you may not be able to see or find all the remaining copies, they can still be used against you.
How much information are you really sharing?
What you or your family and friends share on social media can provide an adversary with important information about our connections, habits and careers. This can support their efforts of elicitation, recruitment, social engineering, targeting and more – putting us, our families, our organizations and our missions at risk.
Operations Security, or OPSEC, is a proven risk-analysis process that helps protect critical information and determine the value of unclassified information, but awareness is key.
Using the OPSEC process, we can deny the adversary information they need to compromise our operations.
Some OPSEC-related questions to ask yourself when using social media include:
- Who wants my information? Threats may come in the form of insiders, criminals, hackers, identity thieves, nation states, economic competitors and terrorists.
- What information do they want? Adversaries could want critical or sensitive information, such as where you work, job details, your family members, what your interests are or your personal or financial account information. This and other sensitive information could be used for nefarious activities such as identity theft or gaining access to your finances.
- How do they get my information? Many people post hobbies, interests, vacation plans and events they are attending, as well as pictures of their children, pets and valuables. Oversharing of information, lax privacy settings and clicking on scam links are examples of vulnerabilities.
- What are the risks of participation? The risks associated with social media will have a lot to do with how much information you share. Before posting anything online, determine the impact and likelihood of your information being compromised. If the real or perceived risk outweighs the benefit, don’t post.
- How can we protect our information? By identifying the information that should be protected and not posting that information online, we can keep information more secure. For example, protected information may include work and school schedules, activity schedules like sports practices and games, or travel plans, both work and vacation. All of these point to when a home will be unattended or when children are there without adult supervision.
Protect your social media accounts
Some simple steps you can take to protect yourself and others include:
- Avoid oversharing online. Protect your critical information and ensure your family and friends don’t post personal details.
- Check the privacy settings and use the highest privacy setting available.
- Be selective of friend and connection requests.
- Turn off location settings and avoid check-ins, especially in real time.
- Avoid clicking on suspicious messages, links or posts.
- Report concerns. If you see something, say something.
- Use strong, complex passwords for all of your accounts and two-step authentication, when available.
The big takeaway: Control what you can and don’t make it easy for an adversary. Knowing the risks, reducing your vulnerabilities and taking the correct countermeasures will help to keep you and your critical information safe on social media.
Contact your unit OPSEC manager or the installation OSPEC office at 573.563.2402 with questions, comments or to report an OPSEC concern.
(Editor’s note: Content for this article was obtained through the Interagency OPSEC Support Staff at https://www.iad.gov/ioss.)