The document discusses operational security (OPSEC) best practices for social media. It provides tips for identifying critical information exposed on social media, understanding what enemies could learn about you and your family online, and developing countermeasures. The document emphasizes that information shared online is at risk of being made public and used against individuals by enemies. It recommends only sharing information that would be told directly to enemies and assuming any online information could become public.
1. Ombudsman Hot Topic:
Social Media Trends
Naval OPSEC Support Team
Navy Information Operations Command, Norfolk
757-417-7100
opsec@navy.mil
2. OPSEC. Because you are not a
Navajo code talker, and you’re
really not fooling anyone.
Naval OPSEC
Support Team
3. OPSEC Best Practice
Operations Security is a 5-step process that:
1. Identifies Critical Information
2. Identifies credible threats
3. Assess vulnerabilities
4. Assess risks associated with vulnerabilities
5. Develop countermeasures
4. Bumper stickers. Because every random
stranger driving near you should know
exactly how many children you have
and where they go to school.
Naval OPSEC
Support Team
5. OPSEC Best Practice
• Look at your daily activities from the enemies’ point of view.
• Understand what an enemy might learn about you and your
family from the information and details that you make
available.
• Assess the level of risk that this places on you and your family.
• Develop and apply counter measures, which help to prevent
the enemy from obtaining your critical information and using
it against you.
6. Most people don’t know this, but you
don’t need to post, tweet, blog, chat, pin,
upload, whisper, snap chat, text, email,
Skype, or facetime every time you go to
the gym.
Naval OPSEC
Support Team
7. OPSEC Best Practice
What you really learn from Facebook pages and profiles:
• Average income
• Security clearance level
• Family makeup
• Current psychological state
• Current location and contact information
• Ships roster
• Sensitive deployment dates and locations
• Relative readiness condition
8. “Well here is your problem!
Privacy never includes the
internet.”
Naval OPSEC
Support Team
9. OPSEC Best Practice
• Your security settings are only as good as your most public
friend
• One persons private tweet is another persons public post
• Security settings are often underutilized and easy to bypass
10. Who needs your home address
when I have access to your
Instagram?
Naval OPSEC
Support Team
11. OPSEC Best Practice
• Understand your technology
• Always consider how else this information can be used
12. The smarter the phone the
greater the risk.
Naval OPSEC
Support Team
15. OPSEC Best Practice
• If it sounds too good to be true, it is. Every single time.
• Don’t trust third party applications with personal, private or
critical information
• There is no such thing as private online
• Consider how your content can be used against you
• There is no true delete function on the internet
16. If you have to ask
“can I post…”, the
answer is always no.
Naval OPSEC
Support Team
17. OPSEC Best Practice
• Never share anything you would not tell directly to the enemy
• Never post private or personal information
• Assume any information you share will be made public
18. Loose lips still sink ships…
And rob homes,
compromise personal
information and drain
bank accounts.
Naval OPSEC
Support Team
19. OPSEC Best Practice
Knowledge is power …. for both you and the adversary
• Understand the value of your information
• Be suspicious of unsolicited phone calls, online requests, or
emails
• Be suspicious when information about you and your family is
requested
• Always ask yourself, do they have the “need to know”
• Share the OPSEC message with friends and extended family
members