An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Drifting in cyberspace: Online OPSEC will keep you anchored

  • Published
  • By Dave Smith, 21st Space Wing Public Affairs staff writer
  • 21st Space Wing Public Affairs
PETERSON AIR FORCE BASE, Colo. --  The computer is fired up, login is complete and it’s time to spend the evening online, alone with social media. But nobody is truly alone when connected to the Internet.

According the Department of Justice’s National Computer Security Survey two-thirds of nearly 8,000 businesses, queried in 2005, detected at least one cybercrime, and almost nine of 10 reported multiple instances costing tens of thousands of dollars.

The overarching point is simple enough: exercise caution when connected to the Internet. Staff Sgt. Michael Craddock, 21st Space Wing operational security coordinator, suggests limiting any online presence to a minimum.

“Reduce your online footprint,” Craddock said. “This would include opting out of open source sites like Spokeo, Checkmate, PeekYou, and FamilyTreeNow.com. This can be accomplished via the opt-out option for each of these sites.”

Craddock recommends that users periodically check out what is out there on the Internet about them. A quick and simple Web search using a search engine can verify that personal information is not being broadcasted across the Web.

“This is not limited to service members or DoD personnel,” he said. “But extends to their families as well.”

One of the biggest things to remember when dealing with OPSEC online is to avoid posting sensitive information. Using the approved Critical Information List is a good place to start. Craddock said unit and wing OPSEC representatives can provide guidance too.

Paul Alvarez, Interagency OPSEC Support Staff customer service advocate, pointed out there are some general topics that should not be posted openly online. In general, terms folks should avoid talking about or posting information about are:

• Current or future operations
• Travel timelines
• Usernames and passwords
• Access/identification cards
• Capabilities and limitations
• Address and phone lists
• Budget information
• Building plans
• Entry and exit procedures
• Visitor schedules.

“I think the biggest breaches occur when employees do not know what information to protect,” Alvarez said.

Limiting exposure and access on social media also is important where OPSEC is concerned.

“Within almost all social media platforms is the ability to increase your security preferences to allow only friends and family to see the contents of your profile,” Craddock said. “This is coupled with ensuring that you do not add unknown contacts that will then have access to your social media content.”

It is also important to be aware of what is shared online. Things like a photo of a service member in uniform can draw unwanted attention to a profile, for example. Listing specific job descriptions ¬¬– such as intelligence officer or unmanned aerial vehicle operator- should be avoided for the same reasons.

“Other items that can be used by adversaries could be things as simple as a photo of your home with distinct landmarks in the background or a school cheerleading uniform identifying where a dependent attends class,” Craddock said.

Security settings on social media should be set so random individuals cannot view a profile and read everything written there, he added.

“Why would a random passerby on Facebook need to know where you work, what you do or where you are stationed?” said Craddock.

Friend requests should be carefully screened and if you do not personally know the person, you probably should not approve the request.

Craddock offered a number of other steps to help bolster online OPSEC:

• Be careful with saved passwords. Utilize password managers.
• Use good reminder questions for recovering passwords.
• Use two-factor authentication. A password then a text confirmation to a cell phone, for example.
• Clear browser cache and history regularly. Don’t leave a trail of information.
• Watch for photos and email with .exe attachments.
• Use antivirus and ad blocking software.

Public WiFi can pose an OPSEC problem, Craddock said. He advises situational awareness when using personal information in a public area.

“A library or coffee shop is a public area,” he said. “So why would you post your credit card information in a public place? Someone could read your number over your shoulder.”

There are many things to keep an eye on to be safe and secure online. However, there are two things Craddock said will make the biggest difference.

“Make sure the site is legitimate. Watch for the ‘https,’” he said. “And do not go to questionable sites.”