OPSEC Intro
This section covers operational security (OPSEC). Much of the knowledge here is focused on the “theory” of cybersecurity. This is one of the most important sections on this site, because the focus is on mostly on the person; not on the device. It’s worth repeating that the biggest vulnerability is the person. Most of the time when a device is infected or a scam is successful, it can be attributed to a person either not knowing what they are doing or being careless. In addition to this section, check out the book recommendations to learn more about this topic and ways to protect yourself.
OPSEC is an acronym that is used frequently in the government, usually within the intelligence communities and the military. There was a popular World War 2 phrase which was, “Loose lips might sink ships.” It was a catch phrase for people to think about what they were going to say and who might hear it. The idea carried on through WW2, into the Cold War and now to present day, to help prevent spies from learning critical secrets.
There are a lot of facets to cover when it comes to staying safe online and this guide could never cover all the different and some seemingly insignificant ways that highly sensitive information could leak out. A common idea has been that once something is posted on the internet, it is there forever. There is some nuance to the phrase in that some information can be removed, but it is generally true. For example, just because you delete a post on Facebook doesn’t mean it goes away automatically. I’ll cover data retention laws later on.
Another aspect many people don’t consider is that a determined hacker or scammer can piece together a lot of info. I see plenty of posts online of people doing things like taking quizzes where they say how old they are, what they like to eat, where they were born, etc. Those posts are mining data and it creates more issues for the people who post that info. An important aspect of OPSEC is that you think about what you’re going to post or info you’re putting into a website before you actually enter anything.
I cover some of the most significant areas to consider in the following sections, which includes social media usage, keeping personal information limited online, keeping your devices safe regarding physical access, considerations when using public wifi, deleting metadata, how you are fingerprinted online, etc.