OPSEC: Your Self Defense on Social Networking Sites Published April 15, 2010 By Jeff Jeghers Installation OPSEC program manager HANSCOM AIR FORCE BASE, Mass. -- Last month's article on OPSEC touched on increasing your general awareness while utilizing social networking sites as possessors of sensitive information. This month's article will help you understand some of the basics of virtual self defense while using these applications. Technical Aspects: Know the difference between "friend" and friend, and configure permissions on your friend lists accordingly. Determine your virtual visibility and see what others can see. As always, keep your anti-virus software up to date and be wary of unsolicited requests for information. If virtual social networking is your thing, then know all the tools to secure your activity properly. Be security flexible: Just as we increase our physical vigilance at times, you must become adept in extending that level of protection to all aspects of information handling as well. If you express on Facebook your disgust with waiting in an extended line of traffic at a gate, you may have just aided the enemy. If that line at the gate were to happen today, it is precisely then that your extended vigilance must kick in. Consider where you personally need to extend your vigilance out to when that time comes. When in doubt: As always, if you are in doubt if something is sensitive, then don't post on an SNS. Also, it is far too easy to expel emotions on a virtual system rather than to someone's face, but before you tweet about your boss being a pain, remember that morale is considered critical information in some cases. This can open you up to phony consolers or others that may gauge an entire activity based on your official opinion. Take time to relax before engaging in social networking activity. Think outside the keyboard: The concept of protecting sensitive or critical work information should not be that difficult if you turn the context around and think from a different perspective. As a parent, for example, would you post online the times and routes of travel your child takes to and from school? Would you tell the world if they were going to be home alone or that the security system protecting them works only half as good when it rains out? Why then would you post similar information regarding work? You should also know your posting history. An adversary certainly would. The simple truth about social networking technology is that we can't stop the momentum and, in some cases, we may actually be required to utilize it for all its potential positive attributes in the future. As you embrace this technology at home, challenge yourself to fight assumptions about safety, know the technology well enough to protect yourself, understand the need to surge vigilance, resist emotional or reckless use, continue to outsmart adversaries by taking their point of view and share what you know with your family and those you care about. OPSEC is concerned with mission effectiveness and, as we all have many missions to accomplish, it is a goal we can all appreciate and strive to participate in.