Wednesday, April 11, 2018

Operational Security (OPSEC) - Part 3: Countermeasures

This is part 3 of my Operational Security (OPSEC) article. Part one defined operational security and described the five-step process used in OPSEC. Part two gave a practical example of how millions are unintentionally revealing critical information. This final part gives practical tips and countermeasures folks can take to protect their information. 

Tips and Countermeasures

1- The first and most important part of protecting your critical information is to make sure that everyone in your family/group understands what information to protect. You cannot do OPSEC without clearly defining to everyone involved what critical information needs to be protected. See Part one for
the five-step process to accomplish this goal.

2- Next, make a thorough and honest assessment of all the possible ways you are leaking critical information, especially to the bad guys who are actively looking for it and start taking countermeasures. 

3- Public, and even private, conversations, can be overheard. Be aware of your surroundings and topics of conversations. Even off-hand remarks can reveal critical information. Make sure your conversations are really private before discussing critical information. 

4- Be aware how certain information may reveal other information. For example, that "First Baptist Church" bumper sticker reveals not only your church membership, but also tells the bad guys you're probably not at home on Sunday mornings.Think through what the bad guys may able able to deduce from seemingly innocent information you do give out. 

5- Shred/burn (instead of throwing away) all unneeded paper that may reveal critical information, including bills, shopping receipts, insurance papers, bank statements, tax records, pay stubs, ATM receipts  & other financial documents, pre-approved credit card & loan applications, prescription labels & info, expired passports and driver's licenses, among many others. A good article on what to keep and how long is How Long to Keep Documents & What to Shred by Elizabeth Larkin.  

"The general rule is anything with the following information should be shred: account numbers, birth dates, maiden names, passwords and pins, signatures, and social security numbers." -- Elizabeth Larkin

6- Children, especially young children, tell EVERYTHING to their friends, schoolmates, teachers, neighbors, and other parents (even if you've told them not to). Be especially aware of what you reveal to them, and remember that they do have ears and overhear a lot more than you might think. Remind them often that privacy is important and that they shouldn't share certain information with others. There have been many news stories in recent years of schools quizzing students about their home life, including asking about topics such as the parent's political views and if there are guns in the home. Tell your kids to answer "I don't know, you'll have to ask mommy and daddy about that" and to tell you who was asking those type questions. Review this with them often (they quickly forget).

7- Be careful of what trash & recyclables you leave at the curb. Even empty boxes may reveal to those nosy neighbors what, and how much, you are buying. Options to roadside recycling include taking the boxes to the recycling center yourself, or even burning them or using them in composting or sheet mulching. Remember to shred/burn critical papers.

8- Be cautious in your use of social media, email, text messaging, and the Internet. Realize that if you are emitting electronically, your use is being monitored, logged and stored. NEVER use electronics to commit illegal acts, make threats, stalk or harass others (you shouldn't be doing these things anyway). When surfing the Internet, avoid the "Red Light Districts" (adult sites, illicit drug sites, or other sites used for illegal/unethical activities), as visiting those sites greatly increases your chances for computer viruses, phishing attacks, ransomware, and attracting the attention of both the bad guys and law enforcement. 

9- Never give away a password to  any account to anyone EVER!!! 

10- Keep all software up-to-date. This is especially true for your anti-virus and firewall software (they stop automatically updating after the free trial period is up), but is also true for your operating system, drivers, etc. Out-of-date software likely have multiple security issues.

11- Rethink your use of social media. Keep only those accounts you really use often or need professionally (I recently deleted my Facebook, Instagram, and Google+ accounts). Avoid oversharing or giving away critical information. Especially avoid giving away your schedule or travel plans (lets the bad guys know when you are not home). Don’t post personal information (real friends already know your workplace, school, home address, phone number, etc.- don’t  broadcast it to strangers).

12- How to Delete a Google+ Account https://www.wikihow.com/Delete-a-Google%2B-Account 

13- How to Download and Delete Your Entire Google Search History http://www.maketecheasier.com/download-delete-goog...

14- How to delete everything Google knows about you https://www.expressvpn.com/internet-privacy/how-to...

16- How to Permanently Delete a Facebook Account https://www.wikihow.com/Permanently-Delete-a-Facebook-Account

17- How to Delete an Instagram Account https://www.wikihow.com/Delete-an-Instagram-Account

18- Want an privacy-sensitive alternative search engine to Google, Yahoo, or Bing? I suggest StartPage https://www.startpage.com/ or Duck-Duck-Go https://duckduckgo.com/

19- Concerned about Microsoft's recent announcement that they will ban "offense language" and begin monitoring private accounts (Office, Skype, and other Microsoft products)? Looking for an alternative to Microsoft Office? I use Apache Open Office https://www.openoffice.org/ Its free and works great!

20- Want a good alternative web browser to Internet Explorer, Microsoft Edge, and Google Chrome?  Try Mozilla Firefox https://www.mozilla.org/en-US/firefox/new/. It can be enhanced with a number of privacy-protecting add-ons, including HTTPS Everywhere and Ghostery, among others (go to the add-ons page after installing Firefox).

21- Delete cookies regularly or disable the use of cookies through your browser. You can “whitelist” cookies from sites you need/trust while still blocking all others. There are also several Firefox add-ons, such as Self-Destructing Cookies, that will do this for you. 

22- Never use the “remember me” function on websites, even from your own laptop or device. 

23- Be mindful of you use of affinity cards, credit/debit/checking cards, and even modern library cards, as they all collect and log data about you and your habits. This information may then be used by the company, shared with its vendors, sold to other companies, or stolen by company employees or outside hackers. It could also be obtained by the government (even without a warrant in many cases). 

Obviously, this list barely scratches the surface of the many countermeasures you can take to keep critical information out of the hands of bad guys and others (corporations, government) who don't need it. My hope is that it will give you plenty of "food for thought" and even many practical ideas for protecting your critical information.

0 comments:

Post a Comment

The comments section has been reopened for new posts. The following rules apply:

1) NO LINKS may be posted. Comments containing links will automatically be deleted without being read.

2) Debate and disagreements are allowed, but please keep the discussion civil.

3) Threats of violence against people or property are illegal. As such they will be removed and reported to law-enforcement.

4) This website is a one-man operation. As such, it may occasionally take up to 24 hours or so for comments to be approved. Please be patient.