Recommendations for practicing OPSEC

What is OPSEC originating from the U.S. military?

The concept of OPSEC (Operations Security) originally originated from the U.S. military to protect sensitive information during military operations, and has since been widely used in other fields to protect sensitive data and information. In the digital era, OPSEC has become more important in protecting personal privacy and data security.

OPSEC is a strategy for managing and protecting sensitive information with the core objective of reducing risk by identifying potential threats, analyzing vulnerabilities, and taking action. It is commonly used in the military, intelligence, government and commercial sectors to ensure that sensitive information within an organization is not exploited by unauthorized individuals, competitors or other potential adversaries.

OPSEC consists of the following 5 main processes:

1. Identify critical information

Determine what information may be of value to an adversary, including the organization's goals, plans, and personnel.

2. Analyze potential threats

Evaluate the capabilities of the adversary to anticipate possible threats.

3. Vulnerability analysis

Discover vulnerabilities in the protection of sensitive information, such as information leakage pathways, and ensure that sensitive information is shared only among necessary personnel to prevent unauthorized access.

4. Risk assessment

Determine the threat level for each identified vulnerability. Companies rank risks based on factors such as the likelihood of a particular attack occurring and the degree of disruption such an attack would have on operations. The higher the risk, the more urgent the need to implement risk management.

5. Taking countermeasures

Formulate countermeasures to minimize risks, regularly check the effectiveness of protection measures, and continuously improve and enhance the OPSEC process.

When conducting Open Source Intelligence (OSINT) investigations, investigators may obtain sensitive information during the information collection process, and visits to websites may leave access traces. Therefore, for open source intelligence investigators, it is crucial to maintain good OPSEC(Operations Security), which not only helps to protect the investigators' behavior from being exposed, but also reduces potential risks and disruptions.

The following OPSEC recommendations are suitable for everyone:

1. Use strong and unique passwords and avoid obvious information such as birthdays.

2. Consider using a password manager to ensure secure password storage.

3. Enable dual authentication for email and social accounts to elevate the level of account protection.

4. Update all device apps regularly to ensure there are no security vulnerabilities.

5. Enable screen lock when the device is idle to prevent unauthorized access.

6. Don't leave devices unattended.

7. Consider using webcam covers and screen anti-peep films.

8. Protect the privacy of your communications by using an encrypted email service.

9. Enhance cloud data protection by using encrypted cloud storage.

10. Adjust social media privacy settings to control the public visibility of personal information.

11. Use secure search engines to reduce the likelihood of being tracked online.

12. Secure your connection with a VPN (Virtual Private Network) when using public Wi-Fi (e.g. coffee shops, hotels, airports).

13. Check permissions before downloading software to avoid malware gaining unnecessary access.

Recommendations for open source intelligence investigators are as follows:

1. Use specialized equipment and accounts to conduct surveys and adopt anonymous forms to avoid information interference and leakage.

2. Use a paid VPN to hide IP address and protect personal identity.

3. Use VM (Virtual Machine) to conduct surveys to prevent malware from affecting the host system.

4. Regularly clean browser history, cookies and other files to protect personally identifiable information (PII).

5. Adjust system time settings to align with the time zone of the investigation target.

6. Review the security of the open source survey tools used.

7. Develop standard operating procedures (SOP) for online survey research.