Apply OPSEC in social networking Published July 19, 2013 By 60th Air Mobility Wing Wing Plans 60th Air Mobility Wing Wing Plans TRAVIS AIR FORCE BASE, Calif. -- Social networking sites, such as Facebook and Twitter, are great ways to connect with people, share information and market products and services. However, these sites can also provide adversaries, such as terrorists, spies and criminals, with the critical information they need to disrupt the mission and harm the Air Force, its members or even family members. The more information adversaries can obtain, the more opportunities they have to cause damage. Practicing good operations security will minimize the risks that come from participating in these sites and help you to recognize and protect critical information. Countermeasures: Follow computer security guidelines. Adversaries prefer to go after easy targets. Keep computer security up to date and be a hard target. Never login in from risky locations. Public social-networking sites generally do not have secure login available, HTTPS with the lock icon, from a hotel, cyber café or airport hotspot, particularly ones in foreign countries, name and password can be captured at any time. Keep passwords secure. Use different, strong passwords for each online account. Never give passwords away. Modify search profiles. Do a search for yourself and if too much data comes up, go to settings and restrict search profiles. Don't depend on the site for confidentiality. Even SNSs that aren't open and public by design can become so due to hacking, security errors, poor data management practices and data brokering. In some cases, the site terms of service explicitly claim ownership of all posted content. Treat links and files carefully. Social engineers and hackers post links in comments and try to trick you into downloading an update, security patch, or game. Don't trust add-ons. Plug-ins, games, and applications are often written by other users, not the sites themselves. The authors can easily gain access to data once it's installed. Don't post critical information. If you don't want it public, don't post it. Search engines and functions make it easy for adversaries to find what they're interested in. Once information is on the Internet, it is there forever. Review friends' profiles. The photos or information they post may be a problem. Control friend access. Verify a "friend" request by phone or other means before allowing access. Group friends, e.g., real life, co-workers, strangers, etc., and control access permissions based on the groups. For more information, the Installation OPSEC Program Manager's contact number is 424-0062 or contact your group or unit OPSEC coordinator.