abstract image depicting men in suits with screens for faces

Security Breach! You Need Better OPSEC

by James Walton

Do you want the world to know you have a collection of gas masks, long term food storage, and an armory? Now, some of you reading are gonna yell, “Hell yeah!” But many others will respond, “Not unless I wanna get a new job.” This divide gets at the heart of OPSEC (operational security): Its value varies based on the individual.

One important metric for weighing the importance of OPSEC in your life is the potential for a personal security breach. Unfortunately, there is more opportunity than ever for a bad actor to infiltrate our physical and digital lives–especially the latter.

Fact is, in the Internet Age, you are probably giving the world a much deeper look into your personal life then you’re intending to. Thankfully, however, there are ways to cut that stream of intel off–but you gotta be willing to act.

Let’s begin.

Table of Contents

  • 01

    OPSEC is a Military Term

  • 02

    Mastering Digital Operational Security

  • 03

    Categorizing Information

  • 04

    Careful Storage

  • 05

    What We Show the World

  • 06

    How to Build an Operational Security Plan

  • 07

    Final Thoughts on Avoiding a Security Breach

  • 08

    Frequently Asked Questions

OPSEC is a Military Term

Heavily armed, masked man enjoys tea with elderly woman

Military operations depend heavily on OPSEC. (Image courtesy of Imgur)

To begin, what is OPSEC?

During the Vietnam War era, the United States initiated an operation known as Purple Dragon to systematically review its security posture from the perspective of an adversary. It was within this context that the concept–known as OPSEC or operations securityemerged, originally defined as the “ability to keep knowledge of our strengths and weaknesses away from hostile forces.”

Ultimately, the methodology proved very effective at thwarting the Vietcong’s counterattacks and ambushes, causing OPSEC to rapidly spread to other sectors of military and government, like the DOD (Department of Defense).

Now, are you not yet prepared to cross the line from freedom-loving civilian to gray man operative using military technologies and techniques?

Well, the truth is you have long been using military inventions. After all, technologies like duct tape, superglue, and microwaves are all born out of the military. That means that every time you open a can of something, you are again utilizing a military-developed technology.

Heck, even the life-saving epipen was created by the military–developed to protect soldiers who had been exposed to chemical and nerve agents.

And, of course, we at MIRA Safety owe a massive debt of gratitude to military tech. Our CWD Detection Strips, after all, were derived from the military's necessity to identify these types of chemicals.

With all of this in mind, OPSEC is just another idea out of the military that not only works well in war, but also translates very well to civilian life.

Mastering Digital Operational Security

abstract image of digital world

The digital world is full of threats. (Image courtesy of Pixabay)

In 2020, while the world was grappling with a pandemic, there was a lesser known virus spreading around the world–and it was cyber crime. At this time, hackers saw a boom in business that ranged from attacks on larger online targets to remote workers.

In short, cyber crime jumped a staggering 600% during the COVID-19 pandemic.

If you think we magically cleaned all that up, then you are unfortunately mistaken. Truth is, more and more people are gaining access to the internet all the time. As developing nations gain access to the Internet, the wires will touch, and bad actors will realize that digging deadly cobalt out of a cliffside sucks compared to sending phishing scams out via email.

In response to this opportunism, many of us know how to conduct a simple threat analysis on our online interactions. We’ve learned–for some, the hard way–that that the Prince of Whoville is not going to actually send us $45,000.

Nevertheless, the hackers are getting smarter, AI is involved now, and most of us have taken zero countermeasures.

So, what are some steps we can take to increase online OPSEC?

Password Management

fingerprint on keyboard

Changing passwords keeps your system locked down. (Image courtesy of Pixabay)

Somedays, the strain of password management becomes so great that it feels like retinal scans might be the way to go.

One way to make life easier for yourself? Log your passwords in a notebook, change them often, and don’t settle on the same one for everything. Remember: if the password is easy for you to call to mind, it’s generally easier for a hacker to figure it out.

(Note that the Notes app is not a suitable alternative to a real notebook, as this is also vulnerable to hacking.)

Use a VPN

A virtual private network uses encryption to give you the most secure connections possible. As such, it’s well worth the investment.

Just don’t make the egregious error of turning the VPN off, as this opens you up for attack.

Multi Factor Authentication

All in favor of retinal scan, say, “Aye!”

These days, 2FA or Multi Factor Authentication can be worse than managing passwords. That's because you have to find your phone, open your email, and remember your passwords in order to gain access to accounts.

That said, it is a great system that makes it nearly impossible for a hacker in Pakistan to slip into your bank account–or, more importantly, your COD MWII account.

Stay Updated

How come everytime you’re five minutes late to a Zoom call and boot up your computer, there is a ten minute update waiting for you? Though this routine may be frustrating, resist the desire to switch these updates off, because a big part of those updates is security.

Read Emails Carefully

Gone are the days of the “win a free convertible” and “claim your million dollar prize” emails that led straight to a phishing scam. These days, email cybercrime is massive, and they are getting better at it all the time.

So no matter how pressing or what the message is, check the validity of your emails.

Use Encryption When Possible

Encryption can be overwhelming. After all, its very name makes it sound complex–and in some regards, it is. That said, seek out services in messaging and email that encrypt for you. They are out there. Signal, Element, and Proton Mail come to mind.

Note that you do not have to become NEO to survive in our digital world today. You need only take some simple countermeasures to make yourself less of a target.

Categorizing Information

Only a handful of people need to know where the NBC SOF77s gas mask filters are located. However, anyone who comes to your home regularly will know where the exits to your home are, and maybe where to find medicine and first aid.

NBC SOF-77 Filter

NBC SOF-77 filter

The categorization of information can happen naturally in your life, but as you gather more preparedness resources and create more plans with your family, it is important that everyone understand what kinds of information should be shared and what should be kept behind the wall of OPSEC.

About five years ago, the way the U.S. Government categorized sensitive information would seem foreign to us all. Since then, Hillary Clinton, Donald Trump, and Joe Biden–the who’s who of American leadership–have all had to answer to some kind of controversy over Secret and Top Secret files.

For reference, this is how our government categorizes secret information that could affect national security:

Confidential

Confidential information pertains to that which could be expected to cause damage to national security.

Secret

This type of information could be expected to cause serious damage to national security.

Top Secret

The big kahuna is expected to cause exceptionally grave damage to national security. Think of it this way: Your keycode to the security alarm, passwords for online banking, and passcode to the home safe are all “top secret” personal information that you wouldn’t hand out to random passers by, right?

So, there is a big difference in the type of information that we share with the people in our lives.

Ultimately, your discretion is king when it comes to naming the types of information in your own life. If you do not share these categorizations with your family, and the details, then you will have added just another thing to remember, with very little effect on your overall operational security.

Careful Storage

There is not a home buying show in existence where a couple doesn’t walk into a nice kitchen and say, “This is a great space. We love entertaining.” Well, entertaining (naturally) brings people into your home.

This raises the questions: What do people see when they enter your home? Is your pantry stocked with three months worth of food? When a visitor opens your pantry, are they going to think, “Why do they have so much?”

By storing food all over the home, or in a discreet storage room, you will give the neighborhood gossip less to wonder about.

And on that note: Where do you keep the CM-7M gas masks?

The CM-7M gas mask

The CM-7M gas mask 

Your emergency supplies, water storage, and NBC protective gear should all have a place that is beyond the prying eyes of visitors. If OPSEC is important to you, then these items cannot simply be sitting around the dining room table when company shows up.

Preppers have long developed awesome places to hide gear and preps, employing everything from dead space to straight up secret rooms and false walls. Here is a short list of some of the best in-home hiding places for prepper gear:

  • False walls

  • Under furniture

  • Concealed safes

  • Inside furniture (like couches)

  • Hollowed-out books

  • False containers

  • Under the staircase

What We Show the World

Image of phone screen with apps

The overuse of social media compromises OPSEC. (Image courtesy of Pixabay)

The very nature of our lives forces us to bare more, share more–give the world more of ourselves than ever before. In this way, the advent of social media was like opening a voyeuristic window into our lives.

As such, the idea of typing a credit card number or a social security number into a computer has become akin to handing our wallet off to a thief. Now, we pay with the tap of a card or phone. This causes us to wonder: How many years, or months, are we away from paying with the chip embedded under our skin?

And more importantly: When you are posting your entire life online, and revealing all your most private information, then who really cares what we show the world?

This is the place where OPSEC goes to die. One of the most egregious errors we make is to post that breathtaking view from our hotel or cabin as we begin our seven day vacation far, far away from our home. Which will be largely empty for the duration.

These days, we are privacy desensitized, and as a result, we cannot get out of our own way. We wear tee shirts with our kids’ school logo on them, for example–not realizing we are telling the world where to find our kids eight hours out of the day.

In this vein, we put witty bumper stickers on your vehicles that read like a how-to guide to terrorize our whole family. They tell the world about how we like to go boating, dirt biking, vacationing at OBX, or other markers that let bad guys know that you might have money, you might have expensive things at home, and you might leave in the summer for long periods.

Hell, we even put cute little stickmen on our cars to detail exactly how many people are in our house, how many kids, and if we have dogs that a thief needs to prepare to deal with.

In the end, there is a balance to be struck between our desire for self expression, and securing the information and people that we love.

How to Build an Operational Security Plan

man writing with pen and paper

Its time for some planning. (Image courtesy of Pixabay)

While it might sound like a daunting task, creating a simple OPSEC plan is actually pretty easy for the average person. It also helps get everything out on the table that you want to keep under wraps. This could be weapons, gear, information, or something else entirely.

What Are You Protecting?

Pour yourself a cup of coffee, then grab a pen and pad. After that, without being concerned by order, simply start listing all of the information, people, and items that need protecting in your life. The most important part of this exercise is to simply get it all out in front of you.

Threat Analysis (What Is Gonna Screw It All Up?)

Who are the bad guys, low-lifes, and opportunists out there, waiting to throw a wrench in the spokes of your life? These kinds of threats warrant a little thought, too.

Some examples of risks to your OPSEC are hackers and spam callers–but danger can also take the form of new people in your life. Remember: OPSEC is about sensitive information. So be careful who you let in and how deep they get in! Don’t invite a security breach.

Risk Mitigation (How are you gonna stop it?)

When it comes to OPSEC, the physical world and the digital world require different approaches. A great example of digital risk management is to get yourself a VPN. This encrypted connection will add a level of anonymity to your online presence. Put simply: Digital bad guys cannot follow you home.

And remember: You might have put some rules in place for social media posting. But these will have to include everyone in your family in order for this type of risk mitigation to work.

Final Thoughts on Avoiding a Security Breach

pen with lock still life photo

Keep your sensitive info on lockdown. (Image courtesy of Pixabay)

“We have been overwhelmed by our animal desires. Addicts of the immediate. Keep us obedient and unaware.”

-- MJK of A Perfect Circle, "Disillusioned"

Change is everywhere. In every nation, in every home, and on every device all over the world. This means that the state of something like OPSEC is a part of that change, too.

Your world feels a bit brittle underfoot, doesn’t it? Where it once felt solid and safe, society seems increasingly like soaking wet limestone that will, at any moment, give way to a sinkhole that swallows you up.

Abdicating responsibility to rapidly growing governing bodies both at home and abroad has built in us an idolatry that supersedes almost everything else. We just want Daddy to show up and make things all better.

The answer, of course, is to use preparedness and strategies like threat analysis and risk mitigation to claw that personal responsibility back. As such, you should be aware of the threats in your area, and you should also have a plan to deal with those threats. In other words, the security of what you do online should not be left solely to Apple, Google, or Microsoft.

Bottom line? Sharpen up your OPSEC. You will do yourself and the world a solid by claiming responsibility for your information, your actions, and your family’s safety.

Frequently Asked Questions

How often do you audit or update your OPSEC?
What are some common costs of an OPSEC plan?
Can I apply OPSEC to my business?
What is risk mitigation?
What is threat analysis in cyber security?
What is a security breach?
What is information assurance?