Operational Security (OPSEC) is the process by which we protect unclassified information that can be used against us.
There are people out there who want information from you which, though innocent in approach and appearance, could be used against you or those you know both at work and play. These people can include your enemies, your competitors, terrorists, criminals or even insiders.
They will be after critical information that they must have for them to achieve success. They may be trying to work out our limitations of who, what, when, where and how. They might want to know personnel or family names or might ask about your security processes.
How do these people get the information? You give it to them, sometimes very easily. They may listen to conversations in public areas, mobile phone calls, they will check social media, web pages and emails. One of the easiest ways is simply to approach you as a stranger and ask a veiled question, we all have vulnerabilities and they know this.
Your job is to protect that information, so that they cannot achieve success. To you the question may appear as being innocent or unclassified, to him it is a jigsaw piece and they will act when the jigsaw is complete.
We can stop this by protecting our communications, being alert, suspicious and aware, we must consider the threat when using the phone, answering strangers’ questions, discussing work in public places and when we engage on social platforms
“Even minutiae should have a place in our collection, for things of a seemingly trifling nature, when enjoined with others of a more serious cast, may lead to valuable conclusion.”