Cradicle Explorer
OPSEC-OSINT-Tools
/ markdown / good-opsec.md
good-opsec.md
  1  # Here's a list of good operational security (OPSEC) practices for the average person, along with real-world examples:
  2  
  3  See: [badopsec](badopsec.md) for advice on good opsec, can't have good opsec without bad opsec examples.
  4  
  5  Below are for the normies out there.
  6  ------------
  7  
  8  ## Table of Contents
  9  
 10  - [Use Strong, Unique Passwords](#use-strong-unique-passwords)
 11  - [Keep Software Updated](#keep-software-updated)
 12  - [Be Cautious with Personal Information](#be-cautious-with-personal-information)
 13  - [Secure Physical Devices](#secure-physical-devices)
 14  - [Use Secure Networks](#use-secure-networks)
 15  - [Practice Email Security](#practice-email-security)
 16  - [Implement Home Network Security](#implement-home-network-security)
 17  - [Be Mindful of Physical Documents](#be-mindful-of-physical-documents)
 18  - [Use Privacy Settings on Social Media](#use-privacy-settings-on-social-media)
 19  - [Be Cautious with Third-Party Apps](#be-cautious-with-third-party-apps)
 20  - [Practice physical security if you're really paranoid](#practice-physical-security-if-youre-really-paranoid)
 21  - back to [main guide](../README.md)
 22  ---
 23  
 24  ## Use Strong, Unique Passwords
 25  
 26  - Create complex passwords for each account
 27  - Utilize a password manager to keep track of them
 28  - Enable two-factor authentication when available
 29  - Use different usernames inside a password manager
 30  
 31  **Example:** John uses a password manager to generate and store unique 20-character passwords for each of his online accounts, including his email, social media, and banking websites.
 32  
 33  ## Keep Software Updated
 34  
 35  - Regularly update operating systems, applications, and antivirus software
 36  - Enable automatic updates when possible
 37  
 38  **Example:** Sarah sets her smartphone to automatically install security updates overnight, ensuring she always has the latest protections.
 39  
 40  ## Be Cautious with Personal Information
 41  
 42  - Limit the personal details shared on social media
 43  - Be wary of phishing attempts via email or phone
 44  - [self OSINT](../README.md#toolchain-self-osint)
 45  
 46  **Example:** Mike avoids posting his exact birth date, home address, or vacation plans on Facebook to reduce the risk of identity theft or home burglary.
 47  
 48  ## Secure Physical Devices
 49  
 50  - Use screen locks on all devices
 51  - Never leave devices unattended in public places
 52  - for SSD's, encrypt drives if storing DoD (Do or Die) data. [Toolchain discussed here](../README.md#toolchain-recommendations)
 53  
 54  **Example:** Lisa always activates her laptop's screen lock when stepping away, even for a quick coffee break at the office.
 55  
 56  ## Use Secure Networks
 57  
 58  - Avoid using public Wi-Fi for sensitive transactions
 59  - Use a VPN when connecting to unfamiliar networks
 60  
 61  **Example:** Tom uses his smartphone's cellular data instead of the free airport Wi-Fi when checking his bank account while traveling.
 62  
 63  ## Practice Email Security
 64  
 65  - Be cautious of unexpected attachments or links
 66  - Verify the sender's identity before responding to requests for sensitive information
 67  - Be mindful of what is out there, see [people search tools](../README.md#people-search-tools-in-the-states) and [self OSINT](../README.md#toolchain-self-osint)
 68  
 69  **Example:** Emma receives an urgent email claiming to be from her bank. Instead of clicking the provided link, she calls the bank directly using their official phone number to verify the request.
 70  
 71  ## Implement Home Network Security
 72  
 73  - Use a strong password for your Wi-Fi network
 74  - Make sure your network is up to date and not using outdated routers
 75  
 76  **Example:** The Johnson family changes their Wi-Fi password every six months and ensures their router's firmware is always up-to-date.
 77  
 78  ## Be Mindful of Physical Documents
 79  
 80  - Shred sensitive documents before disposal
 81  - Secure important papers in a locked safe or filing cabinet
 82  - practice [physical destruction](physical-destruction.md)
 83  
 84  **Example:** David always shreds credit card offers and old bank statements before putting them in the recycling bin.
 85  
 86  ## Use Privacy Settings on Social Media
 87  
 88  - Regularly review and adjust privacy settings on all platforms
 89  - Be selective about friend requests and connections
 90  - Be mindful of re-using usernames on different sites, see [Digital Profiling examples](Digital-Profiling.md#31-Examples) 
 91  
 92  **Example:** Rachel sets her Instagram account to private and carefully vets new follower requests to control who can see her posts.
 93  
 94  ## Be Cautious with Third-Party Apps
 95  
 96  - Only download apps from official stores (google, apple)
 97  - Review app permissions before installing
 98  
 99  **Example:** Mark carefully reads the permissions requested by a new game app and decides not to install it when he sees it wants access to his contacts and location data.
100  
101  ## Practice physical security if you're really paranoid
102  
103  - Buy a camera
104  - Get a permit to own a firearm, and practice
105  - Get chemical weapons
106  
107  **Example:** Sarah feels unsafe in her neighborhood so she decided to get a camera and a permit for a pistol for home defense, also bought pepper spray to carry on her person.
108  
109  [More discussed here](opsec.md#physical-security-in-opsec)
110  
111  ----
112  
113  By implementing these OPSEC practices, the average person can significantly improve their personal and digital security in everyday life.