Everyday OPSEC

Your personal information has value—to criminals, companies, anyone watching—and every detail you share increases your exposure. I’ve been through operational security (OPSEC) training more times than I can count, years of it drilled into me by the DoD.

It’s not just for military and government agencies; it’s a system that works for anyone willing to use it.

This isn’t about abstract theories either—it’s about five concrete habits, backed by real cases, that you can start today to take control. It also does not require extensive “technical” skill with computers or technology.

What I’m referring to is OPSEC. Or Operations Security. Keeping yourself (and your operations) safe by controlling what you share.

The Risk: Small Details Add Up

I learned early: you don’t need to spill everything for someone to figure you out. In 2018, a fitness app called Strava proved it. Soldiers tracked their runs, uploading data to a public heatmap. Analysts saw the patterns—dots clustering in Syria and Afghanistan—and matched them to satellite imagery, exposing military bases. For you, it’s not bases at risk; it’s your home, your routines, your accounts. The lesson stuck with me: what you share gets used.

Practice 1: Cut Back Online Information

First thing training taught me—figure out what matters and keep it quiet. Your birthdate, where you sleep at night, family details? They’re gold to someone building a profile. In 2021, a phishing crew pulled birthdates and hometowns from social media, cracked bank security questions, and emptied accounts.

Action: Open X, LinkedIn, Instagram (whatever you use) right now. Delete your birth year, home address, and personal email that you also use for banking.

Less data out there means less to grab.

Practice 2: Set Up Privacy Controls

Training always hammered this: lock down who sees what.

• On Facebook, go to Privacy Settings and switch posts to “Friends Only.”

• On X, hit “Privacy and Safety” and turn off location tagging.

We saw it play out in 2020 when a politician’s Instagram Stories tagged hotels automatically, letting a journalist track his week.

Action: Take 15 minutes today. Check Google, apps, every platform you use. Restrict access. I do it twice per year—updates mess with settings.

Practice 3: Shield Sensitive Data

Be deliberate with things like your address or phone number. I’ve seen how leaks stack up. In 2019, a hotel chain sent unencrypted booking emails. A hacker snagged one, cloned an account, and took $10,000 in rewards.

Action 1: Incorporate secure technology. Use Signal (or similar app). It encrypts everything. If you must share, split it—street in one message, city in another. Make it harder to piece together.

Action 2: Use alias information. When you go to the barber to get a hair cut, you CAN create a profile when they ask, but you’re not obligated to provide your real name or address… For the barber shop, you can be “Ben Thompson” who has a generic email address. Yes, they want you to sign up for “birthday rewards.” This is to vacuum in your personal data so they can sell it (i.e., you lose control). Use any date other than your real birthday.

Practice 4: Use Strong Passwords

Weak passwords are a rookie mistake—I learned that fast early on. Verizon’s 2023 report said 81% of breaches tied back to them. Someone I know used “Summer2020” for email and banking; one leak later, their savings were gone.

Action 1: Get ProtonPass, Bitwarden, or 1Password. Make 16+ character passphrases for your accounts today. Unique for every account. It’s a pain, but it works.

Action 2: Check out my article on strong credentials where I break it down into understandable pieces.

Practice 5: Check Settings Regularly

Training was relentless about this: keep assessing. Threats shift. In 2022, a TikTok update flipped private videos public. Users didn’t catch it until strangers chimed in.

Action: Set a regular reminder. Log in, review who sees your stuff, adjust. After Strava, the DoD tightened up. I’ve made it a habit too—catch slip-ups before they bite.

Change Your Mindset: See What They See

Years of training boiled down to this: imagine what someone could learn from you.

A vacation post? Your house is empty. A geotagged photo? You’re there now. Assume they’re watching.

Everyday habits like eliminating oversharing, setting controls, shielding data, strong passwords, and regular checks break their ability to build a clear picture.

You’re not hiding; you’re staying ahead.

Build It Step by Step

Take it from me: start small. Clean your X profile today. Adjust one more account tomorrow. It’s not instant—it’s steady. Post-Strava, we didn’t ditch fitness apps; we got smarter. You can too. Reduce the info. Control the access. Protect the details. Secure the accounts. Monitor it all. That’s how you win.

Protect What’s Yours

Habits get you started, but a full strategy seals the gaps. At Marathon Security Consulting, we turn years of OPSEC experience into practical fixes for you—executives, families, businesses. We map your risks and deliver solutions that stick. Schedule a 30-minute consult to pinpoint and stop your threats. Security isn’t luck, it’s action. Take it now.

Elevate the Cybersecurity Skills of Your Staff with our Security Mentor Service!

Need security but don’t have a budget for dedicated staff?

Our Security Mentor Service offers personalized guidance, expert insights, and individualized sessions to build your security internally. Reducing risk and saving money on contractors and managed services by empowering you or your staff.

Start today and unlock potential, boost security, and provide value to your team!