Hoppseoy® RETURN TO BASE
THREAT BRIEFING OPSEC

Proactive Cybersecurity for Individuals

For anyone with a public profile, valuable assets, or adversaries — personal cybersecurity is not a technical hobby. It is an operational necessity. This is where to start.

Start with a Digital Footprint Audit

Before hardening anything, you need to understand what an adversary already knows about you. Your digital footprint is the reconnaissance dataset your opponents work from — and most people have no idea how comprehensive it is.

Conduct a systematic audit across these surfaces:

  • Data brokers: Sites like Spokeo, Whitepages, BeenVerified, and dozens of others aggregate personal data — address history, phone numbers, relatives, court records. Search your name and request removal where possible.
  • Social media: What does your posting history reveal about your location, routine, relationships, financial status, and security habits? Audit privacy settings on every platform.
  • Breach exposure: Use Have I Been Pwned to identify which of your email addresses and credentials have appeared in public breach datasets. Every exposed address is a potential attack vector.
  • Public records: Property records, court filings, business registrations, and voter registrations can expose your address and other identifying details, often with no opt-out option.
  • Old accounts: Dormant accounts on platforms you no longer use are unmonitored attack surfaces. Find and delete them.

Your footprint is your adversary's starting position. Every piece of information you remove is reconnaissance they now have to work harder to obtain.

Device Hardening

Your devices are the most direct path to your data, accounts, and communications. Hardening them is not optional.

  • HIGH Enable full-disk encryption. FileVault on macOS, BitLocker on Windows, and storage encryption on iOS/Android are all effective. A stolen device should yield nothing.
  • HIGH Keep everything updated. The window between a vulnerability being patched and being exploited is shrinking. Unpatched devices are the most consistently successful attack vector.
  • HIGH Strong lockscreen PIN/passphrase. Biometrics are convenient but can be compelled. A strong PIN is the fallback that matters in adversarial scenarios.
  • MED Disable unused services. Bluetooth, AirDrop, and WiFi auto-connect when you don't need them are unnecessary exposure. Turn them off by default.
  • MED Use a privacy-respecting browser and DNS. Your browsing behaviour and DNS queries reveal a great deal. A hardened browser profile with a reputable encrypted DNS resolver is a meaningful improvement.

Identity & Access Management

How you manage credentials and account access determines your exposure when — not if — something in your environment is compromised.

  • HIGH Password manager, unique passwords everywhere. Credential reuse is the primary reason account compromises cascade. Every account gets a unique, generated password stored in a reputable manager.
  • HIGH FIDO2 hardware keys for critical accounts. Hardware security keys are the only 2FA method that cannot be phished. Email, banking, and primary identity accounts should be protected with one.
  • HIGH Avoid SMS 2FA where alternatives exist. SIM swapping attacks are well-documented and actively used. Switch high-value accounts to TOTP or hardware keys.
  • MED Account compartmentalization. Your primary email account, banking, and high-value services should not be linked to casual services. Separate identities for separate risk tiers.
  • MED Breach monitoring. Set up alerts on Have I Been Pwned for your active email addresses. When credentials are exposed, rotate them immediately — not eventually.

Behavioral OpSec

Technical hardening protects your systems. Behavioral OpSec protects the intelligence you generate through your own actions. The two are equally important and most people only address one.

  • Routine patterns are intelligence: Posting your location, check-ins, travel plans, or daily schedule publicly creates a predictable pattern that can be exploited physically and digitally.
  • Metadata in files and photos: Images taken on modern phones contain GPS coordinates, device model, and timestamp in EXIF data. Strip metadata before sharing sensitive images. Documents carry authorship and revision history.
  • Be intentional about what you share: Every post, tag, like, and reaction is a data point. Aggregated across time, it builds a detailed behavioural profile. Ask who sees this and what does it tell them.
  • Compartmentalize online identities: Deliberately link personal and professional identities only where it serves a purpose. Unintentional correlation is a common exposure vector for high-profile individuals.
  • Communications channels matter: Not all messaging apps are equal. For sensitive communications, use an end-to-end encrypted messenger with disappearing messages, minimal metadata, and no cloud backup of message content.
ALL BRIEFINGS RETURN TO BASE