COVERT Protocol

A methodology combining OPSEC principles with the CIA Triad to equip you with both the strategic mindset and practical tools needed to increase security, reduce vulnerabilities, and enhance personal privacy in both digital and physical realms.

C Control
O Obfuscate
V Verify
E Encrypt
R Reduce
T Track

The Methodology

Our methodology of combining OPSEC principles with the CIA Triad aims to merge the operational process used by the military and intelligence community with the data protection and digital security best practices of the cybersecurity industry. By using these two frameworks in tandem, this process aims to equip users with both the strategic mindset as well as the practical tools needed to increase security, reduce vulnerabilities, and enhance personal privacy in both the digital and physical realms.

Take Action

Six foundational steps to secure your digital life

Action #1

Implement a Password Manager

Set up a password manager to store and generate strong, unique passwords for all your online accounts. Decide whether you want a cloud-based (online) vault that syncs across devices, or a local/offline vault stored only on your own devices.

Steps:

  1. Pick one: Pick a password manager tool and install it on your primary devices.
  2. Set a strong master password: Create a long, complex, and unique master password/passphrase and don't reuse it anywhere!
  3. Populate the passweord manager: Begin adding your online account credentials to the vault.
  4. Audit old weak passwords: Replace old passwords with long random passwords then save it in the vault.
  5. Backup your password database:Make regular encrypted backups of the vault to an external drive and store it in a secure location.

Recommended Tools:

KeePassXC Bitwarden ProtonPass
Action #2

Audit and Secure Your Financial Accounts

Audit and secure your financial accounts. Make sure all your bank, credit card, and investment accounts are locked down, under your scrutiny, and protected against unauthorized access and fraud.

Steps:

  1. Audit each account and update the passwords to strong and unique passwords. Never reuse passwords!
  2. Sign up for a masked credit card service and remove your debit card from any and all online sites. Pro Tip: cancel your current debit card and get a new one issued.
  3. Set up account activity and transaction alerts to get notified by email or SMS whenever there is a login, password change, withdrawal, or purchase.
  4. Avoid accessing financial accounts on public or untrusted networks. Always use secure Wi-Fi or your own private internet connection.
  5. Consider removing banking apps from your phone and accessing them via browser on your home computer.

Recommended Tools:

Privacy.com IronVest KlutchCard
Action #3

Implement MFA Wherever Possible

Implement multi-factor authentication (MFA) on every account, using the strongest method available with a graduated approach.
Basic: SMS or email codes  |  Better: Authenticator apps  |  Best: Hardware key

Steps:

  1. Audit all important accounts (email, banking, cloud storage, social media, password manager) to check whether MFA is supported.
  2. Enable MFA on every account that supports it, starting with financial accounts and moving down the levels of importance.
  3. Backup recovery codes: If using an authenticator app or hardware key, save backup/recovery codes securely (in case you lose your phone or key).
  4. Upgrade MFA method: For accounts using SMS/email 2FA consider upgrading to a stronger method when available, especially for sensitive accounts.
  5. Test your MFA method: Test the MFA setup by logging out and logging back in to confirm that the second factor works as expected.

Recommended Tools:

Authy Proton Authenticator Yubikey
Action #4

Harden Your Communications and Services

Strengthen the security and privacy of your digital communications (messaging, email, cloud data) so that only intended recipients can access them and so that third parties cannot intercept or read your messages or files. This means switching to encrypted channels, reducing unwanted exposure, tightening service settings, and avoiding insecure or legacy protocols.

Steps:

  1. Switch to encrypted messaging platforms: Replace default SMS/text or unencrypted chat apps with services that provide end-to-end encryption (E2EE).
  2. Use secure email services: Choose email providers with strong encryption by default (like Proton Mail or Tuta), and enable encryption features where possible.
  3. Encrypt files before cloud storage: Use cloud services or tools that perform client-side encryption (zero-knowledge encryption) so data is encrypted before it leaves your device.

Recommended Tools:

Signal Proton Mail Proton Drive Tuta Sync.com
Action #5

Audit Your Social Media Accounts

Audit your social-media exposure, review all your public or private social-media accounts and online profiles; check what personal information (photos, posts, bio data, connections) is visible; then remove, reduce, or restrict exposure of anything risky or unnecessary.

Steps:

  1. Make a full list of every social-media profile or public/social online account you've ever created (active or dormant). Include mainstream platforms and smaller/less-used ones.
  2. Visit each account and carefully examine what can be seen publicly: profile pictures, bio information (name, location, birthdate, contact info), past posts, comments, photos, tags, friend lists.
  3. Adjust privacy and visibility settings on each account so that only trusted contacts (friends/followers) can see sensitive content. Delete, lock down or hide: personal details, contact info, location data, old posts.
  4. Remove or deactivate any accounts you no longer use, or that you don't want publicly visible. Dormant accounts may still leak personal data.
  5. Scan for "people-search" or public-record sites listing you (or old usernames/email) check what information about you is exposed outside social media.
  6. Periodically repeat the audit (every 3–6 months) privacy settings and platform defaults can change; content from connections (tags, shares) or old posts may re-expose you.

Recommended Tools:

Your time & diligence
Action #6

Audit & Secure Your Children's Online Activity

First of all, you are not your kids' best friend—you are their protector and last line of defence against all the threat actors lurking in the dark corners of the Internet. Your children and your family's security and privacy are your responsibility. They don't have the ability or capability to do it themselves. From understanding the threats present in video games and online forums, to establishing family security procedures and social media rules—this action covers what every parent needs to know.

Steps:

  1. Restrict social media access until a determined age. Every family is different. This prevents a lot of abuses of social media and protects your children from the start.
  2. Secure existing accounts. If social media is already in use, go into every app and ensure passwords are protected, parental controls on, privacy engaged, location disabled. If the app has a teen account feature (like Instagram), ensure it is enabled. Delete misused apps and scrub all accounts for visible PII.
  3. Parents and kids follow each other. No secrecy. No posting things parents cannot see. Non-negotiable. Kids also cannot follow people they do not personally know.
  4. Schedule regular security discussions. Set a predetermined time every week or month to discuss social media with your child. Messages will be viewed, friends lists scrubbed, and discussions on correct use of social media had.
  5. Use a parent monitoring device. Consider having a separate device logged into your child's account that is accessed only by the parent for ongoing oversight.

Recommended Tools:

Google Family Link Qustodio Bark Circle Home Plus

Ready to Take Control?

Start with one action today. Small steps lead to big changes in your security posture.

Subscribe to the Podcast