Personal Security (PERSEC) Checklist
OPSEC for The Self
Personal security is a baseline. Define what matters, reduce exposure, and keep exits. The goal is to deny easy access in the streets and online.
Effective security is layered for a reason. When one layer fails, the next one still buys you time.
1) Threat Model Your Routine
Start by identifying what you can’t afford to lose - identity, money, access, reputation, and time. Map your predictable patterns (routes, stops, posting habits, and weak transitions) then rank risks by likelihood and impact. Apply controls to the highest-risk behaviors first, not the most dramatic ones.
Write your top 3 assets and top 3 likely threats on one note. If you can’t name them fast, you’ll secure the wrong things.
2) Secure Your Phone and Core Accounts
Treat your primary email and phone number like master keys. Use a password manager, unique long passwords, and strong MFA (authenticator app or security key) across critical accounts. Lock down carrier controls and recovery settings so “reset” isn’t the easiest path in.
Lock down your primary email first, because every other account recovery usually routes through it.
3) Reduce Your Digital Exhaust
Assume your online traces describe your habits better than you do. Stop broadcasting real-time location, tighten social visibility, and strip needless permissions from apps. Separate “public” sign-up identities from private financial and administrative identities.
Don’t post where you are. Post where you were, and only after you’ve moved.
4) Build a Head-Up Movement Habit
Most people get caught off guard during transitions because they’re task-loaded. Use micro-pauses at exits, doors, parking areas, and entry points to scan for anomalies and spacing problems. Stay calm and adjust early, distance is the first tool.
Use “pause points” (doorways, curbs, elevator exits) to scan without looking like you’re scanning.
5) Maintenance as a Monthly Standard
Security decays unless you maintain it. Run a short monthly check with updates, login audits, permission reviews, backup tests, and home perimeter fixes. Consistency beats intensity here.
Tie your monthly security check to a fixed trigger you already do such as rent or bills day.
6) Home Security as a Layered System
A secure home is built to deter, delay, detect, and respond. Strengthen doors and windows, improve lighting and visibility, then add dependable alarms and coverage on approach paths. Keep a simple family plan for night events so everyone moves with control.
Secure the door you use most (garage/side/sliding) before you spend money on cameras.
7) Resilience for Bad Days
Security fails hardest when you’re tired, injured, or offline. Keep backup access to money, critical documents, and communications in more than one form. Plan rendezvous points and a check-in method so you’re not inventing decisions mid-crisis.
Keep one offline sheet with key contacts and account recovery steps, because phones fail at the worst time.
8) Financial Friction and Identity Lockdown
Fraud is fast once it starts, so your defense has to be faster. Freeze credit where applicable and turn on instant alerts for transactions and account changes. Use dedicated channels for finance and minimize where your real card data is stored.
Set bank alerts for any transaction and any profile change, not just large purchases.
9) Anti–Social Engineering Rules
Most attacks are persuasion with a deadline. Set a rule: you never comply with inbound urgency without verification through a channel you choose. When it feels rushed, slow it down and confirm.
Your default response to urgency is “I’ll call you back,” then you use a known number.
10) Travel Like You’re Observable
Travel increases exposure because you’re unfamiliar, distracted, and predictable. Keep devices with you, verify rides and entries, and avoid unknown networks and charging points. Pre-decide your standards so fatigue doesn’t rewrite your judgment.
Use a dedicated burner “travel” device profile and treat all public Wi-Fi as hostile until verified.
11) Vehicle and Key Discipline
Your car is a mobile inventory list and a route diary. Keep identifiers, documents, and access tools out of the cabin and out of sight. Build a habit of scanning before unlock and securing gear before you arrive, not after you park.
If it has your address on it, it doesn’t live in your car, ever.
12) Account and Device Recovery Planning
A strong lock without a recovery plan becomes a self-own. Store recovery codes offline, maintain backups you can actually restore, and keep device tracking and wipe options ready. If compromise is suspected, rotate credentials from a clean device and revoke sessions immediately.
Practice a restore at least once, because an untested backup shouldn’t be relied on during an emergency recovery.
13) Boundaries and De-escalation
Many threats start as social pressure, not violence. Use short scripts, disengage early, and move interactions into public, staffed spaces when behavior shifts. The objective is to preserve options, not win the exchange.
When behavior shifts, move toward light, staff, and cameras - distance plus witnesses can be powerful.
14) Home Network Hardening
Your router is more like an infrastructure than a single gadget. Update firmware, disable weak convenience features, lock admin access, and use modern Wi-Fi encryption with separate guest and IoT networks. Periodically audit connected devices and remove anything you can’t account for.
Disable WPS, update firmware, and put smart-home devices on a guest/IoT network by default.
15) Paper Trail and Disposal Control
Paper still opens doors, often the wrong ones. Reduce inbound mail, secure delivery, and shred anything with identifiers or account details. Dispose of old electronics with deliberate data destruction, beyond basic deleting.
Shred anything that links name + address + account, because that combo is a starter kit for fraud.
16) Browser Attack Surface Reduction
Most compromise starts where you click and authenticate. Keep extensions minimal, update automatically, and use separate browser profiles for high-value accounts versus general browsing. Log out of sensitive sessions and avoid storing credentials in the browser if you use a password manager.
Keep one “clean” browser profile with zero extensions for banking and core accounts.
17) Physical Access Wins
If someone can hold your device, your digital posture collapses fast. Use strong locks, short auto-lock timers, encrypted storage, and minimal lock-screen previews. Control the device in public like it’s a credential, because it is.
Turn off lock-screen previews, because information leakage is a compromise before the compromise.
18) Deny Recovery Abuse
Account takeover often comes through reset flows, rarely through brute force. Reduce recovery pathways, remove old numbers and emails, and harden carrier port controls. Keep backup access offline so you’re not dependent on a single device.
Remove old recovery emails/phones today, because stale recovery paths are the easiest takeover route.
