Which practice does NOT support field OPSEC?

• A. Verify recipients before sharing sensitive information.
• B. Share sensitive data with all staff to ensure transparency.
• C. Minimize sensitive data.
• D. Follow proper authentication.

Answer: (B)

In field OPSEC, protect sensitive information by sharing only with those who need to know and by enforcing controls on who can access it. Verifying recipients before sharing helps prevent sending sensitive details to the wrong person, reducing the chance of leaks. Minimizing sensitive data means you hold and transmit only what’s necessary, which lowers exposure if a message is intercepted or mishandled. Following proper authentication ensures that only authorized personnel can access the information, adding a layer of protection against unauthorized access. Sharing sensitive data with all staff breaks the need-to-know principle, widening who can see it and increasing the risk of leaks or mistakes. That broad, indiscriminate sharing does not support OPSEC.