IMO, BMQ = no security risk. What will the enemy find out...how we make beds and what week we learn marching and wheeling in quick time?
TDs, exercises, etc for my community, we are usually ok to do things like not turn off "Location" services on our phones, FB, etc and people will take and post some pics of where we are with no harm or foul on anyone's part - example, Ex Dynamic Manta in Sicily. NATO announces it and its on social media.
OPs - different story. No one 'checks in' to their hotel or country, no pictures go up, social media security is usually a topic during the brief from the ATF Commander or crew commander, etc. I have a lot of pictures from IMPACT, as an example, that will never make their way to FB or any other open source sites.
http://www.forces.gc.ca/en/about-policies-standards-defence-admin-orders-directives-2000/2006-0.page
For purposes of this DAOD, security is the condition achieved when DND and CAF personnel, information, assets and resources are protected against espionage, sabotage, subversion and terrorism, as well as against loss or unauthorized disclosure.
Threats to the DND and the CAF may come from various sources in or outside of Canada. The threats may be overt, covert or clandestine in nature. They may be deliberate, inadvertent or some combination of both. Threats may involve criminality, espionage, insider activity, sabotage or subversion, but negligence, indifference, lack of security awareness or culture, concentration of assets, operational and financial constraints, and ever-changing technology may also contribute to security vulnerabilities. In order to maintain operational effectiveness, vulnerabilities must be continuously examined and monitored in light of existing and emerging threats.
Another good ref is the National Defence Security Orders and Directives (NDSOD). {which replaces both the former NDSI and NDSP]
In it you should find more about OPSEC (Operational Security), PERSEC (Personnel Security) etc.
Accepting Friend requests from anyone you don't know, as a CAF member, is letting someone into your front door in the middle of the night that you don't know, or know their intent. I can call myself Hottie McHotstuff and make my profile picture an attractive lady in a bikini on the beach, when in reality I am more like the troll under the bridge. Do you want the troll to know who you friends and family are, where they work, get pictures of your nieces and nephews, etc? I don't. I lock my stuff down so I am not putting innocent people potentially at risk. :2c:
True story here - during OP IMPACT, a deployed CAF member from my wing didn't have FB locked down very well and had posts on his account that indicated he was in the Middle East on IMPACT, etc. His family was contacted at one point via social media, told that this guy had been injured and in need of medical attention, that required money, etc. It was all BS, BUT whoever was doing it was able to get the mbr's family contact info and send them a plausible story that caused some people to go into a speed wobble.