Security Intelligence

Security Briefing for Family Members of Executives | CloseProtectionHire

Q: "Why are family members a security vulnerability?"

"Family members -- spouses, partners, children, elderly parents -- are frequently the most accessible and least security-aware individuals connected to a protected executive. They typically have fewer security protocols than the principal, post more openly on social media, maintain more predictable routines, and are not briefed on threat information that affects the household. Hostile actors who cannot approach the principal directly may target family members to obtain intelligence about the principal's schedule, to conduct surveillance from a position the principal's counter-surveillance team is not monitoring, or to create leverage through threats or actual harm to a family member. This is not a theoretical concern -- Control Risks case files include numerous examples of family members being used as access points in surveillance operations and kidnap targeting."

Q: "What should a spouse or partner be briefed on?"

"The security briefing for a spouse or partner should cover: the threat assessment in accessible terms (what the specific risks are, not classified detail), the household emergency protocol (what to do and who to call if they believe the principal is in danger or they themselves are being followed or threatened), social media discipline (what not to post, which information about the household or the principal's travel should not appear online), the verified caller protocol for the home (not providing schedule information to unfamiliar callers, the verification procedure), travel security when the principal is absent, and the contact chain for the security team or security manager. The briefing should be proportionate to the threat level -- a low-threat corporate executive's partner does not need the same briefing as the partner of a senior government official in a high-risk country."

Q: "How should children be briefed on security without causing anxiety?"

"Age-appropriate security awareness for children is possible without creating fear. For younger children (under 10), the concepts are simple: do not tell anyone you do not know where Mum or Dad works, do not accept lifts from anyone who has not been specifically cleared, tell a trusted adult immediately if you feel uncomfortable or are approached. For older children (10-16), a slightly more detailed briefing covers: who can pick them up (a confirmed list, with a code word for anyone not on the list), what not to post on social media about home address, family location, or routine, and who to call in an emergency beyond 999. Older teenagers can understand the concept of social media operational security at a level that protects the family without requiring detailed threat briefings. The key is that security protocols are presented as normal family procedures, not as responses to imminent danger."

Q: "How should domestic staff be managed from a security perspective?"

"Domestic staff -- housekeepers, nannies, cooks, gardeners, personal shoppers -- have significant access to the executive's residence, family, and daily routine. They are potential vectors for both deliberate hostile intelligence access and inadvertent information leakage. The security controls applicable to domestic staff are: background vetting before employment (see our security vetting guide), a clear understanding of what information is not to be shared outside the household (visitor identities, travel dates, daily routine), social media discipline (domestic staff should not photograph or film inside the residence or post information about the household), and a reporting protocol if they observe suspicious activity outside the residence or receive unusual calls or approaches. They should also be briefed on the access control protocol -- who may enter the residence, who is pre-authorised, and the procedure for unfamiliar callers at the door."

Q: "What is the family emergency protocol and how is it established?"

"A family emergency protocol is a pre-agreed, documented set of actions and contacts that any family member can follow if a security incident occurs. It covers: who to call first (security manager, close protection team leader, K\u0026R insurer line if relevant), when to call police, what information to provide and what to withhold, where to go if evacuation from the residence is required, and the communication method to use (which phone, which app). The protocol also includes a family code word system -- a single word that, if used in any communication with a family member, signals that the speaker is under duress and the family member should not follow instructions but should contact the security team immediately. The protocol should be rehearsed, not just written -- an annual walk-through with all adult family members ensures it is understood before an incident rather than read for the first time during one."

Family members who are not the protected principal are often the weakest point in an executive's security. This guide covers spouse briefings, child protocols, domestic staff, and emergency procedures for households.

1 May 2026

Written by James Whitfield, Senior Security Consultant

Speak to the Team

A close protection programme that covers the executive’s working day and travel but leaves their family without security awareness is a programme with a well-defined gap. Family members are predictable, accessible, and typically far less briefed on security than the principal they are connected to.

This does not mean every executive’s family requires close protection. What it means is that every executive’s security programme should include a proportionate family briefing: one that calibrates to the actual threat level, covers the specific vulnerabilities that family members represent, and gives each family member the protocols they need to function as informed participants rather than gaps in the system.

This guide covers the family security briefing in practice: what each family member needs to know, how to brief children without causing anxiety, domestic staff management, social media discipline, and the family emergency protocol.

The family as an intelligence target

Hostile actors targeting an executive have limited options. A properly briefed executive with a CP team, counter-surveillance awareness, and a variable routine is harder to approach directly than most people imagine. The family represents an easier access point.

The specific vulnerabilities:

Social media. A spouse who posts holiday photos geotagged at the family home, a teenager who names their school and posts photos in uniform, a child’s birthday party invitation circulated to a wide contact list with the home address – all of these create an intelligence picture that the executive’s own social media discipline cannot neutralise.

Predictability of family routines. School drop-offs, grocery runs, sports practices, the family’s regular weekend activities – these routines are far more predictable than the executive’s own schedule and may be observed without the executive’s knowledge or the CP team’s counter-surveillance detection.

Accessibility. A hostile actor who cannot approach the executive directly can approach a family member. A call to the residence claiming to be a school, a hospital, or an emergency service will typically receive a more open response from a family member than from the executive.

Leverage. In KFR environments, family members who are less protected than the principal are potential leverage. This is documented in Control Risks and Kroll case files – attackers have approached family members to obtain the principal’s schedule, or have threatened family members to create pressure on the principal.

The spouse or partner briefing

The briefing for a spouse or partner should be structured, honest, and calibrated to the actual threat level. Overstating the threat creates anxiety. Understating it leaves them uninformed. The components:

Threat summary in accessible language. The specific categories of risk relevant to the household – which might be as specific as kidnap risk in a particular country the executive travels to, or as general as the possibility that someone might approach the family to obtain schedule information. Not classified threat intelligence, but enough to understand why the protocols exist.

The verified caller protocol. Anyone calling the residence and asking for the executive’s schedule, travel dates, or home details should be treated with the same verification standard as described in the executive PA security briefing: do not provide information to unfamiliar callers, ask for a name and number and call back through a verified number. A plausible story from a stranger does not override this protocol.

Social media discipline. Which categories of information should not appear online: home address, home exterior photos, school names, regular family locations, the executive’s travel dates, and the family’s own holiday dates and locations.

The contact chain. Who to call and in what order if a security concern arises – the security manager, the CP team leader, the K&R insurer’s 24-hour line if relevant, and when to call police. The spouse should have these numbers stored on their phone independently, not only in the household shared contacts.

The code word system. A pre-agreed single word that, if any family member uses it in conversation, signals they are under duress and the listener should not follow instructions but contact the security team. The code word should be ordinary enough to insert naturally into a sentence but specific enough that its use is unambiguous.

Briefing children

Children can hold and act on security protocols if those protocols are age-appropriate and presented as normal family procedures rather than responses to imminent threat.

Under 10. Three simple rules: do not tell anyone you do not know where your parents work, only get in a car with someone on the pre-approved list, and tell a trusted adult immediately if someone approaches you who makes you feel uncomfortable. Practise these as games, not as threat briefings.

Ages 10-14. Add the code word system (a word they can say to a parent to signal they need help), a clear explanation of social media rules for the family (not posting home details, location, or school), and the emergency contact number they should call if they cannot reach a parent.

Ages 14 and over. A more complete briefing that includes the concept of social media operational security, what not to share about the family with new acquaintances, the pickup authorisation protocol (verified contacts list, code word for anyone not on the list), and the full emergency contact chain. Older teenagers are capable of understanding that their social media profile can create a security risk for the family without needing to understand the specific threat.

Domestic staff security management

Housekeepers, nannies, cleaners, gardeners, and personal assistants in the household have access to the residence, the family, and the daily routine. The following controls are proportionate for households at elevated threat levels:

Background vetting before employment. Identity verification, employment history, criminal record check, and references confirmed directly with previous employers. For the full vetting standard, see our security vetting and background checks guide.

Information discipline brief. A clear verbal briefing (and where appropriate, a written agreement) on what information is not to be shared outside the household: visitor identities, the executive’s schedule, travel dates, the household alarm code, and vehicle details.

Social media policy. No photography or filming inside the residence. No posts mentioning the household, the family, or the address. This policy should be explicit, discussed on employment, and reflected in the contract where applicable.

Access control. Domestic staff should not independently admit visitors to the residence during the executive’s absence. An agreed protocol for deliveries, maintenance visits, and unexpected callers protects against social engineering attacks on the household through a less-briefed household member.

The family emergency protocol

The family emergency protocol is a pre-agreed set of actions, contacts, and communication methods for use if a security incident occurs involving any family member. It is not a crisis management plan for a corporation – it is a practical set of instructions that a panicking family member can follow.

Components:

The contact chain in order – security manager, CP team leader, K&R insurer line if relevant. When to call 999 and what to say to police about who handles the incident.

Where to go if evacuation from the residence is required – a pre-agreed safe location (trusted family member, hotel, alternative property). The route to this location and the communication method to use in transit.

What to say if media contact occurs – the security team handles communications, family members do not comment.

The code word and what it triggers – if used by any family member, the listener does not follow instructions but contacts the security team.

The protocol should be rehearsed annually with all adult family members. A written version should be kept by each adult family member on their phone, not only in a home folder.

For the residential security controls that protect the physical environment the family occupies, see our residential security for executives guide. For the child-specific protection protocols relevant to higher-threat environments, see our protecting children of high-net-worth families guide. For the complete family protection security framework – school run security, EXIF metadata and digital footprint management, online safety for children of public figures, school safeguarding integration, domestic staff vetting for child supervision roles, and close protection deployment calibration by threat level – see our family and children protection security guide. For the vetting and management of domestic staff – including DBS check levels, employment history verification, NDA enforceability under PIDA 1998, information discipline briefing, device policy for floor staff, and departure protocols – see our domestic staff security vetting guide.

Sources

Control Risks: Family Security in the Context of Executive Protection, 2024. Kroll: Residential and Family Security Briefing Standards, 2024. CPNI: Protective Security Guidance for Families of Senior Officials, Centre for the Protection of National Infrastructure, 2023. OSAC: Personal Security Briefings – Family and Household Edition, 2024. ASIS International: Protection of Assets – Residential and Family Security Chapter, 2024. National Society for the Prevention of Cruelty to Children (NSPCC): Child Online Safety Guidance, 2024.

Summary

Key takeaways

The family security briefing is a component of the principal's security programme, not an add-on

A security programme that protects the principal at work and in transit but leaves their family unaware of security protocols has a significant gap. The household is a fixed, predictable location that is not under the CP team's direct observation most of the time. Family members who are aware of relevant protocols, understand the threat in accessible terms, and know who to contact in an emergency extend the security architecture rather than bypassing it.

Social media discipline in the family is the most commonly exploited gap

The executive who does not post their home address or travel dates on social media is undermined if their spouse posts a holiday photo geotagged at the family home, or their child's school Instagram account shows the school uniform and names the local area. Family social media discipline -- what not to post, what not to geotag, what privacy settings to apply -- is a practical, low-cost security measure that can close a significant intelligence gap.

Children can be briefed effectively without causing fear if the language is age-appropriate

Security awareness for children does not require sharing threat intelligence with a twelve-year-old. Simple, practised protocols -- the code word for authorised pickup, not sharing home details online, who to call if uncomfortable -- can be presented as normal family procedures. Children who know these protocols without understanding why are still meaningfully more protected than children with no briefing.

Domestic staff vetting and briefing is not optional for households with elevated threat profiles

An executive with a comprehensive travel security programme who employs an unvetted housekeeper and shares a detailed weekly schedule on the household noticeboard has an unmanaged information exposure. Background vetting, a clear information-handling brief, and social media discipline for domestic staff are proportionate controls for households at elevated threat levels.

The family emergency protocol works only if all members know it

A written emergency protocol in a folder no one has read is not a protocol -- it is a document. The protocol must be communicated to all adult family members, rehearsed at least annually, and updated when the household composition, the principal's threat level, or the contact chain changes. The code word system is particularly important -- a family member who has never heard the code word will not recognise it under stress.

FAQ

Frequently Asked Questions

Family members – spouses, partners, children, elderly parents – are frequently the most accessible and least security-aware individuals connected to a protected executive. They typically have fewer security protocols than the principal, post more openly on social media, maintain more predictable routines, and are not briefed on threat information that affects the household. Hostile actors who cannot approach the principal directly may target family members to obtain intelligence about the principal’s schedule, to conduct surveillance from a position the principal’s counter-surveillance team is not monitoring, or to create leverage through threats or actual harm to a family member. This is not a theoretical concern – Control Risks case files include numerous examples of family members being used as access points in surveillance operations and kidnap targeting.

The security briefing for a spouse or partner should cover: the threat assessment in accessible terms (what the specific risks are, not classified detail), the household emergency protocol (what to do and who to call if they believe the principal is in danger or they themselves are being followed or threatened), social media discipline (what not to post, which information about the household or the principal’s travel should not appear online), the verified caller protocol for the home (not providing schedule information to unfamiliar callers, the verification procedure), travel security when the principal is absent, and the contact chain for the security team or security manager. The briefing should be proportionate to the threat level – a low-threat corporate executive’s partner does not need the same briefing as the partner of a senior government official in a high-risk country.

Age-appropriate security awareness for children is possible without creating fear. For younger children (under 10), the concepts are simple: do not tell anyone you do not know where Mum or Dad works, do not accept lifts from anyone who has not been specifically cleared, tell a trusted adult immediately if you feel uncomfortable or are approached. For older children (10-16), a slightly more detailed briefing covers: who can pick them up (a confirmed list, with a code word for anyone not on the list), what not to post on social media about home address, family location, or routine, and who to call in an emergency beyond 999. Older teenagers can understand the concept of social media operational security at a level that protects the family without requiring detailed threat briefings. The key is that security protocols are presented as normal family procedures, not as responses to imminent danger.

Domestic staff – housekeepers, nannies, cooks, gardeners, personal shoppers – have significant access to the executive’s residence, family, and daily routine. They are potential vectors for both deliberate hostile intelligence access and inadvertent information leakage. The security controls applicable to domestic staff are: background vetting before employment (see our security vetting guide), a clear understanding of what information is not to be shared outside the household (visitor identities, travel dates, daily routine), social media discipline (domestic staff should not photograph or film inside the residence or post information about the household), and a reporting protocol if they observe suspicious activity outside the residence or receive unusual calls or approaches. They should also be briefed on the access control protocol – who may enter the residence, who is pre-authorised, and the procedure for unfamiliar callers at the door.

A family emergency protocol is a pre-agreed, documented set of actions and contacts that any family member can follow if a security incident occurs. It covers: who to call first (security manager, close protection team leader, K&R insurer line if relevant), when to call police, what information to provide and what to withhold, where to go if evacuation from the residence is required, and the communication method to use (which phone, which app). The protocol also includes a family code word system – a single word that, if used in any communication with a family member, signals that the speaker is under duress and the family member should not follow instructions but should contact the security team immediately. The protocol should be rehearsed, not just written – an annual walk-through with all adult family members ensures it is understood before an incident rather than read for the first time during one.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.