Security Awareness Briefing for Principals | CloseProtectionHire

The single most common reason that close protection plans fail in practice is not threat actor sophistication. It is principal non-compliance. The executive who tells their driver to take the usual route because they are running late. The principal who accepts a last-minute meeting invitation from an unvetted contact without informing the team. The family member who posts photographs that include address details. The senior partner who uses hotel Wi-Fi for confidential client communications because it is more convenient.

These are not hypothetical scenarios. They are the recurring features of security incident reports across the industry. And they are all, in principle, preventable through a well-delivered security awareness briefing.

The briefing is the mechanism by which the close protection team and the principal establish a shared understanding of the threat, a shared framework for behaviour, and a working relationship in which the principal is a participant rather than a passive subject.

What the Briefing Is Not

A security awareness briefing is not a lecture. It is not a list of prohibitions. And it is not an opportunity to demonstrate the team’s knowledge of every conceivable threat scenario.

Briefings delivered in those modes – and they are common – produce one consistent outcome: a principal who has stopped listening, who regards the security team as a source of bureaucratic inconvenience, and who applies the briefing’s contents selectively if at all.

The effective briefing is a conversation. It explains the threat in terms the principal can assess, explains what the team needs from the principal to do its job, and invites the principal to identify areas where the proposed framework creates problems they need to work around.

Structure of a Principal Security Briefing

1. Threat Assessment Summary

The opening section addresses the question the principal actually cares about: why is this security programme necessary? The answer is a calibrated summary of the threat assessment – not the full document, not a classified briefing, but a clear description of:

• What threat actors have been identified as relevant to this principal
• What their assessed capability and intent are
• What specific incidents or intelligence inform this assessment
• What the threat assessment means for the principal’s specific activities

The threat assessment summary should be honest about what is known and what is inferred. Overstating the threat to justify a security programme undermines credibility. Understating it produces under-compliance.

2. What the Team Needs From the Principal

This section is often omitted from briefings and it is the most operationally important part. The team’s effectiveness depends on:

Advance notice of schedule changes: The team plans for what it knows. An unplanned deviation – whether a route change, a stop not on the itinerary, or an unexpected meeting – removes the team’s ability to advance the venue, assess the environment, and position appropriately. The ask is simple: any change to the agreed plan should be communicated to the team before it happens, not during.

Honesty about contacts and relationships: If the principal has a personal relationship with someone who appears in the threat assessment, the team needs to know. If they receive unusual contact – an approach they cannot explain, a message from an unknown source – the team should be told. The protective intelligence function relies on the principal as a source.

Notification before any unplanned public communication: A social media post that discloses location, travel plans, or upcoming events is intelligence for a hostile actor planning pre-operational surveillance. Before posting anything that includes location or schedule information, the principal should check with the team.

3. Digital Discipline

The NCSC’s surveys of executive security practices consistently identify personal digital behaviour as the highest-frequency vulnerability. The briefing covers:

Social media: Location tagging, check-ins, and posts containing identifiable backgrounds should not be made in real time. Posted with a delay, without location data, they carry significantly lower risk. The principal’s family members need the same briefing on their own social media behaviour.

Communications security: Sensitive commercial or personal communications should not be conducted over unencrypted channels. The briefing explains what the organisation considers sensitive, what channels are approved for sensitive communication, and why hotel Wi-Fi and personal email are not appropriate for business-sensitive material.

Device security: PIN length and complexity, device locking discipline (screen locks that engage automatically), and the clean device protocol for high-risk travel. The Darkhotel campaign (Kaspersky 2014) and the CBP border search powers (Directive No. 3340-049A, 2017) are useful reference points that make the device security ask concrete rather than theoretical.

Social engineering awareness: A brief introduction to elicitation techniques – the flattery, the false information volunteered for correction, the assumed knowledge – so the principal can recognise when a conversation has taken an unusual direction. The full deception and elicitation briefing is a separate module; the principal security briefing covers the headline awareness.

4. Travel Protocols

For principals who travel internationally, the travel protocol section covers:

Pre-travel briefing: A specific briefing before each trip to an elevated-risk destination, covering the country-specific threat picture, travel arrangements, accommodation security, emergency contacts in-country, and the clean device protocol if applicable.

Arrival and departure discipline: The highest-exposure moments in any movement are the transition points – the moment the principal steps from the vehicle and the moment they re-enter it. The team’s positioning at these points is planned. The principal should not move ahead of the team at these moments, not enter vehicles they have not been directed to, and not engage with individuals who approach during the transition.

Accommodation security: The principal should not open hotel room doors without confirming the identity of the person on the other side. The room number should not be stated aloud in public areas. A travel security protocol for hotel stays includes room location preferences, floor selection, and the room security measures applicable to the destination’s risk level.

Emergency contact protocols: One contact number. One rally point or safe location. The principal should know these before every trip and have them accessible without relying on a device that may be unavailable.

5. Emergency Procedures

The emergency procedure section must be brief, specific, and easy to execute under stress. The cognitive load of a security emergency significantly reduces the ability to execute complex procedures.

The core emergency protocol for a principal is:

1. Move with the team – follow team instructions immediately without requiring explanation
2. If separated, call the primary contact number
3. Move to the pre-briefed rally point or safe location if the primary contact is unavailable
4. Do not contact anyone else or post anything on social media until the team has confirmed the situation

Everything else – the escalation chain, the notification protocols, the media management procedure – is handled by the team. The principal’s job in an emergency is to be reachable and to be where the team expects them to be.

Briefing the Family

Family security briefings are one of the most sensitive parts of the overall security programme. The goal is to create security awareness without creating anxiety that is disproportionate to the actual threat level.

For children, the briefing should be age-appropriate and framed around practical rules rather than threat descriptions:

• Who is authorised to collect them from school (and the procedure if someone not on the authorised list presents)
• Not to share address or schedule information with people they meet outside of known social circles
• How to contact a parent or the security team if they are concerned about something

For adult family members, the briefing covers the same digital discipline and social media awareness as the principal briefing, with the additional point that they may be approached by people who are seeking information about the principal rather than about them. The social engineering awareness element of the briefing is particularly relevant here.

Resistance and How to Address It

“The threat is overstated.” Respond with the specific evidence base for the threat assessment. If the threat genuinely is overstated, acknowledge it – calibrate the programme to the actual threat. A security programme that is visibly disproportionate to the threat destroys its own credibility.

“This will disrupt my routine.” Acknowledge the disruption and be specific about what actually changes versus what does not. Most security disciplines affect a small number of specific behaviours – pre-notification of schedule changes, device discipline, social media timing – rather than the broad shape of a working day.

“I’ve had close protection before and it was intrusive.” Ask what specifically was intrusive and address those points directly. A team that has made the principal feel managed rather than supported has failed in a basic function. The briefing is an opportunity to establish a different working style.

See also protective intelligence and surveillance detection in close protection.