Scroll to top
Request Consultation
Social Media OPSEC for Executives: What to Share and What Not To

Security Intelligence

Social Media OPSEC for Executives: What to Share and What Not To

Operational security guidance for executives using social media. Covers the specific risks of location tagging, routine publication, family exposure, travel announcements.

Marcus Webb, Security Operations Adviser 12 April 2026 3 min read

Social media has become the primary source of operational intelligence for threat actors targeting executives. The information executives and their families voluntarily publish (locations, routines, travel plans, family details) provides what professional surveillance operations historically required significant resources to collect.

This is not an argument for going offline. It is an argument for understanding what you are publishing and making deliberate decisions about it.

The Operational Intelligence Problem

Threat actors (whether criminal groups targeting executives for kidnap, activists organising protests at residences, or stalkers) benefit from the same information:

  • Where the executive lives (home address or neighbourhood)
  • Where they are right now (real-time location tags)
  • What their routine looks like (daily coffee, gym, commute timing)
  • When they are travelling and where (flight announcements, hotel check-ins)
  • Who their family members are and where they go (children’s schools, sports teams)

Most executives publish some or all of this information without recognising its operational significance.

High-Risk Content Categories

Real-time location tags. Any post that includes your current location provides immediate intelligence to anyone monitoring your account. This includes Instagram location tags, Swarm/Foursquare check-ins, and Facebook location data.

Routine publication. Posts at the same location at regular intervals reveal a pattern. The morning coffee, the gym, the regular restaurant: any routine published repeatedly creates a predictable movement signature.

Travel announcements. Announcing a trip in advance tells anyone monitoring that your home will be unoccupied and when. Posting from airports reveals your travel timing and destination. Posting from hotels reveals your accommodation.

Strava and fitness apps. Running and cycling routes that start and end at your home address publish your home location. Routes through your neighbourhood at consistent times publish your routine. Strava has been used to identify the home addresses and routines of intelligence and military personnel: the same vulnerability applies to executives.

Family exposure. Children’s school name, sports team, after-school activities, and any location data associated with family members extend the attack surface beyond the executive to family members who may be easier to access.

Practical Reductions

Disable location services for photos. Turn off geotagging on your smartphone camera. This prevents photos from carrying embedded location data.

Post after, not during. If you want to share a travel experience, post after you have left the location rather than while you are there.

Audit your accounts quarterly. Review what you have published in the last three months. Look for patterns that reveal routine, location, or family information.

Set accounts to private where appropriate. Professional accounts may need to remain public. Personal accounts, particularly Instagram, can be set to approved followers only.

Have the conversation with family. Specifically about children: location services, school names, sports schedules. This is the most important conversation and the most frequently avoided.

Strava privacy zones. Strava allows you to set a privacy zone around your home that hides the start and end points of activities within that radius. Use it.

For executive digital security and TSCM services, see our executive protection page.

For tailored support on the issues covered here, see our executive protection service and bodyguard hire service.

FAQ

Frequently Asked Questions

Not necessarily. For most executives, some social media presence is professionally expected and reputationally valuable. The goal is to reduce operational security risk without eliminating the communication function. This means removing specific categories of content (location tags, travel announcements, routine indicators, family exposure) while maintaining a professional presence.

Real-time location data combined with routine information. A single post showing you at your regular morning coffee location is low risk. The same post repeated daily at the same time creates a pattern that a surveillance operation can use to predict your movements. Strava running routes showing your home address starting point are among the most operationally dangerous content executives share without realising it.

This is a genuine operational security challenge. You cannot control adult family members’ social media use, but you can have a conversation about specific risks. The most important conversations concern children: schools, sports schedules, and home location should not be visible in children’s social media or in parents’ posts about children. Accounts should be private. Location services should be off for photos.

The main risk is revealing patterns and real-time location, so delaying posts until after leaving a place, disabling location tagging, and avoiding disclosure of routines and travel plans materially reduce exposure. The content can still be shared; the timing and precision are what matter.

Family accounts often leak information about an executive’s home, schools, and movements, so agreed household guidelines and awareness for partners and children are part of the picture. The aim is consistency across the family rather than locking down the principal alone.
Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.

Confidential. Your details are never shared with third parties.