Social media and personal security are now tied together whether we like it or not.

A few years ago, most personal security plans I saw were built around places and people: homes, offices, travel routes, key staff. Today there is a new layer that quietly cuts across all of that – your online presence.

Every post, story and check-in adds to a picture of how you live. For high?profile individuals, that picture is not just “content”. It is information that can be collected, copied and used by people you will never meet.

From a risk perspective, social media has simply become part of the attack surface.

———

The risks themselves are not complicated.

First, there is location and routine. Holiday photos while you are still away, “boarding now” posts, check?ins at favourite restaurants and live stories from events all make it much easier to understand where you are and how you move. Over time, that creates patterns: when the house is likely to be empty, which routes you like to use, where you tend to slow down and stop. None of this is theoretical – it is useful to anyone planning surveillance, an approach or a simple opportunistic crime.

Second, there is the wider circle around you. Adversaries rarely stop at one profile. They will look at family members, older children, personal assistants, drivers, household staff and friends who tag you regularly. From those accounts it is often possible to find images of homes and vehicles, school names and uniforms, clubs and regular venues, and clear views of entrances, streets and neighbourhoods. That is the raw material for doxxing, stalking and targeted harassment, built entirely from what people share openly.

Third, there is impersonation. The more you share, the easier it becomes too pretend to be you. Personal details support social engineering. Public photos and videos make it easier to copy your style and tone. High?quality audio and video can now be used to build convincing voice or face clones. The result can be payment requests that appear to come from you, “urgent” instructions to staff that sound and look legitimate, or emotional scams aimed at family members. When a voice or a short clip can be faked in seconds, “It sounded like you” is no longer enough on its own.

———

It would be easy to say “just get off social media” – but for most leaders, that is not realistic. Visibility is part of the role. Social channels are where you speak to clients, staff, partners and the wider public.

The more useful approach is to treat social media as a risk to be managed rather than a problem to be ignored.

The same open?source environment that can be used against you can also support your protection. Professional monitoring of public platforms can provide early warning of threats, growing hostility, impersonation accounts or leaked information. During fast?moving events, social media can help build a real?time picture of what is happening around a principal, especially in unfamiliar locations. When something does go wrong, controlled use of social channels allows you to correct rumours and give clear direction, instead of leaving a vacuum for others to fill.

For high?risk profiles, the key is to bring online exposure into the wider risk?management framework.

That starts with a simple audit of what is already visible: current and old accounts, search results for the principal and their family, images that show homes, vehicles, routes or schools, and any known data breaches involving personal emails or phone numbers. The goal is to understand what a motivated stranger could learn in a short period of time.

From there, you move to clear rules. Not “use common sense”, but a small set of written guidelines that everyone can follow. For example: no real?time location tags while travelling, no posts that show children’s schools or daily routes, no discussion of security measures or private schedules, and a delay between visiting a location and posting about it. Those rules should apply not only to the principal, but also to family members and close staff whose posts materially affect their risk.

Basic technical hygiene sits underneath all of this: strong, unique passwords and multi?factor authentication, tight control over who can access official and corporate accounts, regular privacy?setting reviews, and devices kept updated and checked for unusual activity. Internally, it makes sense to agree that no financial or sensitive instruction is carried out based on voice or video alone.

The last piece is people. Security is rarely compromised by the principal in isolation. Partners, older children, personal assistants, drivers and household staff all need to understand which types of posts create risk, how to recognise harassment or impersonation, and how to report concerns quickly through the right channel. Simple measures, explained well, often reduce risk more than complex tools.

If you treat online presence as a dynamic risk surface – something that is monitored, discussed and planned around – it stops being a constant source of surprise and becomes another area you have conscious control over.

Social media will continue to shape how leaders communicate, build trust and influence. The question is not whether you should be visible, but how well you manage the risk that comes with being visible.