You might not consider tailgating when developing your cybersecurity strategy, however it’s a form of social engineering which takes place in the physical world. It can be a tricky problem to tackle, but there are a few solutions.
What is tailgating?
Tailgating is when an unauthorised person gains access to an off-limits or password-protected area. This can be done by a complete stranger – e.g., someone posing as a food delivery driver, pretending to deliver an employee’s meal (a scenario that became more common during the pandemic). It can also be done by staff without the correct privileges. They can gain access to a protected area by holding the door as their authorised colleague goes through.
How does it differ from piggybacking?
Piggybacking involves someone actively allowing access to an unauthorised colleague. They may not know that person is unauthorised, they might just hold the door open out of politeness. Hopefully current employees wouldn’t have malicious intentions when entering unauthorised areas, but there are always some bad actors.
How to prevent tailgating
It can be hard to completely prevent someone entering somewhere they shouldn’t as it mainly relies on humans to stop them, however here are few ways to reduce the risk:
- Educate all employees on the dangers of tailgating. Train them to be more vigilant when allowing others to follow them into secure areas
- Enforce using credentials to enter secure areas. It might be time consuming when a large group has to enter, but it’s more secure
- Encourage staff members to ask to see colleagues passes if they’re unsure they have authorisation to be there. It might seem awkward at first, but eventually it becomes normal practice
- Have a physical security team at vulnerable parts of the building. There might be multiple points of entry – such as a delivery point, or a fire exit. These should be monitored
- Invest in technology to help. There are now tailgating detection tools available that use AI or real-time video.