Not all cybersecurity threats are digital. Some, such as tailgating, are physical. With an estimated cost of $3.88 million per breach in the UK, companies need to pay attention to both.
So what is tailgating in cybersecurity, and what can you do about it?
What is it?
Tailgating is a physical security issue that can impact cybersecurity, depending on the intention of the attacker. Also called “piggybacking”, it is a type of security breach that occurs when a bad actor (or “social engineer”) enters secure premises by immediately following a person with authorised security clearance.
Like malicious social engineering practices in the digital space, such as phishing, tailgating exploits intrinsic weaknesses in human psychology. Instead of attempting to hack biometric security or break locks, the bad actor simply takes advantage of the brief window of time the door remains open as the authorised person enters.
In some cases, they may sneak in behind them or put their toe between the door and frame to prevent it from closing fully. In others, they may have a conversation with the authorised employee, gaining their trust, or pretend to hold the door open for them out of courtesy.
Tailgaters are often thieves, but they can be former employees, or people just looking to cause mischief. In rarer cases, they may be representatives of rival firms, trying to get access to your sensitive data.
Tailgating does not work in all environments. It is particularly challenging when there are two sets of doors or security staff monitor entry and exit points continuously. However, most companies do not operate setups like these, making it easier to do.
What is the impact?
Tailgating undermines a firm’s physical security measures. It can lead to:
- Data theft
- Vandalism of company property
- Loss of trade secrets
- Theft of physical equipment
- Access to company computer terminals
- Financial loss
- Damage to company reputation
As such, preventing tailgating is essential. Companies that are successful can enhance both their physical and on-site cybersecurity simultaneously.
Is there anything you can do to stop it?
While tailgating is difficult to stop, it is not impossible. Here are some of the things that firms can do:
- Report any suspicious activity or unrecognised personnel to security staff immediately
- If you find a member of staff in a location they do not have permission to be, escort them to an authorised area and then launch an investigation into their activities
- Do not hold doors to secure areas open for people out of courtesy
- Teach colleagues about the risks of tailgating, how it works, and the tactics that malicious actors may use to fool them
- Ask employees to bring any suspicious individuals not supposed to be in restricted areas to your attention
- Improve door security by developing systems that make tailgating difficult or impossible
- Ensure that all doors to restricted access areas close by themselves and shut properly behind authorised employees
- Tell employees to watch out for people following closely behind them in restricted areas
- Hire security guards
- Install video surveillance to monitor critical access points
- Use photosensors, turnstiles and laser sensors that only permit one person to enter at a time