What is Tailgating (Piggybacking) and How to Prevent It?
By Alliant Specialty
Listen to the audio version:
Tailgating and piggybacking refer to tactics used by malicious actors to gain unauthorized physical access to a secure area by closely following an authorized person. Tailgating occurs when an unauthorized person slips through a secure entry point immediately after an authorized individual, often without detection. On the other hand, piggybacking occurs when the malicious actor tricks the authorized individual into letting them into a secure area.
Low Tech, High Risk
Tailgating and piggybacking pose substantial risks as these tactics exploit physical vulnerabilities, circumventing established security measures. This unauthorized access opens the door to potential data breaches, leading to financial losses and reputational damage for organizations. As traditional cybersecurity focuses on digital threats, the human element involved in tailgating and piggybacking often goes overlooked, making these low-tech tactics an effective avenue for cyber adversaries.
Here are effective examples of tailgating and piggybacking:
- An intruder disguises themself as a delivery person or contractor, so an authorized employee allows them to enter the premises.
- An authorized individual holds the door open for the unauthorized person behind them.
- A malicious actor pretends to be an employee who has forgotten or lost their credentials.
- An intruder carries a bulky item in their hands, making them appear too full to open the door, or they pretend to be distracted while talking on the phone and follow someone inside.
- A trespasser acts as if they are an invited guest and may even use specific names of people in the office to appear legitimate.
- An unauthorized individual follows an authorized individual through a slowly closing door before the door shuts and locks.
Once the perpetrator gains access to a restricted area, the business faces several risks, including the theft of sensitive data, installation of malware, and property or device damage. These incidents can result in significant data breaches, causing compliance violations, reputational harm and an erosion of trust with vendors and clients, potentially resulting in costly fines and penalties.
Preventing Tailgating and Piggybacking Attacks
Mitigating the risk of tailgating and piggybacking requires a holistic approach that combines technological solutions with robust physical security protocols to ensure comprehensive protection against unauthorized access. Businesses should consider the following actions when implementing measures to prevent tailgating and piggybacking attacks.
- Implement access control systems. Devices (e.g., badge readers, alarms, sensors and biometric scanners) can help prevent unauthorized individuals from entering secure areas. Entrances requiring multifactor identification can also discourage intruders.
- Utilize surveillance cameras and video analytics. Closed-circuit television and security cameras can help monitor who enters the premises and act as a visual deterrent. Advanced systems can also use artificial intelligence and video analytics to help identify unauthorized individuals.
- Train employees on physical security awareness. Businesses can help reduce risks by educating employees on identifying and preventing physical security threats. Instructing employees to ensure doors close behind them and to report suspicious activity can also help mitigate exposures.
- Use visitor management systems for tracking and authorizing visitors. Visitor management systems provide a record of who has entered an area. Whether the system involves an employee working at the front desk, a security guard or a digital system checking in visitors, it can provide a layer of security to confidential areas.
- Install physical barriers. Turnstiles and security gates can provide a low-tech way to secure areas and provide a perceptible obstacle to potential intruders.
- Maintain clear security policies and procedures. Comprehensive security policies and procedures that address physical threats are essential. It’s also critical to regularly update the policies and procedures and communicate any changes effectively.
- Conduct regular security audits to identify vulnerabilities. Testing and auditing security systems can help identify and remedy weaknesses. Additionally, they can provide insight into which methods are effective.
How Can Alliant Help?
Alliant Cyber is ready to engage with your organization today, to assist you in identifying and realizing your cyber risk management objectives. Our multi-disciplinary team accomplishes this through our accelerated model of engagement, prioritization and targeted results. Reach out today to begin your journey toward optimized insurability outcomes, enabled by Alliant Cyber.
Alliant note and disclaimer: This document is designed to provide general information and guidance. Please note that prior to implementation your legal counsel should review all details or policy information. Alliant Insurance Services does not provide legal advice or legal opinions. If a legal opinion is needed, please seek the services of your own legal advisor or ask Alliant Insurance Services for a referral. This document is provided on an “as is” basis without any warranty of any kind. Alliant Insurance Services disclaims any liability for any loss or damage from reliance on this document.