Tailgating and piggybacking are low-tech tactics used by malicious actors to enter secure areas. They occur when an unauthorized person gains physical access to a location with sensitive information or vulnerable IT equipment. These intrusions can have significant financial and reputational impacts on businesses, so it is essential for companies to take measures to prevent these events.
Tailgating and Piggybacking Explained
Tailgating can occur when an intruder sneaks into a secure area by following an authorized employee. On the other hand, piggybacking is a type of social engineering technique that occurs when an intruder tricks an authorized individual into letting them into a secure area.
Once inside, the perpetrator can steal or view sensitive data, upload malware, take property or damage devices. Tailgating and piggybacking can lead to significant data breaches that create compliance violations and reputational damage, erode the trust of vendors and clients, and lead to costly fines and penalties. The following are examples of how these intrusions can occur:
- A perpetrator disguises themselves as a delivery person or contractor so an authorized employee allows them to enter restricted premises.
- An authorized individual holds the door open for the unauthorized person behind them. A malicious actor pretends to be an employee who has forgotten or lost their credentials.
- An intruder carries a bulky item in their hands, making them appear too full to open the door, or they pretend to be distracted while talking on the phone and follow someone inside.
- A trespasser acts as if they are a guest and even uses specific names of people in the office to appear legitimate.
An unauthorized individual follows an authorized individual through a slowly closing door before the door shuts and locks.
Tips on Preventing Tailgating and Piggybacking
As part of a comprehensive approach to cybersecurity, businesses should implement measures to prevent tailgating and piggybacking. Consider the following strategies:
- Implement access control systems (e.g., badge readers and biometric scanners) and install physical barriers (e.g., turnstiles and security gates).
- Utilize surveillance cameras and video analytics.
Maintain clear security policies and procedures and train employees on physical security awareness. - Use visitor management systems for tracking and authorizing visitors.
- Conduct regular security audits to identify vulnerabilities.
Taking steps to understand and prevent these tactics can help reduce the risk of them occurring and offer financial and reputational protection. For more information, contact us today.