A Step-by-step Guide to Preventing Tailgating Attacks
Complex digital hacking methods garner the most attention from cybersecurity leaders and professionals today, but physical security hacks still pose considerable threats to your business. A low-tech physical hack known as tailgating provides an easy entry point into restricted areas where malicious parties may carry out a slew of damaging activities.
Common examples of tailgating
The perpetrators of tailgating incidents include outsiders who have no association with a business and disgruntled ex-employees looking to exact revenge for perceived injustices. Here are three scenarios that clarify how tailgating attacks can happen.
The classic example of a tailgating attack is when an outsider disguised as a delivery driver waits for an employee to enter a building. The delivery driver typically uses boxes as props to appear more genuine and to increase the odds of exploiting the tendency for human kindness. As the employee checks in, the outsider asks the employee to hold the door, which unintentionally gives access to the building or restricted area.
A real-life tailgating example occurred when a security researcher broke into an FTSE-listed financial institution by pretending to have a conversation on the phone and simply following an authorized employee into the swipe-card-operated lift. The authorized employee turned out to be the company’s managing director.
A step-by-step guide to preventing tailgating attacks
Here are four steps to start preventing tailgating attacks. The logic here is to address the root cause: a lack of security awareness and social engineering exposure among employees.
1. Train employees in physical security
Many businesses focus their security awareness training programs on digital security practices. These practices include proper password hygiene and recognizing phishing emails. While digital security is essential, neglecting physical security awareness at your company can significantly impact and harm your business.
Since developing an effective training program is complex, time-consuming, and costly, consider dedicated security awareness training platforms. These platforms use security training expertise to help businesses run robust awareness programs without developing the program from scratch.
2. Familiarize employees with social engineering
Many employees don’t recognize tailgating attacks because they’re often unfamiliar with what social engineering attacks actually look like. Security training programs are a useful starting point, but simulated attacks further improve security awareness with exposure to how real-world incidents occur.
Simulated phishing is a great way to familiarize employees with social engineering techniques. Dedicated platforms, such as BLAST, automatically craft convincing phishing emails for you without any effort required in writing these emails. With the click of a button, you can send phishing emails to employees and test their vigilance about social engineering.
3. Improve physical access security
Most businesses today give employees a smart card to access the office. The continued success of tailgating attacks shows that this physical security measure continually falls short.
Fully staffed reception areas with dedicated security personnel provide an extra layer of physical access security. Badges provide a low-cost way to improve access security. Requiring badges for all authorized employees and visitors makes it easier to visually identify someone who shouldn’t be inside the building or entering a particular area.
4. Use Advanced Video Surveillance
Multiple entry points to office buildings and different restricted areas make it hard to properly monitor who is going where, even if you have a staffed reception desk. Advanced video surveillance uses AI and video analytics to help businesses improve real-time physical security monitoring. These camera systems can assess who enters a building by comparing video footage with facial scans of employees and contractors.
Stop tailgating in its tracks.
Threat actors don’t limit the scope of their malicious activities to digital systems. Physical security hacks are not some relic of the past—they happen regularly, and many businesses aren’t resourced or prepared to mitigate them. Start with better security awareness training and simulated social engineering attacks to stop tailgating in its tracks, then step up your efforts to strengthen physical access controls.
Contact Cybeready to start improving the effectiveness of your security training program today.