Introduction to Tailgating

Definition: Tailgating (aka piggybacking) is a physical security breach where an unauthorized person follows an authorized individual into a restricted area. It bypasses locks, badge readers, and even guards.
Risk: Opening doors for strangers can lead to theft, data breaches or harm. In fact, IBM reports about 8% of security breaches involve a physical entry (often via tailgating), with an average loss of ~$4.1M each. Tailgating is a significant risk to company property, equipment, data and safety.
Psychological Factors: Attackers exploit politeness and trust. Employees often hold doors or assume tailgaters belong, due to courtesy or habit. In short, basic human nature (trusting colleagues, avoiding awkward confrontations) can be exploited by intruders.

Common Tailgating Scenarios

“Delivery driver” scenario: An attacker impersonates a courier, maintenance person or visitor. For example, they carry packages or uniforms and ask an employee to hold the door.
“Forgotten badge” ploy: The intruder claims they lost or forgot their ID card and chats to stall while slipping in. New employees or contractors often use this excuse.
Crowded entry: In busy lobbies or during shift changes, a tailgater pushes through behind a group of people. Employees may not check everyone, especially in crowds.
Group tours: An unauthorized person joins a group tour or large meeting and then breaks off into a restricted zone.
Distraction tactics: Someone starts a conversation or stumbles to gain sympathy, causing a momentary distraction. An employee who holds the door “just in case” can unwittingly let the intruder in.

Watch on YouTube

Real-World Case Studies

Munich Airport, Aug 2024: A 39-year-old man boarded two flights without tickets by closely tailgating other passengers through automated boarding checks.
UK Parliament, Dec 2024: Banned diplomats joined a guided tour of Parliament and then separated from the group to enter a restricted Lords area.
Corporate Espionage (Anonymous Case): An attacker posing as a delivery person tailgated an employee into an R&D lab. Inside, he accessed confidential prototypes and stole intellectual property.
Hospital Security Breach (Anonymous Case): A stranger followed a medical staff member into a locked patient records area. The intruder gained access to private patient files, causing a serious data-privacy violation.
Data Center Penetration (Penetration Test): A security consultant posed as a vendor carrying food trays and tailgated through a biometric door at a data center. Employees held the door for “him,” letting him into a highly secure area. This real example underscores that carrying something (lunch, tools, boxes) can coax employees into letting intruders in.

Physical Security Best Practices

Enforce ID policies: Require all employees and visitors to display company badges at all times. Train staff never to open doors for someone without a badge. If someone doesn’t have a badge, politely verify their identity or direct them to security rather than holding the door.
One-at-a-time entry: Install turnstiles, speed gates or double-door vestibules (mantraps) at entrances. These force people to enter one at a time, making tailgating physically difficult.
Visitor management: Always sign in guests and issue temporary badges. Visitors should be escorted or observed; never allowed to wander alone in restricted areas.
Physical barriers: Use locked doors, security cages or gating for sensitive zones (server rooms, labs, finance offices). Segment high-security areas so even if the lobby is breached, inner areas remain locked.
Staff training: Include tailgating awareness in security training. Regularly remind employees not to prop open doors or let others in without checking credentials. Explain that tailgating is a form of social engineering to look out for.
Encourage reporting: Make sure employees know they should report any suspicious entry immediately. Any unidentified person seen in a secure area should be reported to management right away.

Technical and Procedural Measures

Turnstiles and sensors: Use optical or physical turnstile gates that allow only one person per credential scan. Optical sensors can detect and alarm if two people enter together. Barrier turnstiles physically block a second person from passing. Such anti-tailgating systems help prevent piggybacking by design.
Badge readers (card/bio scanners): Require each person to swipe an access card or use biometrics at every secure door. Never let people share or “loan” badges – each swipe should be logged to one person. Maintain updated records of who is authorized to be where.
Door alarms and man-traps: Consider man-trap entries where one door must lock before the next opens. Alarms or door prop sensors can alert security if a door is held open too long or forced.
Video surveillance: Install cameras at all entry/exit points. Monitoring these can help detect tailgating in progress. Security teams should monitor or record lobby cameras and deploy sensors at doors to catch unauthorized entries.
Security personnel: Station trained guards at main entrances and sensitive checkpoints. Guards can visually verify identities and challenge anyone without proper ID. Onsite security acts as a strong deterrent and last line of defense. Guard tours and patrols of inner halls can also prevent someone sneaking in unnoticed.
Access procedures: Enforce a strict policy that only one person may enter per authentication. Disable propped-open doors and require re-entry of the badge for every door. Regularly review access logs to spot anomalies.

Conclusion: Key Takeaways

Tailgating is a real threat: It exploits basic human behaviors and can defeat even advanced security systems. A simple act of courtesy can let an intruder into protected areas, so vigilance is essential.
Follow the rules: Always use your own badge or credentials and close doors securely behind you. If someone tailgates, stop and ask them to sign in or verify their identity.
Stay alert and report: If you see suspicious behavior (someone without proper access asking to get in, or a door held open), report it immediately to security.
Everyone’s responsibility: Physical security is a team effort. By following these best practices and procedures, all staff help protect the workplace. Small actions – like not propping open doors – make a big difference in preventing breaches.

Key message: Tailgating may seem harmless, but it opens the door to big security problems. Stay aware, use access controls properly, and support each other in keeping our facility safe. Each employee’s vigilance is crucial to stop unauthorized entry.

Sources:

Post Views: 52