How to prevent tailgating: 5 essential tips for SMEs
With the topic of security becoming increasingly cyber focused, it’s important for SME's not to forget and underestimate the physical side. One particular form of attack to be aware of is the social engineering technique called ‘tailgating’ (piggybacking).
Here is an overview of tailgating, including 5 tailgater tricks SMEs must be aware of, and how security technology and staff training can help.
What is tailgating?
Tailgating is a technique of social engineering, which is a form of security attack used to gain access to premises and confidential information by capitalizing on psychological manipulation. The tailgating technique is used by social engineers to gain physical access to data or business premises. An attack simply involves a social engineer following an employee into their place of work, masked as an employee or visitor. Once inside, the social engineer will try a range of tactics to trick employees into granting them access into unauthorized areas. Once they have access, they’re presented with the opportunity to gather information, steal, or fulfil any other agenda, until they are caught (if caught).
It’s reported that 97% of people don’t even realize they’ve been targeted by social engineers, which means most of the time, employees are unaware of being tricked (Nerds Support - Source). That makes it critical for SME's to be aware of tailgating tactics, train staff so they don’t make mistakes, and implement the right security technology for protection.
5 common tailgating tactics social engineers use
Tailgating, also known as piggybacking, is a common social engineering tactic used by opportunistic individuals to gain unauthorized access to restricted areas. By exploiting the natural tendency of people to be polite and courteous, social engineers can cleverly maneuver their way into secure environments.
-
Sneaking in behind authorized individuals: Social engineers often target employees who are opening doors to restricted areas. They will wait for an opportune moment and follow closely behind, hoping to slip in undetected. This tactic is particularly effective in busy environments where people are focused on their tasks and less likely to notice the additional person entering.
-
Posing as legitimate personnel: Social engineers may disguise themselves as couriers, delivery personnel, or other individuals who are typically granted access to secure areas. They may carry clipboards, uniforms, or other props to enhance their credibility. Once inside, they can move freely and potentially gather valuable information or even sabotage systems.
-
Playing on empathy: Social engineers may feign helplessness by carrying multiple items and pretending to be unable to open doors themselves. They may approach an unsuspecting employee and ask for assistance, hoping to gain sympathy and be granted access. This tactic often works because people are naturally inclined to help those in need.
-
Pretending to have forgotten ID: Social engineers may attempt to blend in with authorized personnel by claiming to have lost their access ID or left it at home. They may act flustered and apologetic, hoping to convince an employee to provide them with a temporary pass or open the door for them.
-
Claiming to be invited guests: As a last resort, social engineers may try to gain access by claiming to be guests of an employee. They may even have a name and some details about the supposed employee, which they may have obtained through eavesdropping or other social engineering tactics. This tactic can be particularly effective in environments where security measures are lax or where employees are unfamiliar with each other.
Make awareness a top priority
All 5 of the common tailgating tactics rely upon employees making common human errors, which work to social engineers’ advantage. If SME's actively train their staff to be aware of these tactics and explain how to deal with them, the risk of employees making errors can be reduced. To effectively combat tailgating, organizations need to implement a multi-pronged strategy that combines physical security measures with employee awareness training.
-
Physical Barriers: Install physical barriers such as turnstiles or mantraps to restrict access and make it more difficult for unauthorized individuals to enter restricted areas.
-
Access Control Systems: Implement robust access control systems that require authorized personnel to present valid IDs and credentials. Consider using biometric authentication or multi-factor authentication for added security.
-
Surveillance Systems: Install surveillance cameras to monitor high-traffic areas and identify suspicious behavior.
-
Awareness Training: Educate employees about common tailgating tactics and encourage them to be vigilant and challenge anyone they don't recognize or who appears to be following them.
How security technology can help
Alongside staff training, SME's should also consider implementing security technology that allows them to control access and identify threats. That includes access control, CCTV and intruder detection.
Access control
An access control system enables SME's to assign IDs to each employee, which they need to keep with them for access. Temporary access passes can be provided for visitors, contractors or even if an employee has forgotten their ID. Access control systems enable SMEs to build layers of security within the building, through the assignment of access rights based on role or seniority for example. this could mean different people having access to different parts of the promises. Having all internal as well as external access points access controlled ensures that even if an intruder has managed to gain access to the building, their movement will be heavily restricted by the multiple access control points. As an added precaution, a strict policy of always presenting employee IDs when moving around premises should be implemented, which makes it easier to spot unauthorized people.
CCTV
CCTV cameras can serve as a deterrent for social engineers, as seeing them may make them think twice about attempting access. CCTV can also help to identify suspicious behaviors, such as people hanging around a back door waiting to be let in. An example of that is an outdoor smoking area, where social engineers could get into conversation with an employee on a smoke break, and follow them in once their break ends. The ability to access live CCTV footage also helps, as trained staff can keep an eye on suspicious people and observe their movement.
Intruder detection
Intruder detection technology helps to pick up movement in sensitive areas and provides alerts. For example, if a social engineer has managed to gain access and is in normally non-manned secure area a sensor will detect movement and trigger an alarm. Once alerted, SMEs are able to verify the movement using CCTV footage, allowing security to act accordingly and prevent attacks.
Strength in partnership
Having the backing of a reputable security partner is vital for right sizing security technology that helps to prevent tailgaters. Here are some criteria we recommend SMEs consider when picking a security partner:
- Expertise in integration of security systems – including CCTV and intruder detection
- Support with upgrading technology and services as the business continues to grow Convenient, local support to address system issues with minimal delay
- The expertise to understand and handle different challenges across various markets
- A technology expert that’s able to provide access to the latest security innovations
The above also rings true for SMEs who are renting shared/co-working spaces. It’s important to ensure that the same level of options is provided by your landlord’s choice of security partner. That gives the confidence that the security of your working space is in safe hands.
Find out more today about how you can implement effective security technology to protect your SME from tailgating attacks.