Be it cyber or physical
security, all risks must be properly mitigated to reduce the threat of an
external or internal threat successfully infiltrating the network. Far too
often key decision makers are aware of security vulnerabilities but lack the
follow-up action to proactively close those security gaps. This is exactly the
case for tailgating.
What is Tailgating?
According to Carnegie
Mellon University, tailgating is one of the most common forms of social
engineering attacks used when trying to breach a physical space. Unfortunately,
you have likely even been a participant in this action without even giving it a
second thought.
Tailgating is when an
unauthorized individual follows a person who has heightened security
credentials into a controlled area. Not always is this a security breach in the
works. Tailgating can occur at any facility that requires a fob or proximity
card for entry. For example, letting the UPS delivery person into the building,
or unknowingly letting individuals into a gym who is not actually a member.
Why Is Tailgating a Problem?
The examples outlined
above are pretty harmless, because not every tailgating activity is entirely
malicious. However, there are certainly instances where tailgating does pose a
serious risk to employee safety and company security as a whole.
Consider a previous
employee who is trying to gain access to a controlled environment to gather
proprietary data from the organization. They are a familiar face and maybe not
everyone is aware of the employment termination and they unwittingly allow them
entry. Or consider an external third party, portraying the internet company,
who follows a staff member into the building with plans to hack the network.
The threat is very much real, and organizations must take the steps necessary
to reduce their exposure.
Top Tailgating Prevention Tips
In order to stop
tailgaters from gaining access to your controlled environments, review the top
five tips you should be implementing in your business environment to thwart
these forms of attacks.
Conduct a Security Audit
First and foremost,
conduct an audit. In order to close security gaps, you first must understand
what the gaps are, as well as where and why they exist. By completing a
security audit, you will gain insight into these factors as well as receive
feedback from individuals who work specifically in these areas for ideas on how
to mitigate the risks.
Use Your Data
Knowing what to do and
where to do it is only half of the battle. Now it is time to move into the
implementation phase. Once you have completed the audit, use the information to
make changes within the organization. This may be increasing tailgating
security in high-traffic areas
of the business, like initial entry points or lobbies.
Employee Training
Oftentimes, employees
are not aware of the magnitude of issues that may arise due to security
breaches. By educating them, the risk of the behavior continuing is reduced.
For example, when employees are trained on how to
spot phishing emails, and the potential
severity of the situation, had they fallen for the spoofed email, they are more
cautious and look for red flags. The same is true for employee training
regarding tailgating. It is in our human nature to hold the door open for
someone that has their hands full, not ask for their credentials before
allowing them to pass. However, when employees are educated on the risk this
could potentially pose, the behavior will likely be reduced, and they will be
more cautious about whom they allow entering into a controlled area.
Proactive Access Control
According to Security
Magazine, 71% of survey respondents believed they were at risk of tailgating.
Meaning, that 71% of surveyors see tailgating as a security threat they are
vulnerable to. Yet, 74% of respondents stated they are not monitoring these
security threats whatsoever. The issue is, that awareness is not leading to
proactive decisions to block the attack before it happens.
When choosing the
access control solution to secure your physical space, ensure it includes
real-time tailgate monitoring. Do not wait until your organization has fallen
victim to a security breach as a result of a tailgating instance before you
take action. Be proactive.
Top Takeaways
Tailgating is a common
physical security hole; however, that does not mean that organizations are
taking a proactive role in blocking this threat before it becomes a bigger
problem. Additionally, it does not mean that all employees are aware of the
risk they are putting themselves, and the company is when they are unwittingly
participating in tailgating activities.
To best protect your
organization, a security audit should be completed to identify access points
where tailgating would be more likely to occur, as well as areas where
tailgating would create a significant security issue if a malicious tailgater
were to gain access. From there, create an executable plan to reduce the risk.
Additionally, educate your staff on the threats tailgaters may pose to not only
their safety, but the security of the organization as a whole. Finally,
implement a proactive access control solution that includes tailgate
monitoring.
By using these tips to reduce the number of times tailgating takes place, you will create a safer environment for the employees that work there, as well as any third-party individuals accessing the building.
