A tailgating attack, also referred to as “piggybacking,” involves attackers seeking entry to a restricted area without proper authentication. In it, the perpetrators can simply follow an authorized person into a restricted location. They can impersonate delivery men carrying tons of packages, waiting for an employee to open the door. They can ask the unknowing target to hold the door, bypassing security measures like electronic access control.
Read More about a “Tailgating Attack”
Tailgating is a common type of social engineering attack. While they don’t always use computers per se, as in the sample scenario above, they always involve some sort of electronic identification.
Tailgating is considered more of a psychological manipulation in that attackers make unknowing employees accomplices to their crime. Like phishing, including spear phishing or whaling, it is an information security confidence trick designed to fool authorized people to allow attackers to access restricted areas and information.
Who Are Most at Risk of Tailgating Attacks?
Organizations with large employee numbers, prone to staff turnover, and that rely on several subcontractors for specific tasks are most at risk of tailgating attacks.
Universities and open campuses with huge foot traffic are also at significant risk, especially since their students typically rush from class to class without thinking twice about leaving doors open even when they don’t know who’s following them to restricted areas.
The same is true for offices where employees are always hopping from one meeting to the next, running around to take urgent calls, and striving to meet pressing deadlines.
These places are ripe for criminals’ picking. They can suffer from data breaches and other types of phishing, ransomware, and other malware-enabled attacks that can cost millions to address and severely damage an establishment’s reputation.
How Can Organizations Avoid Suffering from Tailgating Attacks?
The fact that most companies today are more preoccupied with defending against cyber attacks can contribute to the success of tailgating attacks. Organizations, however, need to protect against physical and cyber threats.
Truth be told, tailgating attacks require the implementation of fundamental measures that include:
- Logging off from your computer and other devices while these are not in use. Don’t forget to include universal serial bus (USB) sticks and Secure Digital (SD) memory cards. Anything that contains confidential information needs to be secured. Following company security rules strictly always helps.
- Don’t be fooled by looks. If anyone looks suspicious, approach the person and ask for credentials to make sure he or she is authorized to be in the area. It’s always better to ask and be careful rather than presume someone is who you think he/she is. If you’re afraid to ask, let your security team know immediately instead.
- Always know what is going on around you, especially when you’re entering restricted areas (i.e., those with highly confidential, classified information). Fake couriers or IT contractors may try to sneak in once you clear the entry system. Don’t fall for friendly folks carrying loads of files, making you think they just need help opening the door.
- If you’re part of your company’s security team, create and implement comprehensive security protocols covering both physical and virtual threats. Ask your bosses to make following them a mandatory part of employee training. That will help you ensure no corporate data will fall into the wrong hands.
- Make it a point to follow your organization’s security protocols. Attend the necessary training so you can avoid being the cause of a data breach or compromise.
Tailgating may seem simple, but its consequences are as devastating as any other kind of attack, physical or virtual. To avoid its unwanted repercussions, follow the tips and tricks in this post.