Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Tailgating in the Workplace: A Cyber Threat

Tailgating

about the author

Share this post

Understanding Tailgating in Social Engineering

What is tailgating? Tailgating is a social engineering technique employed by individuals seeking unauthorized access to secured areas by closely following behind an authorized person. This tactic exploits human courtesy, allowing the infiltrator to gain entry without proper authentication.

News headlines are filled with massive security breaches, analysts taking us through the often complex hacks involved.

Frank Abagnale was one of the world’s most infamous hackers. His criminal activities were made famous in the film of his life, “Catch me if you can”. Frank did much of his hacking back in the 1960s. He used low-tech social engineering techniques, including ‘Tailgating’, to impersonate a doctor and a pilot to facilitate various financial scams. During his scams, Frank would use false identities to forge checks and cash them in. Frank stole large sums of money and ended up sentenced to 12 years in prison for fraud. Frank has since long left his life of crime to advise on how to prevent cybercrime.

Frank used social engineering to commit fraud by manipulating situations and people. These attack methods typically focus on weaknesses in human behaviour, exploiting them to initiate cyber attacks including criminal damage, inventory theft, ransomware infection, Business Email Compromise (BEC), and data exposure. The term ‘engineering’ belies the often subtle and low-tech nature of many social engineering issues. Here is a look at the low-tech hacking tactic known as ‘Tailgating’.

What is Tailgating in the Context of a Cyber Threat?

News headlines are filled with massive security breaches, analysts taking us through the often complex hacks involved. However, not all hacks are digital; many are achieved using low-tech tactics. But even these low-tech attacks can still result in major breaches and theft.

Tailgating, sometimes known as ‘Piggbacking’ is a form of low-tech social engineering that is a physical, rather than digital, hack. However, this physical attack can lead to a digital cyber attack.

A typical example of tailgating is a fraudster gaining access into a corporate building by pretending to be a legitimate visitor or delivery person or similar. Colin Greenless, a consultant at Siemens Enterprise Communications, demonstrated back in 2009, how easy tailgating was and how damaging it could be. Greenless gained unauthorized entry to an FTSE 100 listed financial institution building, and within 20 minutes had found a highly sensitive M&A document sitting in plain sight on a desk.

The Psychology of Tailgating or Piggbacking

The act of tailgating or piggbacking takes advantage of human behaviour and situations. Tailgating is an in-situ social engineering tactic – that is, the tailgater must be physically in the environment that they wish to exploit. This brings into play other important factors in successful tailgating, namely pretexting.

Pretexting is probably as old as human society. It is the act of presenting yourself as someone else to obtain sensitive or important information from another individual or group, somewhat like Frank Abagnale. In the act of tailgating, the offender will often take on a form of identity that makes the target more open to revealing information or performing an act (like opening a door). Pretexting requires research on a target. It is also built upon the notion of trust – what prerequisites help building a trusted persona to make any social engineering scenario more successful? For example, if the social engineer wishes to tailgate a target company, they may spend time looking at the types of visitors that turn up at the organisation’s building; is there a specific time that deliveries are made, for example. This intelligence gathering allows the fraudster to build a trusted persona that they can use to manipulate and influence employees into allowing them into a normally secured building or room.

The Damage from Tailgating in the Workplace

Tailgating is not just a case of someone playing the fool and getting into a building for a lark. Tailgating carries malicious intent, and the perpetrators perform this act to cause property damage, steal information, install malware, and even put staff lives at risk. In a recent survey from Boon Edam, 71% of respondents felt at risk from a physical breach due to tailgating.

Tailgating comes in whatever form works and those that carry it out can be ex-employees or strangers.

Ex-employees: According to research, 80% of cyber-liability claims come from employee negligence, including rogue employees. These ex-employees are often disgruntled, seeking revenge and damaging property, and stealing company information and sensitive data to enact this revenge.

Stranger danger: Politeness can lead to data theft and malware infections: during the Colin Greenless tailgating exercise, 17 employees, on request, gave Colin their passwords. Fraudsters typically plan their attack well in advance. They know who to target, and as well as passwords, access badges will be on their must-have list. Being polite to a stranger can lead to compromised accounts, a data breach and even infection by installing malware.

How to Stop Tailgating

security policy is an important first step in developing methods to stop tailgating events. The policy must reflect the tailgating methods and how to stop the tailgater in their tracks. To stop tailgating, before it gets under the skin of your organisation, look at the following areas:

Fundamentals

Teach employees about what tailgating is, how it happens, and the consequences. This should be part of an ongoing Security Awareness Training program. Security awareness programs should cover all aspects of cyber threats, both digital and physical security.

Vigilance

Encourage a vigilant attitude from employees. Anyone who looks suspicious should be challenged to supply credentials. Better still, set a process in place so that employees can inform a relevant security team member or manager about their suspicions.

Environmental awareness

Train employees about tailgater actions, such as attempting to gain physical access into restricted areas as an authorised person enters the space. Ensure that employees know that tailgating involves confidence tricks used to build trust.

Assertiveness

Being polite is important but being assertive can help prevent a serious company breach. Employees need to be taught about the tricks of the tailgating trade and how these criminals use fear of looking impolite to circumvent security.

Shutting the Door on Tailgating

Colin Greenless was a white-hat hacker, and his escapades were made transparent to help prevent tailgating. However, tailgating is still a commonplace event. A more recent example involved a woman who was able to access a restricted area of the Mar-a-Lago Trump Resort, carrying four mobile devices, a laptop computer, an external hard drive, and a thumb drive containing malware. Even with presidential security levels in place, she was able to circumvent security by pretending not to understand questions from security staff, the result being that “security staff blamed a language barrier and admitted her.”

Persons intent on harming an organisation and/or committing fraud will work hard to pull the wool over the eyes of employees. Human traits such as politeness or lack of vigilance or just being distracted by work can lead to nefarious individuals entering an organisation with malicious intent. Employees must be made aware of the dangers of what may seem harmless, like someone popping into an office who maybe shouldn’t be there. Security Awareness Training will close the door on tailgating and give employees the knowledge needed to tackle this insidious problem.

Other Articles on Cyber Security Awareness Training You Might Find Interesting