Here is a look at what tailgating is, how it works, and the best practices to detect and prevent tailgating.
Information Security is usually associated with digital threats. However, these threats do not have to begin and end in the cyber world. Where the cyber and physical collide is a point where data and IT resources are at risk.
Tailgating is a physical threat that can lead to data breaches and other cyber attacks. Someone who tailgates is an intruder, and as a tailgater, that individual can cause significant harm to an organisation. According to a 2020 report from Ponemon Institute, 10% of malicious breaches are caused by a physical security compromise.
An Overview of Tailgating
Tailgating is a tactic that piggybacks on a legitimate employee, contractor, legitimate visitor, etc., to enter a building or other restricted area without authorisation. Tailgating is unauthorised physical access that can lead to physical property damage and cyber attacks.
Tailgaters typically employ social engineering tactics to gain unauthorised access, manipulating human behavioural traits to enter a restricted area. An example could be an intruder carrying a load of parcels and then asking someone to hold open a door: tailgaters prey on our instinct to be friendly and polite. Once inside a restricted area, the tailgater can begin damaging property, stealing information, obtaining login credentials, and even installing malware.
Imagine that an employee is approached by someone saying they are from IT support, and they are there to check out a computer as it is believed to be infected with malware. There is a strong chance an employee will hand over the reins of the computer, fully logged in to the network. The tailgater can then easily install malware from a USB device or similar.
What is Physical Security in Information Security?
Physical security is the security of physical items such as people, property, and other objects. However, physical security is essential in preventing information leaks and other cyber breaches.
Devices and people are intrinsically connected in the hyper-connected organisation. Information is at risk if a cybercriminal gains access to a physical device, tricks an individual into handing over login credentials or even gets that individual to open the door to a restricted area. There is a tight merger between physical and information security, with physical exploitation leading to cyber-exploitation.
It is as essential to use robust security measures to protect physical security as it is to have a secure network infrastructure. The two are intrinsically linked; good physical security helps protect digital and physical assets. The protection of physical assets extends to using physical Security Awareness Training for all employees. Ensuring that staff are aware of the tricks used in tailgating will help protect physical assets such as computers and prevent a cyber attack or data theft.
Why Tailgating in the Workplace is a Security Risk
Tailgating exploits multiple vulnerabilities in an organisation and should be viewed as a severe level of risk. Once inside a restricted area, tailgaters can take full advantage by going ‘under the radar.’
Typical attack points of a tailgating exercise include access to computers to install malware or steal data, theft of printouts from unattended printers, password theft from handwritten password reminders on desks, and tricking employees into allowing access to a personal computer or another device.
Eliminating Tailgating Vulnerabilities
Tailgating vulnerabilities can be prevented by using the following best practices:
Audit your workplace: perform a full security and privacy audit of the physical spaces in your place of employment. This should include remote offices. Look for potentially vulnerable areas, such as lobbies, and define mitigative measures to secure those places.
Train employees in tailgating tactics: add physical security vulnerabilities such as tailgating to your Security Awareness Training program. Ensure that employees understand the importance of password hygiene, such as the importance of not sharing passwords.
Train employees in social engineering: tactics used by tailgaters to gain entry to restricted areas and computers should be part of your Security Awareness Training program.
Use robust physical security measures: deploy a series of physical security measures that prevent tailgating. For example, define secure processes for building entry; use CCTV in restricted areas to put off intruders; if possible, use biometric keypads to access restricted areas. Modern surveillance cameras are useful as they use advanced analytics to compare facial scans of employees and contractors with those entering a building.
Make IT and tech support visible: ensure that staff know who works in IT support by sending out standard mailers about IT employees with staff photos. Use other tactics to ensure that IT staff can be identified; for example, identity and access management technology, including ID badges, that can restrict physical access.
Make contractors visible: repeat the above for contractors and similar non-employee staff.
Make reporting easy: any organisation should have a known and practised policy that guides an employee on how to report a suspected intruder. By making this type of incident easy to report, it is much more likely that a tailgater will be caught before they do any damage.
Continuous vigilance: keep on top of tailgating by promoting a vigilant attitude amongst employees. Keep Security Awareness Training up to date and regularly carry out security hygiene and tailgating awareness sessions.
Cyber threats come in many forms, and a physical threat should be taken as seriously as a digital threat. At a Infrastructure Security and Resilience Forum conference, 41% of security professionals estimated that a single tailgating incident could cost an organisation between $500,000 to $2 million (£430,000 to £1.7 million). Physical attacks such as tailgating are as relevant now as ever. To ensure that an intruder does not violate your company, employ the above series of best practices in physical and cyber security measures.