Safeguarding your business from tailgating attacks and piggybacking

What is tailgating?

A tailgating attack is when an unauthorized person gains access to a restricted area by using or misusing someone else’s credentials, often by following an employee into a building. This security breach allows someone without affiliation to the organization to enter the premises under an employee’s identity. While following an employee is the most common form, other tailgating variations threaten business security.

Examples of common tailgating techniques include: 

• Piggybacking: While a typical tailgating attack involves sneaking into an area behind an authorized person, piggybacking incidents include consent. For example, the intruder will ask an employee to grant them property access under the pretense that they are authorized personnel.
• Employee fraud: This is a piggybacking variation where the intruder tries to convince an employee that they are locked out of the building. For example, claiming to have lost a keycard or pretending to be another employee.
• Contractor fraud: Similar to employee fraud, contractor fraud is when the intruder pretends to be a delivery person or a contractor who requires access to the property. Intruders may use disguises or props to legitimize this type of tailgating attack and confuse authorized staff.

Teaching security guards and employees to be aware of these techniques is central to improving tailgating security awareness, providing them with the information required to question and avoid suspicious activity.

The dangers of tailgating attacks

Tailgating attacks pose significant threats to businesses of all sizes, as once an intruder has access to a restricted location, they are able to commit wider offenses such as data theft, vandalism and even physical assault. 

Vandalism

Disgruntled former employees can exploit security gaps through tailgating attacks, using their insider knowledge to gain unauthorized access. Once inside, they may damage expensive equipment, deface property or disrupt operations, all of which can harm the business’s reputation and daily activities. This highlights the importance of strong access control to prevent such risks.

Espionage

Tailgating attacks could lead to espionage by allowing unauthorized individuals, such as competitors or cybercriminals, to gain physical access to sensitive areas. Once inside, they could steal proprietary information, plant malicious devices, or gather intelligence that could compromise confidential business operations. Access to secure zones could enable them to exploit weaknesses in cybersecurity, obtain employee records or disrupt critical processes, leading to significant financial and reputational damage for the company.

Theft

Tailgating and social engineering tactics can provide intruders the opportunity to enter restricted areas and steal valuable equipment. For example, an attacker may bypass office security systems by convincing employees that they’re a contracted IT worker coming to repair some expensive computer equipment. If granted free access to equipment storage rooms and maintenance areas, they can steal valuable items.

Assault

One of the most serious risks posed by tailgating attacks is the potential for physical assaults or active harm events, where the safety of employees and guests is endangered. If an intruder gains unauthorized access and commits such an act, the business may also face complications with insurance claims, depending on the terms of their policy. Ensuring strict adherence to access control protocols is essential to prevent both safety threats and potential legal or financial liabilities.

How to prevent tailgating and piggybacking

The dangers of tailgating, social engineering and piggybacking attacks on businesses and their employees are clear, illustrating the need for business owners to create and implement protective measures. There are a wide range of anti-tailgating devices and tailgating security best practices that can be deployed to help businesses improve physical security.

Control access using physical credentials

Restricting access to the main property and internal spaces using traceable physical credentials can help to prevent tailgating attacks from impacting operations. Access readers installed at the main entrances act as a physical deterrent, with only authorized credentials stored in a physical token like a company-issued key fob or smart card able to grant property access to authorized employees.

For the deployment of access control systems to be effective, however, employees must also be trained in how to operate them safely. Provisions must be made to ensure all staff know to keep their access credentials private from another person and to report lost or stolen cards immediately. If a cloud-based system is developed, compromised credentials can be deactivated remotely to reduce risk factors further. 

Utilize Multi-Factor Authentication (MFA)

Access control systems can be strengthened by combining the use of physical credentials with one or more additional forms of authentication, further reducing the risk of tailgating attacks by ensuring only one set of stolen credentials will not be enough to grant property access. Alongside key fobs or smart cards, businesses can choose to issue permissions in the form of mobile credentials and biometric information.

Mobile credentials can be sent to an employee’s smartphone and secured behind passwords and biometric protections. Additionally, high-risk areas inside the property such as server rooms and equipment storage spaces can be locked behind biometric door entry systems, meaning even if a tailgating attack occurs, the intruder cannot access high-security locations.

Install turnstiles at main entrances

Alongside technologically advanced anti-tailgating devices like biometric access control systems, simple turnstiles can be effective in combating tailgating incidents. By restricting traffic flow into a building to one person at a time, intruders will be prevented from sneaking in behind authorized staff members.

Combining turnstiles with access control locks can make for a reliable and effective anti-tailgating security solution.

Develop smart security systems

IP cameras positioned to provide continuous coverage of all main access points can help security staff to reliably address tailgating attacks. Anti-tailgating cameras can be developed using modern video analytics tools, with systems programmed to alert admins remotely in response to suspicious activities. AI security cameras can also help identify patterns or abnormalities at key entry points of a facility. 

For example, if motion is detected but access readers have not identified any valid credentials, an alert can be sent to security staff warning of a suspected intrusion event. Teams can then access live CCTV feeds to assess the situation from a remote position. This may involve sounding alarms or sending available security personnel to engage with the suspected intruder. 

Provide comprehensive security training

For anti-tailgating measures to be effective, all staff members must understand exactly how security technologies, policies and expected responses are intended to work. Even with sophisticated security systems in place, a lapse in judgment from an employee could result in an attacker tailgating in the workplace, so all proposed security measures must be deployed in combination with comprehensive employee training.

Staff should be taught how to spot common tailgating tactics and never grant access to unknown persons. Policies should outline how staff are expected to handle social engineering tactics. For example, if an unknown person claims to be a delivery person, staff must know who to contact to verify their identity and confirm or deny access to the property.

Regularly review and update security measures

Tailgating attacks evolve, with intruders developing new ways to circumvent anti-tailgating technologies and trick workers into granting them property access.

Cameras and integrated access control systems must receive regular software updates to defend against novel cyber-attacks, security guards must engage in regular drills and training programs to teach them about new tailgating tactics and staff must be regularly updated on anti-tailgating policies and procedures.

Tailgating security checklist to help prevent attacks

To help business owners and security teams implement effective tailgating security measures, below is an actionable checklist outlining intelligent preventative measures and best practices:

• Teach staff to report any unknown persons requesting property access to security teams.
• Teach staff to report any unknown persons on-site carrying no visible ID to security teams.
• Install access control readers and turnstiles at all main entrances to the property.
• Use MFA policies and biometric access readers to further restrict entry to high-risk locations.
• Program security cameras to send instant alerts to security staff warning of suspicious activity.
• Hold frequent training sessions covering common tailgating tactics and expected responses.
• Ensure access permissions for all former employees and contractors are revoked immediately.

Conclusion

Tailgating and piggybacking pose a significant threat to businesses of all sizes, providing intruders access to sensitive data and valuable equipment and placing the physical safety of employees and guests at risk. Protecting businesses from tailgating incidents requires a multifaceted approach, combining the use of intelligent security technologies and organizational policies to deter intruders from committing offenses.

Avigilon’s advanced security technologies and integrated systems are designed to address the complex challenges of modern business environments, offering enhanced protection against tailgating attacks and other common physical security threats to help business owners remain focused on essential operations.