With the topic of security becoming increasingly cyber focused, it’s important for SMEs to not forget and underestimate the physical side. One particular form of attack to be aware of is the social engineering technique called ‘tailgating’ (piggybacking).
Here is an overview of tailgating, including 5 tailgater tricks SMEs must be aware of, and how security technology and staff training can help.
What is tailgating?
Tailgating is a technique of social engineering , which is a form of security attack used to gain access to premises and confidential information by capitalizing on psychological manipulation. The tailgating technique is used by social engineers to gain physical access to data or business premises. An attack simply involves a social engineer following an employee into their place of work, masked as an employee or visitor. Once inside, the social engineer will try a range of tactics to trick employees into granting them access into unauthorized areas. Once they have access, they’re presented with the opportunity to gather information, steal, or fulfil any other agenda, until they are caught (if caught).
It’s reported that 97% of people don’t even realize they’ve been targeted by social engineers, which means most of the time, employees are unaware of being tricked (Nerds Support). That makes it critical for SMEs to be aware of tailgating tactics, train staff so they don’t make mistakes, and implement the right security technology for protection.
5 common tailgating tactics social engineers use
1. Walk behind employees opening doors
Social engineers look out for opportunities to follow employees opening doors to restricted areas. As it is basic courtesy to leave a door open for people behind us, an employee may do so and unknowingly provide access to a non-authorized person with malicious intentions.
2. Pose as a courier
Social engineers may pose as couriers or similar delivery personnel to get into and circulate freely within a building. If an employee or receptionist isn’t probing enough, they may allow them to access an office/floor they claim to have a delivery for.
3. Pretend their hands are too full to open doors
Social engineers may also be granted access by walking towards doors carrying multiple things in their hands. As with leaving doors open behind them, employees may show common courtesy and help by opening a door for the intruder.
4. Claim to have ‘forgotten their ID’
Some social engineers may try to mask themselves as employees with conviction, by pretending to have lost their access ID, or left it at home. In doing so, they would hope to be handed a temporary pass, or that someone would open a door for them.
5. Act as if they have been invited by someone
If all else fails, or seems difficult to do, social engineers will claim that they have been invited as a guest of an employee. They may even be prepared with a name and details of a person, which could convince someone to grant them access. Such details can be garnered through other social engineering techniques such as eavesdropping. More here.
Make awareness a top priority
All 5 of the common tailgating tactics rely upon employees making common human errors, which work to social engineers’ advantage. If SMEs actively train their staff to be aware of these tactics, and explain how to deal with them, the risk of employees making errors can be eased. Key things all members of staff must know are:
- Don’t leave a secure door open for an unfamiliar person behind you. Always ask to confirm their identity when unsure who they are, and if safe.
- Validate all deliveries with the recipient before sending a courier their way. Keep a daily record of expected deliveries at reception (if there is one in the building)
- Before helping someone unfamiliar with opening a door, ask them who they are, where they’re going, and who they are taking any held items to
- Don’t give access to anyone who claims they have forgotten their ID, before validating who they are. Confirm with management before issuing temporary passes
- Always confirm visitors with who they claim to have invited them, before granting visitors access to their ‘host’
How security technology can help
Alongside staff training, SMEs should also consider implementing security technology that allows them to control access and identify threat. That includes access control, CCTV and intruder detection.
An access control system enables SMEs to assign IDs to each employee, which they need to keep with them for access. Temporary access passes can be provided for visitors, contractors or even if an employee has forgotten their ID. Access control systems enable SMEs to build layers of security within the building, through the assignment of access rights based on role or seniority for example. this could mean different people having access to different parts of the promises. Having all internal as well as external access points access controlled ensures that even if an intruder has managed to gain access to the building, their movement will be heavily restricted by the multiple access control points. As an added precaution, a strict policy of always presenting employee IDs when moving around premises should be implemented, which makes it easier to spot unauthorized people.
CCTV cameras can serve as a deterrent for social engineers, as seeing them may make them think twice about attempting access. CCTV can also help to identify suspicious behaviors, such as people hanging around a back door waiting to be let in. An example of that is an outdoor smoking area, where social engineers could get into conversation with an employee on a smoke break, and follow them in once their break ends. The ability to access live CCTV footage also helps, as trained staff can keep an eye on suspicious people and observe their movement.
Intruder detection technology helps to pick up movement in sensitive areas and provides alerts. For example, if a social engineer has managed to gain access and is in normally non-manned secure area a sensor will detect movement and trigger an alarm. Once alerted, SMEs are able to verify the movement using CCTV footage, allowing security to act accordingly and prevent attacks.
Strength in partnership
Having the backing of a reputable security partner is vital for right sizing security technology that helps to prevent tailgaters. Here are some criteria we recommend SMEs consider when picking a security partner:
- Expertise in integration of security systems – including CCTV and intruder detection
- Support with upgrading technology and services as the business continues to grow Convenient, local support to address system issues with minimal delay
- The expertise to understand and handle different challenges across various markets
- A technology expert that’s able to provide access to the latest security innovations
The above also rings true for SMEs who are renting shared/co-working spaces. It’s important to ensure that the same level of options is provided by your landlord’s choice of security partner. That gives the confidence that the security of your working space is in safe hands.
Find out more today about how you can implement effective security technology to protect your SME from tailgating attacks.