Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it.
Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference:
Piggybacking occurs when a person knowingly allows an unauthorized person into a restricted location—such as holding a secured door open for them.
Tailgating occurs when an unauthorized person slips into a restricted area without someone knowing—perhaps because someone left a secured door ajar.
In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.
Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property.
Businesses and organizations that find themselves at risk include those that:
Have many employees, often moving inside and out of the premises.
Have multiple entrance points into a building.
Receive deliveries of food, packages, and documents regularly.
Employ a sizable number of subcontractors.
Lack training in physical and cybersecurity protocols.
Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building.
However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace.
Common types of piggybacking and tailgating attacks
Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by:
Posing as a delivery driver bringing in packages or food.
Claiming they work in the building and that they left their ID at home.
Carrying a bulky load of boxes and hoping you’ll open the door to help.
Disguising themselves as a vendor, like a service worker or IT consultant.
Similarly, disguising themselves as an executive or V.I.P. who’s in a hurry.
In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature.
How to prevent piggybacking and tailgating attacks
A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.
Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include:
Don’t hold the door for anyone you don’t recognize as an employee.
Direct strangers who appear lost to a reception area.
Always close secure doors and ensure they lock.
Report any issues with a secure door, such as if it doesn’t close properly or closes too slowly.
Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage.
Use a lock screen on your computer to prevent access to networks and files.
Consider tethering your laptop to your desk with a laptop lock to prevent grab-and-run theft.
Securely store any printed materials.
Keep your personal items on your person, like your keys, smartphone, and other valuables.
Don’t hold the door
Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.