It is a common scenario. An employee swipes his identity card and enters his office premises. He spots someone without an id card outside the gates, wanting to get in. He wants to help – he offers them entry by swiping in his own card and goes on his way, happy in the knowledge that he has done something good.
Or let’s visualize another scenario. A group of employees go down to have lunch. One of them swipes their own card and holds it open for everyone to go through. He doesn’t notice that someone else has slipped inside while the door was open.
The scenario we are talking about is tailgating and it is one of the most common security problems in any office everywhere in the world. And it doesn’t just pose a physical security risk. Think of it this way, tailgating allows any unauthorized person to enter the company’s premises. The amount of harm they can do is immense. They can go in and steal confidential information. They can steal client data. In cybersecurity, one of the most common issues is insider threat and tailgating is one of those ways in which an insider can access a department which he may not be authorized to and steal data from there.
A recent survey estimated that the cost of a security breach caused by tailgating could range from $150,000 to “too high to measure”. While 70% of the respondents of the survey believed their or their businesses were vulnerable to security breaches from tailgating, only 15% said they were tracking tailgating incidents regularly. The last statistic indicates the issue – this is a common issue which happens everywhere but most security administrators don’t know how to deal with it.
The social factor
The reason could be social. While any form of security strongly emphasizes access control, that clashes with typical human behavior and courtesy. For most people, holding a door open for a colleague is just normal good behavior – on the flip side, shutting a door closed on someone else’s face or asking for someone’s credentials before letting them in is bound to feel uncomfortable and rude. Individuals hence just follow what the social cues they have grown up, allowing tailgating and hence defeating the sole purpose of access control.
To restrict tailgating, it is important for administrators to take recourse to both hardware and social engineering solutions. A few hardware solutions which can be put in place are:
- Electronic Turnstiles which serve as a physical barrier. They can be effective but also expensive. This solution may also give off the impression of a “closed office” which administrators may want to avoid
- Revolving Doors which only allow access to one person. These can be highly effective but are large and expensive to maintain. They also lead to bottlenecks leading to resentment and anger among the workforce.
- Retinal or Iris Scans can be extremely effective but require high degree of technical knowledge. These can be used for high security areas.
However, social engineering can go a long way through these steps:
- Awareness Campaigns which educate employees about the perils of tailgating, the security risks involved and why you should prevent tailgating on a regular basis is important to spread awareness about this practice
- Compliance can be enforced by creating a stringent Access Control policy and ensuring all employees adhere to it. Those who do not comply will run the risk of disciplinary measures that may even include loss of employment
Ultimately, for a secure workplace, it is important to keep tailgating at a minimum through a judicious mix of both hardware and social engineering solutions. While awareness campaigns educate employees, physical solutions will actually enforce anti-tailgating and help enterprises keep their data secure and safe.