The Subtle Art of Tailgating

Photo by Adrien Olichon on Unsplash

If you work anywhere that requires you to enter a building/property, you should be aware of tailgating and the potential dangers. Most people think of tailgating as an event in a parking lot somewhere outside of a sporting event. People hanging out with friends and having a great time cheering on their favorite teams. In the security world, tailgating has a different meaning. Tailgating means when someone enters a building or property without validating their credentials to enter. This is usually done by going in with or behind someone that has validated their credentials to enter the building. Some tailgating activities can be harmless, but as a best practice everyone should validate their credentials when entering a building or property. Let us explore some scenarios to help understand why this is so important.

Physically gaining access to a building or property is one of the objectives of bad actors when it comes to not only information security, but physical security as well. Tailgating is one of the most common methods of gaining access because it is fairly easy and effective. A scenario would be a group of coworkers coming back to work from a team lunch. The energy is still high and the food comma has not kicked in yet. One by one, they all badge in at the main door. But, as they were approaching their lobby, a person was outside of the building on a phone conversation. That person naturally ends his call and proceeds to enter the building with the group coming in from lunch. No one questions the person because he looks like he belongs and maybe one or two of the members from the lunch crew also may have forgotten to scan their badges. . . no big deal. Except that a bad actor is now in your building and can start their next phase of their malicious attack.

Another scenario to be mindful of is that of a disgruntled employee. This person, often fired, can be looking to get revenge, hurt employees, steal data, or any other malicious activity. The scenario goes like this. The former employee is fired for doing something bad. He is terminated and escorted out of the building. No one finds out because oftentimes, this information is not shared with other employees. The next morning, the fired employee shows up and waits for someone to let him in. Since they were coworkers the day before, it is very easy to ask to be let into the building because the actor forgot his badge at home or at his desk. The other employee lets him in the building because they work together. While this scenario does not typically happen, it can happen.

Next time you are entering your building, make sure you challenge that person behind you. It can be very easy to just walk and not make sure the door closes behind you. It can be very easy to think that the person trying to get in belongs. But every time you walk through the doors of your building or property, remember that not everyone is what they seem. Challenge and question. Everyone should be validating their access. Even if you know them personally and are best friends with that person, just make sure that person can still access the building.

I’m an engineer working professionally in San Diego, CA. I’m trying to improve every day and use this space to document. Connect: