RS Risk Solutions Favicon

CYBER RISKS AND LIABILITIES

Courtesy of RS Risk Solutions
Tailgating and Piggybacking Explained

Tailgating and piggybacking are low tech tactics used by malicious actors to access restricted areas. They occur when an unauthorised individual gains physical access to a location with sensitive information or vulnerable IT equipment, which can have significant financial and reputational impacts on businesses.

 
Understanding Tailgating and Piggybacking

Tailgating and piggybacking present a significant risk to cyber security. Although resources are often devoted to complex digital hacking methods, businesses should not overlook the threats  of tailgating and piggybacking. They are relatively simpler methods employed by cyber intruders to gain access to a business’s secure data or equipment.

Tailgating can occur when a malicious actor sneaks in buy following an authorised employee into a secured area. On the other hand, piggybacking is a type of social engineering tactic that occurs when the malicious actor tricks the authorised individual into letting them into a secure area. Here are examples of tailgating and piggybacking:

  • An intruder disguises themselves as a delivery person or contractor so an authorised employee allows them to enter the premises.
  • An authorised individual holds the door open for the unauthorised person behind them.
  • A malicious actor pretends to be an employee who has forgotten or lost their credentials.
  • An intruder carries a bulky item in their hands making them appear too full to open the door or they pretend to be distracted while talking on the phone and follow someone inside.
  • A trespasser acts as if they are an invited guest and may even use specific names of people in the office to appear legitimate.
  • An unauthorised individual follows an authorised individual through a slowly closing door before the door shuts and locks.

Once the perpetrator gains access to a restricted area the business faces several risks. The intruder can steal or view sensitive data, upload malware, take property or damage devices. These occurrences can lead to significant data breaches, creating compliance violations and reputational damage. Security breaches can erode the trust of vendors and clients leading to costly fines and penalties.

 Preventing Tailgating and Piggybacking Attacks

As part of a comprehensive approach to cyber security businesses should implement measures to prevent tailgating and piggybacking attacks. Consider the following actions:

  • Implement access control systems. Devices (eg badge readers, alarms, sensors and biometric scanners) can help prevent unauthorised individuals from entering secure areas. Entrances requiring multifactor identification can also discourage intruders.
  • Utilise surveillance cameras and video analytics. Closed circuit television and security cameras can help monitor who enters the premises and act as a visual deterrent. Advanced systems can also use artificial intelligence and video analytics to help identify unauthorised individuals.
  • Train employees on physical security awareness. Businesses can help reduce risks by educating employees on physical security threats and training them to prevent them. Instructing employees to ensure doors close behind them and to report suspicious activity can also help mitigate exposures.
  • Use visitor management systems for tracking and authorising visitors. Visitor management systems provide a record of who has entered an area. Whether the system involves an employee working at the front desk, a security guard or a digital system checking in visitors, it can provide a layer of security to confidential areas.
  • Install physical barriers. Turnstiles and security gates can provide a low tech way to secure areas and provide a perceptible obstacle to potential intruders.
  • Maintain clear security policies and procedures. Comprehensive security policies and procedures that address physical threats are essential. Its also critical to regularly update the policies and procedures and communicate any changes effectively.
  • Conduct regular security audits to identify vulnerabilities. Testing and auditing security systems can help identify and remedy weaknesses. Additionally they can provide insight into which methods are effective.

Conclusion

Physical breaches such as tailgating and piggybacking threaten confidential data and vulnerable equipment. Taking steps to understand and prevent these events can help reduce the risk of them occurring and offer financial and reputational protection.

For more information and risk management solutions, contact us today.

Legal Specific Disclaimer:
The following information is not exhaustive, nor does it apply to specific circumstances. The content therefore should not be regarded as constituting legal or regulatory advice and not be relied upon as such. Readers should contact a legal or regulatory professional for appropriate advice. Further, the law may have changed since the first publication of this information.

Add to my favourites

Speak to us

RS Risk Solutions Logo

Related Articles

SUBSCRIBE TO OUR NEWSLETTER

Registered office: 2 Windsor Mews, Crown Drive, Heathfield, East Sussex, TN21 8FP. Registered in England and Wales, No. 11899365.

RS Risk Solutions Limited is authorised and regulated by the Financial Conduct Authority. FRN 843988

We are an independent insurance broker regulated by the Financial Conduct Authority and operate in the UK, predominantly in London and the South East, Surrey, Kent, East Sussex, West Sussex.

Quick Links

Policies

Get Support

RS Risk Solutions Logo

Request a callback

By providing the above information you consent to RS Risk Solutions Limited contacting you by any of the methods that you have provided details for. We will process this information in accordance with our privacy notice.

RS Risk Solutions uses cookies to monitor the performance of this website and improve user experience. To find out more about cookies, what they are and how we use them, please see our privacy notice, which also provides information on how to delete cookies from your hard drive.