Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

What is a tailgating attack?

What is a tailgating attack?

Tailgating is a social engineering attack when an unauthorized person follows an employee into a restricted area. The most common form of tailgating attack involves sneaking behind an authorized person in a prohibited place. 

Tailgating attacks pose a significant threat to the security of both organizations and individuals. Implementing appropriate security measures reduces the risk of unauthorized access.


Understanding tailgating attacks

In a tailgating attack, the unauthorized person takes advantage of the natural inclination to hold the door open for others or the reluctance to confront someone who appears to belong in the restricted area. By blending in and appearing legitimate, the attacker gains entry to the restricted area without arousing suspicion.

An attacker may use tailgating to breach an organization's network and gain access to private documents, which can then be used to launch a cyberattack on the company, one that can cost millions of dollars. Once inside, the perpetrator may use a device to steal confidential data, access the company's network, or even infect an unlocked computer with malware.

Unlike traditional hacking methods that exploit software vulnerabilities, tailgating attacks rely on social engineering and human vulnerability.

According to Fortinet, “Tailgating can be followed by other kinds of attacks, such as malware or phishing. In some cases, attackers penetrate a network via tailgating to gain the trust of people they intend to victimize. In other words, a tailgating attack is usually only the first phase of a more elaborate assault.”

See more: HIPAA violation prevention: What is tailgating?


Who is at risk?

Any organization or business that operates in a secure environment is at risk of tailgating attacks. Some common characteristics of organizations vulnerable to these attacks include:

  • A large number of employees frequently entering and leaving the premises.
  • Multiple entrance points into the building.
  • Frequent deliveries of food, packages, and documents.
  • Substantial reliance on subcontractors or temporary workers.
  • Lack of proper training in physical and cybersecurity protocols.

Organizations need to be proactive in implementing security measures to prevent and mitigate the risks associated with tailgating attacks.

Related: Why do cyberattacks happen? 


Common techniques used in tailgating attacks

Tailgating attackers employ various techniques to gain unauthorized access to restricted areas. Some common tactics used in tailgating attacks include:

  • Posing as an employee: Attackers may dress in a manner that resembles the organization's employees.
  • Pretending to be a delivery driver: Attackers may carry packages or food and claim to deliver them to the organization.
  • Exploiting someone's kindness: Attackers may approach an employee with their hands full, making it difficult for them to access an entry point. The employee's natural inclination to help may lead them to hold the door open.
  • Impersonating a vendor or service worker: Attackers may dress as a vendor, service worker, or IT consultant, leveraging the trust associated with these roles to gain entry.
  • Disguising as an executive or VIP: Attackers may disguise themselves as high-ranking executives or VIPs in a hurry, hoping that employees will grant them access without question.

Read also: What is cyber extortion in healthcare?  


Preventing tailgating attacks

Preventing tailgating attacks requires a combination of physical security measures, employee training, and awareness. Here are some steps you can take to protect yourself and your organization:


Implement access control systems

Invest in access control systems that require authentication, such as key cards, biometric scanners, or PIN codes. These systems make it more difficult for unauthorized individuals to gain entry and provide an audit trail for tracking access.


Secure entrances and exits

Ensure that all entrances and exits are secured and that doors automatically close and lock after use. Install surveillance cameras and alarms as additional deterrents.


Provide employee training

Educate employees about the risks of tailgating attacks and the importance of not allowing unauthorized individuals into restricted areas. Train them to identify suspicious behavior and report any incidents or concerns.


Encourage vigilance

Promote a culture of vigilance and encourage employees to challenge individuals without proper identification or those attempting to gain access without authorization. Make it clear that security is everyone's responsibility.


Implement visitor management procedures

Establish clear protocols for managing visitors, including issuing visitor badges and escorting visitors at all times. Regularly review and update these procedures to address any vulnerabilities.


Regularly assess and update security measures

Regularly assess your physical security measures to identify weaknesses and make necessary improvements. Stay updated on the latest security technologies and best practices.


Monitor and analyze access logs

Regularly review access logs and analyze them for any suspicious patterns or anomalies. This can help identify potential tailgating incidents and allow for appropriate action to be taken.


Foster a security-conscious culture

Create a culture where security is prioritized and valued. Encourage employees to promptly report any security concerns or incidents, and reward proactive security behaviors.

See also: HIPAA Compliant Email: The Definitive Guide 



What is tailgating in the context of healthcare security?

Tailgating in healthcare security refers to the act of an unauthorized person gaining physical access to a secure area by following closely behind an authorized person. This can compromise the safety and privacy of patients and sensitive information.


Why is tailgating a significant security concern in healthcare facilities?

Tailgating is a big security concern because it can lead to unauthorized access to restricted areas, putting patient data, medical records, and sensitive information at risk. It can also pose physical safety threats to patients and staff.


What measures can healthcare facilities take to prevent tailgating?

Healthcare facilities can prevent tailgating by implementing strict access control policies, using security guards, installing turnstiles or mantraps, and educating staff about the importance of challenging unknown individuals attempting to enter secure areas.


How does tailgating impact HIPAA compliance?

Tailgating can impact HIPAA compliance by increasing the risk of unauthorized access to protected health information (PHI). Ensuring secure access to sensitive areas is necessary for maintaining the confidentiality, integrity, and availability of PHI as required by HIPAA.


Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.