SlideShare a Scribd company logo

Piggy Backing & Tailgating (Security)

Download as PPTX, PDF
GAURAV. H .TANDON
GAURAV. H .TANDON

Piggy Backing & Tailgating (Security)

Leadership & Management
1 of 95
Piggy Backing & Tail Gating (Security) Crime Prevention Through Environmental Design
Piggy Backing & Tailgating • In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint. • The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.
Tailgating
Piggybacking
Piggy Backing & Tailgating • To describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person, the term tailgating is also used. "Tailgating" implies without consent (similar to a car tailgating another vehicle on the freeway), while "piggybacking" usually implies consent of the authorized person.
Tailgating
Piggy Backing & Tailgating • Piggybacking came to the public's attention particularly in 1999, when a series of weaknesses were exposed in airport security. • While a study showed that the majority of undercover agents attempting to pass through checkpoints, bring banned items on planes, or board planes without tickets were successful, piggybacking was revealed as one of the methods that was used in order to enter off- limits areas
Piggy Backing & Tailgating
Piggy Backing & Tailgating • Piggy-backers have various methods of breaching security. These may include: • Surreptitiously following an individual authorized to enter a location, giving the appearance of being legitimately escorted. • Joining a large crowd authorized to enter, and pretending to be a member of the crowd that is largely unchecked • Finding an authorized person who either disregards the law or the rules of the facility, or is tricked into believing the piggy backer is authorized, and agreeably allows the piggybacker to tag along. • Piggybacking can be regarded as one of the simpler forms of social engineering.
Surreptitiously following an individual authorized to enter a location
Joining a large crowd authorized to enter, and pretending to be a member of the crowd
Finding an authorized person who either disregards the law or the rules of the facility
Piggy Backing & Tailgating Common Courtesy • Piggy Backing occurs when an authorized individual permits others to follow behind without showing or registering proper authorization and gain access to a secure area.
Piggy Backing occurs when an authorized individual permits others to follow behind
Piggy Backing & Tailgating • Tailgating is a function of both the attitude of the individual and the corporate culture to wards adherence to security measures. • The impacts and costs of tailgating affect both the business and personnel including • ; Theft equipment and intellectual property • ; Workplace violence • ; Loss of business because of perception of lax security • ; Lax compliance with other security measures • ; Safety • ; Increased costs due to lack of knowledge of true real estate utilization
Piggy Backing & Tailgating
Piggy Backing & Tailgating
Introduction • Access control is the single most important component of the physical security and man guarding role in corporate security. • Access control is the management of the flow of people to areas for which they are authorized . • Access control must accommodate not only those familiar with the security culture , employees , but also others measures not familiar with the security culture; such as , contractors, visitors, the public , and occasionally the simply lost.
Access control
Introduction • Access control is a primary responsibility of company security. • The concept behind access control is that if we specifically determine in advance who is permitted access to certain areas and then control that access, we will have deterred improper activity from occurring, or in the case that improper activity does occur, we will be able to respond effectively. • Good access control speeds resolution of an incident by allowing security personnel to rapidly focus on those who had access to the area, or anomalies in access to an area.
Access Control
Introduction • Unfortunately , good access controls are very hard to achieve in an environment intended to be inviting to employees and customers, and also collaborative and productive . • A corruption of access controls can take the form of tailgating, in which the second person takes advantage of the first person’s entry without necessarily the complicit involvement of the first person
Good Access Controls Are Very Hard To Achieve
Tailgating
Introduction • Another form is piggybacking, in which the first person intentionally allows the second person to enter.
Piggybacking
The Problem • Common courtesy dictates holding doors open for one another. • In an access controlled environment, however, this behaviour is called tailgating and allows entrants to circumvent ‘badging’ by not presenting authentication for entry. • As soon as this occurs, access control measures such as badge systems have been circumvented. • Tailgating is surprisingly common in cooperative workplaces and has been observed at rates of 40 - 60% of all entrants to a building.
Holding Doors Open For One Another
Tailgating
Badging Systems • One might argue that many of those who “piggybacked in” (or “tailgated in”) have the appropriate credentials to allow them entry in to the space. • However, once badging systems have been circumvented, it is impossible to ascertain who is authorized and who is not. • This is a very big problem for an organization and does not come without costs.
Badging Systems
Costs of Tailgating • There are tangible and intangible costs to tailgating. • here is value in knowing who is in sensitive areas at all times. • The tangible costs of tailgating include: theft of equipment (e.g., laptops); • theft of sensitive hardware (e.g., proprietary hardware, roto-types ) • ; loss of intellectual property (e.g., software code) • ;workplace violence (e.g., entry of person committing violence at work) • ; physical attacks to network equipment
Tangible Costs Of Tailgating Include: Theft Of Equipment
lack of access control is an obvious security problem • While lack of access control is an obvious security problem with resulting tangible damages that are easily attributable, there are also intangible aspects of tailgating . • The intangible aspect of such breaches. Sites experiencing problems with non – compliance with basic security measures such as tailgating also tend to have other issues (e.g., management issues, bad behaviour, harassment, and others).
Lack Of Access Control Is An Obvious Security Problem
Lack Of Access Control Is An Obvious Security Problem • An environment can be created slowly over time in which there is a greater level of acceptance for poor management behaviour, harassment, ethical short - cuts, etc. • Tailgating may be a symptom of a larger problem that there is an attitude that security is not important and creates obstacles and slows employees in doing their jobs. • If employees adopt this attitude and don’t comply with security measures, there is greater potential for a security breach. • This tailgating behaviour can even affect customer relations and the loss of business.
Lack Of Access Control Is An Obvious Security Problem
Lack Of Access Control Is An Obvious Security Problem • Another intangible cost is the loss of productivity due to an incident occurring. • Loss of productivity in the event of a significant breach ,such as workplace violence or sabotage, is obvious. • Small incidents such as a single laptop theft can result in significant privacy issues, proprietary information loss, and marketplace confidence issues. • The resulting damage control diverts valuable resources to dealing with a problem that may have been avoided. • Even smaller incidents such as the theft of a wallet or purse results in a feeling of personal insecurity and violation that becomes the subject of extensive discussion and mistrust
Lack Of Access Control Is An Obvious Security Problem
Lack Of Access Control Is An Obvious Security Problem • In addition to the direct costs of theft, loss of productivity and market credibility, there are opportunity costs to the organization with respect to real -estate space savings and optimization.
Lack Of Access Control Is An Obvious Security Problem • The costs of tailgating definitely depend on the business model and product. For some organizations , the primary risk is entry of non - employees. • For other organizations, there is also the potential loss of proprietary hardware, personal or intellectual property and/or risk to personal safety. • While these risks are real, it is difficult to assess the potential costs of tailgating and the standard assessment tools either don’t exist or require such extensive customization that they are not useful.
Lack Of Access Control Is An Obvious Security Problem
Best Practices • A range of solutions to tailgating are presented in Table 1, which focuses on hardware, and Table 2, which focuses on social engineering.
Hardware Solutions
Electronic Turnstile
Revolving Door
Photo Beam Detection
People Eater
Card Reader
Intelligent Video Analytics
Iris Scan
Mantraps
Scissor Gates
Best Practices Social Engineering • Tailgating is primarily a behavioural problem, and physical security hardware is not the only method to influence or stop the behaviour. • There are also ‘soft - power’ options such as social engineering, where non - physical security incentives can successfully alter behaviour and increase compliance.
Best Practices Social Engineering
Badging Compliance • In order to influence greater badge compliance it is necessary to understand the reasons that influence an individual’s reason not to wear a badge , such as the following • Cultural backlash to badging can occur; for example, the security measures may generate the perception that big brother is watching. • The badge as fashion statement can also create a problem in getting people to wear badges above the waist.
Badging Compliance
Badging Compliance • A company must ensure compliance by clearly documenting its policies and procedures on badge wearing policy . Employees will then be aware of what is expected and management is supported when they are required to take action against non - compliance. • A documented policy should include that all employees must wear badges at all times, report stolen badges, and have temporary badges issued in the event of missing or stolen badges.
Badging Compliance
Badging Compliance • To influence badge wearing behaviour, success has been had by requiring multiple uses of the badges; hourly workers need the badges to clock in and out, to attend a class, to obtain a meal or work gloves in a factor y, and to gain printer access in a corporate setting. • In some organizations the use of the badge may need to be negotiated with a union; due to union concerns about using badges to clock in on assembly lines because of concern the data will be used to monitor individual performance.
Badging Compliance
Badging Compliance • Another important consideration in changing behaviour is the physical placement of badge reading equipment. • Many times the readers are placed on the wall on the hinge side of the door. • While that works fine for the first person that reads their badge, while the door is open, it becomes very difficult for subsequent people to read their badge even if they don’t want to piggyback. • Placing the reader in a location where it is easily accessible no matter the position of the door can make it easier to change social behaviour.
Badging Compliance
The following table (Table 2) lists some methods to promote the badge wearing behaviour within an organization. Table 2 . Social Engineering Solutions
Mandatory Wearing Badges
Awareness Campaign
Ask for Badges
Positive Reinforcements
Active Technology Barrier
Implementation Considerations • The most effective tailgating deterrent is single person revolving doors, which physically restrict access to a single user at a time upon presentation of a valid credential. • However, the deployment of single-person revolving doors at all corporate access points is untenable; issues of culture, aesthetics, accountability, and climate affect the solution that can be implemented.
Single-person Trap Doors At All Corporate Access
Single-person Revolving Doors At All Corporate Access • Single-person revolving doors are highly restrictive in throughput and would not be appropriate in almost all main lobby environments. • They are expensive to install and maintain at exterior peripheral doors. • They are also not conducive to creating an inviting culture of a collaborative work environment, and certainly not an aesthetically pleasing one
Single-person Revolving Doors At All Corporate Access
Implementation Considerations • The hardest and most difficult two problems to solve is a corporate environment that places high value on an aesthetic welcoming environment and has high throughput, and one in which the culture resists physical security measures.
Implementation Considerations • There are solutions available that are more open, have greater throughput, and are more aesthetically pleasing. • Such solutions include several layers of access controls prior to reaching a restricted space (concentric circles approach), high-speed electronic turnstiles (with and without physical barriers), photo-beam detectors, intelligent video, biometrics, guard presence / identity validation during high traffic hours, or a combination of such measures.
Implementation Considerations
Buildings and Building Function • Businesses with periods of high flow through, such as factories, require solutions that don’t delay traffic flow; like a mantrap would. • The implementation of physical security measures are further complicated with the repurposing of real estate, and leased buildings; owner approval is required and changes will need to be negotiated. • Many commercial buildings are like a sieve, and many thefts occur in commercial buildings. Many companies also have large campuses with many different buildings, some with better compliance than others. There are also campuses which house multiple companies that act independently but report to the same parent company.
Implementation Considerations
Implementation Considerations • Laws - Privacy issues, and different data retention laws by country (e.g., Italian privacy law prohibits the use of cameras on warehouse doors). • Many try to have a standard, but one which is open to country laws. Social political issues can be different depending on country of origin; the US thinks the Middle East is high risk, but locals use a different risk filter. This difference of perspective also applies to the regulatory environment (e.g., working with animals).
Implementation Considerations
Implementation Considerations • Accountability - A general security plan is relatively easy to implement when there is a single site with a single site executive. Difficulties arise with a campus where there is no single site director responsible, or there is a campus housing different companies with boards of directors that all report to a single parent company.
Implementation Considerations
Implementation Considerations • Climate- It is also necessary to work within your climate. A very windy environment can require revolving doors to keep them shut because it is windy and others don’t stay closed. This allows them culturally to retrofit buildings with more secure revolving doors.
Implementation Considerations
Implementation Considerations • Aesthetics – See the case study for a layered solution in an aesthetically pleasing lobby of a major firm using audible alarms with secondary full stop barriers. • Emergency Evacuation - A well-executed access control system can provide useful information in accounting for employees in an emergency evacuation (muster situation).
Aesthetics
Emergency Evacuation
Conclusion • You can install the most advanced security system on the market, but your security measures will fail if your occupants aren’t on board. • You need to create a secure building culture. Think about the difference between a casual office setting and going through airport security. Clear expectations and constant communication shape behaviour.
Conclusion
Conclusions • Tailgating is a common corporate security problem with high potential tangible and intangible costs. • Solutions for deterring/eliminating tailgating include hardware and social engineering approaches, which differ in cost, throughput, aesthetics, and other factors. • Badge-wearing compliance is a particularly challenging issue, and many lessons are provided for increasing compliance. • Implementation of solutions must be tailored to the aesthetic and cultural needs of a given scenario; the most challenging being providing access control in a welcoming, high-throughput, aesthetically pleasing lobby. The case study illustrates a real-world solution to this challenging scenario, which ultimately uses a combination of solutions
Tailgating
Tailgating
Tailgating: A Common Courtesy and a Common Risk
References • Tail-gating (Piggybacking) https://whatis.techtarget.com/definition/tailgating-piggybacking • Tailgating: A Common Courtesy and a Common Risk https://www.securitymagazine.com/articles/86026-tailgating-a-common-courtesy- and-a-common-risk • Piggybacking (security) https://en.wikipedia.org/wiki/Piggybacking_(security) • Security Tailgating (aka Piggybacking) http://www.alliedbarton.com/Portals/0/SRC/WhitePapers/Security%20Tailgating %20-%20Best%20Practices%20in%20Access%20Control.pdf • 10 Strategies to Prevent Tailgating https://www.buildings.com/article-details/articleid/13274/title/10-strategies-to- prevent-tailgating
Thanks…

Recommended

Physical access control
Physical access controlPhysical access control
Physical access control
Ahsin Yousaf
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Gary Bahadur
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 

Recommended

Physical access control
Physical access controlPhysical access control
Physical access control
Ahsin Yousaf
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Sam Bowne
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
Gary Bahadur
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
abodiford
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
Tom Eston
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
Security Culture and Insider Threat Training Course.ppt
Security Culture and Insider Threat Training Course.pptSecurity Culture and Insider Threat Training Course.ppt
Security Culture and Insider Threat Training Course.ppt
elijahj01012
 
Global Security Magazine
Global Security MagazineGlobal Security Magazine
Global Security Magazine
Gunnebo Central Europe
 

More Related Content

What's hot

Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
abodiford
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
Tom Eston
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
Aidy Tificate
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 

What's hot (20)

Sensitive Data Exposure
Sensitive Data ExposureSensitive Data Exposure
Sensitive Data Exposure
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Access Controls
Access ControlsAccess Controls
Access Controls
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Information security management
Information security managementInformation security management
Information security management
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 

Similar to Piggy Backing & Tailgating (Security)

Security Culture and Insider Threat Training Course.ppt
Security Culture and Insider Threat Training Course.pptSecurity Culture and Insider Threat Training Course.ppt
Security Culture and Insider Threat Training Course.ppt
elijahj01012
 
Global Security Magazine
Global Security MagazineGlobal Security Magazine
Global Security Magazine
Gunnebo Central Europe
 
Magazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-enMagazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-en
Anna Sadłowska
 
Magazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-enMagazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-en
Gunnebo Polska Sp. z o.o.
 
Gunnebo Customer Security Magazine - Global #3
Gunnebo Customer Security Magazine - Global #3Gunnebo Customer Security Magazine - Global #3
Gunnebo Customer Security Magazine - Global #3
Gunnebo UK
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
dianadvo
 
My_notes_part1.pdf
My_notes_part1.pdfMy_notes_part1.pdf
My_notes_part1.pdf
PhilLopez4
 
ethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.ppt
ShivaniSingha1
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
Mark John Lado, MIT
 
Common and Concerning Risks In IT
Common and Concerning Risks In ITCommon and Concerning Risks In IT
Common and Concerning Risks In IT
pbhugenberg3
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
CBIZ, Inc.
 
Cyber security
Cyber securityCyber security
Cyber security
TanmoyMaitra
 
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITYPSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
Major K. Subramaniam Kmaravehlu
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's Clothing
ThinAir
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfareNicholas Davis
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
Technocracy2
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 

Similar to Piggy Backing & Tailgating (Security) (20)

Security Culture and Insider Threat Training Course.ppt
Security Culture and Insider Threat Training Course.pptSecurity Culture and Insider Threat Training Course.ppt
Security Culture and Insider Threat Training Course.ppt
 
Global Security Magazine
Global Security MagazineGlobal Security Magazine
Global Security Magazine
 
Magazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-enMagazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-en
 
Magazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-enMagazyn korporacyjny-global-1-2016-en
Magazyn korporacyjny-global-1-2016-en
 
Gunnebo Customer Security Magazine - Global #3
Gunnebo Customer Security Magazine - Global #3Gunnebo Customer Security Magazine - Global #3
Gunnebo Customer Security Magazine - Global #3
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
 
My_notes_part1.pdf
My_notes_part1.pdfMy_notes_part1.pdf
My_notes_part1.pdf
 
ethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.ppt
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Common and Concerning Risks In IT
Common and Concerning Risks In ITCommon and Concerning Risks In IT
Common and Concerning Risks In IT
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Cyber security
Cyber securityCyber security
Cyber security
 
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITYPSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
PSM NOTES.pptx FOR BEGINNERS WANTING TO UNDERSTAND PHYSICAL SECURITY
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's Clothing
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 

More from GAURAV. H .TANDON

Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City Planning
GAURAV. H .TANDON
 
Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City Planning
GAURAV. H .TANDON
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart Cities
GAURAV. H .TANDON
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart Cities
GAURAV. H .TANDON
 
Premerital Sceening .pptx
Premerital Sceening .pptxPremerital Sceening .pptx
Premerital Sceening .pptx
GAURAV. H .TANDON
 
Polymath(Renaissance man)
Polymath(Renaissance man)Polymath(Renaissance man)
Polymath(Renaissance man)
GAURAV. H .TANDON
 
Crash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptxCrash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptx
GAURAV. H .TANDON
 
Voting Age .pptx
Voting Age .pptxVoting Age .pptx
Voting Age .pptx
GAURAV. H .TANDON
 
Ecological Footprint (1).pptx
Ecological Footprint (1).pptxEcological Footprint (1).pptx
Ecological Footprint (1).pptx
GAURAV. H .TANDON
 
Urban Heat Island Effect
Urban Heat Island EffectUrban Heat Island Effect
Urban Heat Island Effect
GAURAV. H .TANDON
 
Communication Skills
Communication SkillsCommunication Skills
Communication Skills
GAURAV. H .TANDON
 
The unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companiesThe unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companies
GAURAV. H .TANDON
 
Compassionate Cities
Compassionate CitiesCompassionate Cities
Compassionate Cities
GAURAV. H .TANDON
 
Gamification of Smart Cities
Gamification of Smart Cities Gamification of Smart Cities
Gamification of Smart Cities
GAURAV. H .TANDON
 
Anti-Microbial Copper
Anti-Microbial Copper Anti-Microbial Copper
Anti-Microbial Copper
GAURAV. H .TANDON
 
Smart Forest City
Smart Forest City Smart Forest City
Smart Forest City
GAURAV. H .TANDON
 
Smart forest cities
Smart forest cities Smart forest cities
Smart forest cities
GAURAV. H .TANDON
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
GAURAV. H .TANDON
 
Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters
GAURAV. H .TANDON
 
Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings
GAURAV. H .TANDON
 

More from GAURAV. H .TANDON (20)

Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City Planning
 
Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City Planning
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart Cities
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart Cities
 
Premerital Sceening .pptx
Premerital Sceening .pptxPremerital Sceening .pptx
Premerital Sceening .pptx
 
Polymath(Renaissance man)
Polymath(Renaissance man)Polymath(Renaissance man)
Polymath(Renaissance man)
 
Crash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptxCrash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptx
 
Voting Age .pptx
Voting Age .pptxVoting Age .pptx
Voting Age .pptx
 
Ecological Footprint (1).pptx
Ecological Footprint (1).pptxEcological Footprint (1).pptx
Ecological Footprint (1).pptx
 
Urban Heat Island Effect
Urban Heat Island EffectUrban Heat Island Effect
Urban Heat Island Effect
 
Communication Skills
Communication SkillsCommunication Skills
Communication Skills
 
The unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companiesThe unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companies
 
Compassionate Cities
Compassionate CitiesCompassionate Cities
Compassionate Cities
 
Gamification of Smart Cities
Gamification of Smart Cities Gamification of Smart Cities
Gamification of Smart Cities
 
Anti-Microbial Copper
Anti-Microbial Copper Anti-Microbial Copper
Anti-Microbial Copper
 
Smart Forest City
Smart Forest City Smart Forest City
Smart Forest City
 
Smart forest cities
Smart forest cities Smart forest cities
Smart forest cities
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
 
Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters
 
Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings
 

Recently uploaded

TCS AI for Business Study – Key Findings
TCS AI for Business Study – Key FindingsTCS AI for Business Study – Key Findings
TCS AI for Business Study – Key Findings
Tata Consultancy Services
 
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...
CIOWomenMagazine
 
Founder-Game Director Workshop (Session 1)
Founder-Game Director Workshop (Session 1)Founder-Game Director Workshop (Session 1)
Founder-Game Director Workshop (Session 1)
Amir H. Fassihi
 
一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证
一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证
一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证
gcljeuzdu
 
SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....
SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....
SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....
juniourjohnstone
 
Training- integrated management system (iso)
Training- integrated management system (iso)Training- integrated management system (iso)
Training- integrated management system (iso)
akaash13
 
W.H.Bender Quote 65 - The Team Member and Guest Experience
W.H.Bender Quote 65 - The Team Member and Guest ExperienceW.H.Bender Quote 65 - The Team Member and Guest Experience
W.H.Bender Quote 65 - The Team Member and Guest Experience
William (Bill) H. Bender, FCSI
 
Leadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact PlanLeadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact Plan
Muhammad Adil Jamil
 
Modern Database Management 12th Global Edition by Hoffer solution manual.docx
Modern Database Management 12th Global Edition by Hoffer solution manual.docxModern Database Management 12th Global Edition by Hoffer solution manual.docx
Modern Database Management 12th Global Edition by Hoffer solution manual.docx
ssuserf63bd7
 

Recently uploaded (9)

TCS AI for Business Study – Key Findings
TCS AI for Business Study – Key FindingsTCS AI for Business Study – Key Findings
TCS AI for Business Study – Key Findings
 
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...
 
Founder-Game Director Workshop (Session 1)
Founder-Game Director Workshop (Session 1)Founder-Game Director Workshop (Session 1)
Founder-Game Director Workshop (Session 1)
 
一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证
一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证
一比一原版杜克大学毕业证(Duke毕业证)成绩单留信认证
 
SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....
SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....
SOCIO-ANTHROPOLOGY FACULTY OF NURSING.....
 
Training- integrated management system (iso)
Training- integrated management system (iso)Training- integrated management system (iso)
Training- integrated management system (iso)
 
W.H.Bender Quote 65 - The Team Member and Guest Experience
W.H.Bender Quote 65 - The Team Member and Guest ExperienceW.H.Bender Quote 65 - The Team Member and Guest Experience
W.H.Bender Quote 65 - The Team Member and Guest Experience
 
Leadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact PlanLeadership Ethics and Change, Purpose to Impact Plan
Leadership Ethics and Change, Purpose to Impact Plan
 
Modern Database Management 12th Global Edition by Hoffer solution manual.docx
Modern Database Management 12th Global Edition by Hoffer solution manual.docxModern Database Management 12th Global Edition by Hoffer solution manual.docx
Modern Database Management 12th Global Edition by Hoffer solution manual.docx
 

Piggy Backing & Tailgating (Security)

  • 1. Piggy Backing & Tail Gating (Security) Crime Prevention Through Environmental Design
  • 2. Piggy Backing & Tailgating • In security, piggybacking, similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint. • The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.
  • 5. Piggy Backing & Tailgating • To describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person, the term tailgating is also used. "Tailgating" implies without consent (similar to a car tailgating another vehicle on the freeway), while "piggybacking" usually implies consent of the authorized person.
  • 7. Piggy Backing & Tailgating • Piggybacking came to the public's attention particularly in 1999, when a series of weaknesses were exposed in airport security. • While a study showed that the majority of undercover agents attempting to pass through checkpoints, bring banned items on planes, or board planes without tickets were successful, piggybacking was revealed as one of the methods that was used in order to enter off- limits areas
  • 8. Piggy Backing & Tailgating
  • 9. Piggy Backing & Tailgating • Piggy-backers have various methods of breaching security. These may include: • Surreptitiously following an individual authorized to enter a location, giving the appearance of being legitimately escorted. • Joining a large crowd authorized to enter, and pretending to be a member of the crowd that is largely unchecked • Finding an authorized person who either disregards the law or the rules of the facility, or is tricked into believing the piggy backer is authorized, and agreeably allows the piggybacker to tag along. • Piggybacking can be regarded as one of the simpler forms of social engineering.
  • 10. Surreptitiously following an individual authorized to enter a location
  • 11. Joining a large crowd authorized to enter, and pretending to be a member of the crowd
  • 12. Finding an authorized person who either disregards the law or the rules of the facility
  • 13. Piggy Backing & Tailgating Common Courtesy • Piggy Backing occurs when an authorized individual permits others to follow behind without showing or registering proper authorization and gain access to a secure area.
  • 14. Piggy Backing occurs when an authorized individual permits others to follow behind
  • 15. Piggy Backing & Tailgating • Tailgating is a function of both the attitude of the individual and the corporate culture to wards adherence to security measures. • The impacts and costs of tailgating affect both the business and personnel including • ; Theft equipment and intellectual property • ; Workplace violence • ; Loss of business because of perception of lax security • ; Lax compliance with other security measures • ; Safety • ; Increased costs due to lack of knowledge of true real estate utilization
  • 16. Piggy Backing & Tailgating
  • 17. Piggy Backing & Tailgating
  • 18. Introduction • Access control is the single most important component of the physical security and man guarding role in corporate security. • Access control is the management of the flow of people to areas for which they are authorized . • Access control must accommodate not only those familiar with the security culture , employees , but also others measures not familiar with the security culture; such as , contractors, visitors, the public , and occasionally the simply lost.
  • 20. Introduction • Access control is a primary responsibility of company security. • The concept behind access control is that if we specifically determine in advance who is permitted access to certain areas and then control that access, we will have deterred improper activity from occurring, or in the case that improper activity does occur, we will be able to respond effectively. • Good access control speeds resolution of an incident by allowing security personnel to rapidly focus on those who had access to the area, or anomalies in access to an area.
  • 22. Introduction • Unfortunately , good access controls are very hard to achieve in an environment intended to be inviting to employees and customers, and also collaborative and productive . • A corruption of access controls can take the form of tailgating, in which the second person takes advantage of the first person’s entry without necessarily the complicit involvement of the first person
  • 23. Good Access Controls Are Very Hard To Achieve
  • 25. Introduction • Another form is piggybacking, in which the first person intentionally allows the second person to enter.
  • 27. The Problem • Common courtesy dictates holding doors open for one another. • In an access controlled environment, however, this behaviour is called tailgating and allows entrants to circumvent ‘badging’ by not presenting authentication for entry. • As soon as this occurs, access control measures such as badge systems have been circumvented. • Tailgating is surprisingly common in cooperative workplaces and has been observed at rates of 40 - 60% of all entrants to a building.
  • 28. Holding Doors Open For One Another
  • 30. Badging Systems • One might argue that many of those who “piggybacked in” (or “tailgated in”) have the appropriate credentials to allow them entry in to the space. • However, once badging systems have been circumvented, it is impossible to ascertain who is authorized and who is not. • This is a very big problem for an organization and does not come without costs.
  • 32. Costs of Tailgating • There are tangible and intangible costs to tailgating. • here is value in knowing who is in sensitive areas at all times. • The tangible costs of tailgating include: theft of equipment (e.g., laptops); • theft of sensitive hardware (e.g., proprietary hardware, roto-types ) • ; loss of intellectual property (e.g., software code) • ;workplace violence (e.g., entry of person committing violence at work) • ; physical attacks to network equipment
  • 33. Tangible Costs Of Tailgating Include: Theft Of Equipment
  • 34. lack of access control is an obvious security problem • While lack of access control is an obvious security problem with resulting tangible damages that are easily attributable, there are also intangible aspects of tailgating . • The intangible aspect of such breaches. Sites experiencing problems with non – compliance with basic security measures such as tailgating also tend to have other issues (e.g., management issues, bad behaviour, harassment, and others).
  • 35. Lack Of Access Control Is An Obvious Security Problem
  • 36. Lack Of Access Control Is An Obvious Security Problem • An environment can be created slowly over time in which there is a greater level of acceptance for poor management behaviour, harassment, ethical short - cuts, etc. • Tailgating may be a symptom of a larger problem that there is an attitude that security is not important and creates obstacles and slows employees in doing their jobs. • If employees adopt this attitude and don’t comply with security measures, there is greater potential for a security breach. • This tailgating behaviour can even affect customer relations and the loss of business.
  • 37. Lack Of Access Control Is An Obvious Security Problem
  • 38. Lack Of Access Control Is An Obvious Security Problem • Another intangible cost is the loss of productivity due to an incident occurring. • Loss of productivity in the event of a significant breach ,such as workplace violence or sabotage, is obvious. • Small incidents such as a single laptop theft can result in significant privacy issues, proprietary information loss, and marketplace confidence issues. • The resulting damage control diverts valuable resources to dealing with a problem that may have been avoided. • Even smaller incidents such as the theft of a wallet or purse results in a feeling of personal insecurity and violation that becomes the subject of extensive discussion and mistrust
  • 39. Lack Of Access Control Is An Obvious Security Problem
  • 40. Lack Of Access Control Is An Obvious Security Problem • In addition to the direct costs of theft, loss of productivity and market credibility, there are opportunity costs to the organization with respect to real -estate space savings and optimization.
  • 41. Lack Of Access Control Is An Obvious Security Problem • The costs of tailgating definitely depend on the business model and product. For some organizations , the primary risk is entry of non - employees. • For other organizations, there is also the potential loss of proprietary hardware, personal or intellectual property and/or risk to personal safety. • While these risks are real, it is difficult to assess the potential costs of tailgating and the standard assessment tools either don’t exist or require such extensive customization that they are not useful.
  • 42. Lack Of Access Control Is An Obvious Security Problem
  • 43. Best Practices • A range of solutions to tailgating are presented in Table 1, which focuses on hardware, and Table 2, which focuses on social engineering.
  • 54. Best Practices Social Engineering • Tailgating is primarily a behavioural problem, and physical security hardware is not the only method to influence or stop the behaviour. • There are also ‘soft - power’ options such as social engineering, where non - physical security incentives can successfully alter behaviour and increase compliance.
  • 55. Best Practices Social Engineering
  • 56. Badging Compliance • In order to influence greater badge compliance it is necessary to understand the reasons that influence an individual’s reason not to wear a badge , such as the following • Cultural backlash to badging can occur; for example, the security measures may generate the perception that big brother is watching. • The badge as fashion statement can also create a problem in getting people to wear badges above the waist.
  • 58. Badging Compliance • A company must ensure compliance by clearly documenting its policies and procedures on badge wearing policy . Employees will then be aware of what is expected and management is supported when they are required to take action against non - compliance. • A documented policy should include that all employees must wear badges at all times, report stolen badges, and have temporary badges issued in the event of missing or stolen badges.
  • 60. Badging Compliance • To influence badge wearing behaviour, success has been had by requiring multiple uses of the badges; hourly workers need the badges to clock in and out, to attend a class, to obtain a meal or work gloves in a factor y, and to gain printer access in a corporate setting. • In some organizations the use of the badge may need to be negotiated with a union; due to union concerns about using badges to clock in on assembly lines because of concern the data will be used to monitor individual performance.
  • 62. Badging Compliance • Another important consideration in changing behaviour is the physical placement of badge reading equipment. • Many times the readers are placed on the wall on the hinge side of the door. • While that works fine for the first person that reads their badge, while the door is open, it becomes very difficult for subsequent people to read their badge even if they don’t want to piggyback. • Placing the reader in a location where it is easily accessible no matter the position of the door can make it easier to change social behaviour.
  • 64. The following table (Table 2) lists some methods to promote the badge wearing behaviour within an organization. Table 2 . Social Engineering Solutions
  • 70. Implementation Considerations • The most effective tailgating deterrent is single person revolving doors, which physically restrict access to a single user at a time upon presentation of a valid credential. • However, the deployment of single-person revolving doors at all corporate access points is untenable; issues of culture, aesthetics, accountability, and climate affect the solution that can be implemented.
  • 71. Single-person Trap Doors At All Corporate Access
  • 72. Single-person Revolving Doors At All Corporate Access • Single-person revolving doors are highly restrictive in throughput and would not be appropriate in almost all main lobby environments. • They are expensive to install and maintain at exterior peripheral doors. • They are also not conducive to creating an inviting culture of a collaborative work environment, and certainly not an aesthetically pleasing one
  • 73. Single-person Revolving Doors At All Corporate Access
  • 74. Implementation Considerations • The hardest and most difficult two problems to solve is a corporate environment that places high value on an aesthetic welcoming environment and has high throughput, and one in which the culture resists physical security measures.
  • 75. Implementation Considerations • There are solutions available that are more open, have greater throughput, and are more aesthetically pleasing. • Such solutions include several layers of access controls prior to reaching a restricted space (concentric circles approach), high-speed electronic turnstiles (with and without physical barriers), photo-beam detectors, intelligent video, biometrics, guard presence / identity validation during high traffic hours, or a combination of such measures.
  • 77. Buildings and Building Function • Businesses with periods of high flow through, such as factories, require solutions that don’t delay traffic flow; like a mantrap would. • The implementation of physical security measures are further complicated with the repurposing of real estate, and leased buildings; owner approval is required and changes will need to be negotiated. • Many commercial buildings are like a sieve, and many thefts occur in commercial buildings. Many companies also have large campuses with many different buildings, some with better compliance than others. There are also campuses which house multiple companies that act independently but report to the same parent company.
  • 79. Implementation Considerations • Laws - Privacy issues, and different data retention laws by country (e.g., Italian privacy law prohibits the use of cameras on warehouse doors). • Many try to have a standard, but one which is open to country laws. Social political issues can be different depending on country of origin; the US thinks the Middle East is high risk, but locals use a different risk filter. This difference of perspective also applies to the regulatory environment (e.g., working with animals).
  • 81. Implementation Considerations • Accountability - A general security plan is relatively easy to implement when there is a single site with a single site executive. Difficulties arise with a campus where there is no single site director responsible, or there is a campus housing different companies with boards of directors that all report to a single parent company.
  • 83. Implementation Considerations • Climate- It is also necessary to work within your climate. A very windy environment can require revolving doors to keep them shut because it is windy and others don’t stay closed. This allows them culturally to retrofit buildings with more secure revolving doors.
  • 85. Implementation Considerations • Aesthetics – See the case study for a layered solution in an aesthetically pleasing lobby of a major firm using audible alarms with secondary full stop barriers. • Emergency Evacuation - A well-executed access control system can provide useful information in accounting for employees in an emergency evacuation (muster situation).
  • 88. Conclusion • You can install the most advanced security system on the market, but your security measures will fail if your occupants aren’t on board. • You need to create a secure building culture. Think about the difference between a casual office setting and going through airport security. Clear expectations and constant communication shape behaviour.
  • 90. Conclusions • Tailgating is a common corporate security problem with high potential tangible and intangible costs. • Solutions for deterring/eliminating tailgating include hardware and social engineering approaches, which differ in cost, throughput, aesthetics, and other factors. • Badge-wearing compliance is a particularly challenging issue, and many lessons are provided for increasing compliance. • Implementation of solutions must be tailored to the aesthetic and cultural needs of a given scenario; the most challenging being providing access control in a welcoming, high-throughput, aesthetically pleasing lobby. The case study illustrates a real-world solution to this challenging scenario, which ultimately uses a combination of solutions
  • 93. Tailgating: A Common Courtesy and a Common Risk
  • 94. References • Tail-gating (Piggybacking) https://whatis.techtarget.com/definition/tailgating-piggybacking • Tailgating: A Common Courtesy and a Common Risk https://www.securitymagazine.com/articles/86026-tailgating-a-common-courtesy- and-a-common-risk • Piggybacking (security) https://en.wikipedia.org/wiki/Piggybacking_(security) • Security Tailgating (aka Piggybacking) http://www.alliedbarton.com/Portals/0/SRC/WhitePapers/Security%20Tailgating %20-%20Best%20Practices%20in%20Access%20Control.pdf • 10 Strategies to Prevent Tailgating https://www.buildings.com/article-details/articleid/13274/title/10-strategies-to- prevent-tailgating