By Leone Byereeta
Tailgating is one of the most common ways for hackers, thieves and other unpleasant characters to gain access to restricted areas. Tailgating is a physical Social Engineering attack where a person seeks to enter a restricted area where they are otherwise not allowed to be. This type of attack happens when the attacker follows an unaware user to gain access to an area without authorization. In any case, it’s easier to just follow an authorized person into the premises than breaking into it.
The most common example of a tailgating attack is when the attacker requests someone to hold open a locked door. By manipulating the victim’s goodwill, the fraudster can enter without proper verification.
The list of ways to fool others into opening or holding doors are endless. As soon as we think we’ve figured out the methods of fraudsters, they change them again. That’s why we need to constantly remind all of us in this publication the dangers of such attacks however straight forward or obvious they may seem to be.
What’s the Danger of Tailgating?
People who want to gain access to the Ministry of Finance, Planning and Economic Development (MoFPED) premises for example, can be after different things. Some simply want to steal valuable equipment such as laptops and smart devices. Often this equipment has sensitive information stored on it, so the theft is twofold. Some could be hoping to insert spyware into ports of specially targeted computers or routers to steal information or money.
Others could be trying to gain access to the server room to create a backdoor to the entire network and steal data and the entity’s secrets. And then there are those who simply want to cause harm, by violence, vandalism, reconnaissance or other means.
Tailgating can cause a lot of harm and in many ways. From simple loss of equipment to financial loss and severe damage to the entity’s reputation, or even physical harm to people. This article, therefore, is to emphasize to all staff of the Ministry that that it’s their responsibility to always challenge people who do not belong to the entity.
The problem with tailgating is that people often don’t realize it’s happening. That they, as authorized personnel, are responsible for stopping people from following them through open doors. Or that they should think twice before holding those doors.
Fraudsters, thieves and hackers all rely on either the kindness of strangers or lack of awareness and responsibility. They also know that confronting strangers and denying them access usually makes people uncomfortable.
Some guess work here, most of us would hold the door for a person who’s obviously struggling with a heavy box. Most of us are courteous, well-meaning people. But not thieves and hackers! They rely on our kindness and use it to gain access to our companies, our computers or servers, and our data. Being kind to strangers is usually a good thing. But when it comes to the safety and privacy of our workplace we should think twice and be on guard.
How to Prevent Tailgating
Good news is that the Ministry has endeavored to put in place several security policies to minimize the risk of tailgating. Access controls for entrances as well as specially restricted areas like the Data Centers have been put in place.
A few other basic things that have been considered include:
- Strict adherence to wearing of the work ID’s
- Requiring visitors to wear badges
- Security guards both uniformed and non-uniformed from Uganda Police Force to man entrances
- Use of bio-metrics as access control in the more restricted areas, also in some cases
- use of access control with PIN numbers
- Use a combination of any, or all, of those things.
Here are a few things that we need to memorize as employees to prevent tailgating, sometimes called piggybacking
- Don’t hold the door for anyone, even if they’re wearing their work ID or visitor’s badge.
- Stop people when they attempt to follow you into access restricted areas. Former employees should not be allowed unchecked access within the Ministry, even if they are your friends
- Challenge or report unaccompanied people in the work space if you don’t know them.
- Challenge or report people who are not wearing a visitor’s badge.
- Report suspicious characters to security.
- Direct guests who say they have a meeting to the reception.
- Close doors you know should be closed (if they don’t close properly, report it to security)
- Be constantly vigilant and aware of your surroundings.
- Be aware that thieves and hackers could be disguised as repairmen or delivery people.
- Former employees should not be allowed unchecked access within the Ministry, even if they are your friends.
The Writer is a Systems Officer, Accountant General’s Office at the Ministry of Finance, Planning and Economic Development.
