Tailgating Attacks: What They Are and How to Prevent Them

Tailgating is one of the simplest physical security attacks, and it works more often than it should. An unauthorized person follows an employee through a secured door, gaining access to areas they have no business being in.

It’s low-tech, it’s bold, and most organizations aren’t prepared for it.

How Tailgating Works

The concept is straightforward: someone without access credentials waits near a secured entrance and slips through when a legitimate employee opens the door. They rely on two things – timing and the fact that most people are too polite to challenge a stranger.

Common tactics:

• The silent follow – Waiting just behind someone approaching a door and walking through before it closes. If they act like they belong, most people won’t think twice.
• The hands-full trick – Carrying boxes, coffee cups, or paperwork so it seems natural to ask someone to hold the door.
• The rushed entrance – Moving quickly and appearing busy, counting on the fact that people hesitate to slow someone down who seems to be in a hurry.
• The back-door approach – Finding less-monitored entrances like loading docks, smoking areas, or side doors where employees are more casual about security.
• The impersonation – Dressing as a delivery driver, repair technician, or IT contractor. This requires props (uniform, toolbox, clipboard) but holds up better if questioned.

The goal is almost always to reach areas where they can steal data, plant devices, or gather intelligence for a follow-up cyberattack.

Why It Works

People don’t want to be rude. That’s really what it comes down to. Closing a door in someone’s face feels aggressive, and asking someone to show their badge feels confrontational. Attackers know this and exploit it.

In busy offices, employees also tend to assume that anyone walking around confidently has a right to be there. Without a culture that encourages verification, tailgaters can move through a building unchallenged.

Prevention Measures

Physical Controls

• [ ] Install badge readers or keypad locks on all entrances to sensitive areas
• [ ] Use turnstiles or mantrap doors in high-security zones (these only allow one person through at a time)
• [ ] Keep side entrances and loading docks secured with the same access controls as the front door
• [ ] Install security cameras at all entry points

Employee Training

• [ ] Train all staff to recognize tailgating attempts
• [ ] Make it clear that challenging unrecognized people is expected and encouraged
• [ ] Practice how to politely redirect someone: “Can I help you find who you’re here to see?” or “You’ll need to check in at reception”
• [ ] Run periodic awareness exercises

Visitor Management

• [ ] Require all visitors to sign in and receive a visible badge
• [ ] Escort visitors at all times in secure areas
• [ ] Verify delivery personnel and contractors before granting access
• [ ] Log all visitor entry and exit times

Culture and Reporting

• [ ] Create a reporting process for suspicious access attempts
• [ ] Post security awareness reminders near entrances
• [ ] Make sure employees know who to contact (security desk, facilities manager, etc.)
• [ ] Review security footage regularly, not just after incidents

Access Control Best Practices

• [ ] Issue individual access credentials to every employee (no shared badges or codes)
• [ ] Require badge tap/scan for every entry, even when walking in with a group
• [ ] Revoke access immediately when employees leave the company
• [ ] Report lost or stolen badges right away

The Bottom Line

Tailgating exploits courtesy, not technology. The fix is cultural as much as it is technical. Your employees need to understand that verifying someone’s access isn’t rude – it’s part of their responsibility. Pair that mindset with proper physical controls and you’ve closed one of the most commonly overlooked security gaps.