Carnegie Mellon University

Man following someone into building

February 07, 2020

The Dangers of Security Tailgating

One of the most common and widespread security breaches affecting organizations today is a social engineering attack known as tailgating (also referred to as piggybacking). Tailgating is a physical security breach in which an unauthorized person follows an authorized individual to enter a typically secured area.

Tailgating is often utilized by criminals who take advantage of a helpful employee or student holding a door open for someone such as a visitor without a badge, or someone in a uniform appearing to be a worker. It may seem like a kind gesture and something you would do without thinking twice about, however these lapses in security can negatively impact the university via a significant data breach, financial loss through theft or property destruction, as well as damage the reputation of the university.

Due to the large size of our university, it’s easy to assume that an individual entering a building is an employee, contractor, or student which is why these breaches are often so successful. Criminals know that most individuals will shy away from confronting a stranger as it can lead to an uncomfortable situation. The consequences of a physical security breach are much worse than simply asking to see someone’s ID badge, or escort them to their destination. 

What Can You Do to Prevent Tailgating?

  • Always be aware of anyone following you through a door, especially into a restricted area. 
  • Bring attention to any unfamiliar individual you see trying to slip through physical security measures. 
  • Don't hold the door open for anyone, especially if the door requires a smart card authentication to enter.
  • When you notice a suspicious individual in a restricted area or your workspace, politely greet them and escort them to their correct location.
  • Report any suspicious individuals to the University Police.
  • If you find that a door does not automatically close or shut properly, report it to Facilities Management Services.