Tailgating: A Common Courtesy and a Common Risk

A recent survey of enterprise security executives offers remarkable perceptions about the risk of tailgating.

Tailgating is one of the most common and innocent security breaches – an employee opening a door and holding it open for others, visitors without badges, or the passive acceptance of a uniformed worker. The problem with these situations and common courtesy is that they open your building to undocumented and unauthorized entry by individuals who could intend harm to your property and employees.

According to a recent survey of enterprise security executives by Boon Edam Inc., based on what they have seen in the media over the past 10 years, a solid majority of all the respondents (69 percent) believe that security breaches from tailgating remain at the same level or are on the rise.

Even more, a strong majority of all respondents (77 percent) believe that “guards and barriers” and “unmanned barriers that prevent tailgating” are the most effective way to curtail tailgating. However, only a minority (18 percent) of end user respondents say they were currently using either of those choices.

Most end users are vulnerable to physical infiltration and they know it, according to the survey. How are they mitigating it? The majority (78 percent) are taking a reactionary stance to dealing with tailgating (using an access control system, security officers, video surveillance cameras and video management software) and at the same time, the majority (74 percent) are not tracking tailgating and believe they are vulnerable to a physical breach from tailgating (71 percent).

Overall, says the survey, both end users and security advisors see tailgating as a serious issue and there is a high level of perceived vulnerability. A strong majority believe that what they have is not enough to prevent physical intrusion and they understand that physical barriers are the best approach (with security officers when applicable).

Regarding the cost to mitigate tailgating, many enterprise security executives see the cost of infiltration as being at or less than $500,000, and for these executives there may be an issue justifying the investment/expense of installing security entrances beyond the after-the-fact strategies they have in place now (such as swing doors with access control system and credential reader, security officers, cameras and video). They may heavily rely on employee education and the honor system to prevent intrusion, the survey data shows.

“A majority of security advisors understand and recommend security entrances to mitigate tailgating, but a minority of end users have invested in them even when a majority of them believe they are vulnerable,” the survey says. “This implies a lack of budget/approval or the perception that the possibility of a breach or the cost of a breach are not a high enough to prioritize investment sooner versus later.”

Compliance with industry regulations may force some end users to implement security controls to mitigate tailgating. According to the survey, a majority of end users and security advisors are aware of industry regulations and the need to comply with them. However, a solid majority of end users use reactive, forensic strategies for addressing tailgating (alarming and responding after the fact), which may put them at additional risk of incurring hefty fines.

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.