03 Oct Is Tailgating Putting Your Data Security at Risk?
Here in Texas, there are few activities we enjoy more than football. High school, college, even professional teams have engaged fan bases from Monday evening, to Friday Night Lights, to almost every day in between.
And football season signals the return of tailgating.
For sporting events, tailgating is a fun-filled activity. When it comes to data security? Tailgating is a real cause for concern.
Gartner reports that “security and risk management technology and services is forecast to grow 12.4% to reach $150.4 billion in 2021,” to combat the fallout of data breaches now costing an average of $4.24 million.
While your industry may not have specific regulatory requirements around tailgating, the potential for a significant breach means this vulnerability is one to watch for moving forward.
If you’ve never heard of the dangers posed by tailgating, read on.
Cybersecurity Concerns That Extend Beyond Your Network and Computers
Call it a “random act of kindness” gone wrong. When threat actors use tailgating to breach your physical location, they rely on the inherent politeness of your employees to gain access where these criminals don’t belong.
Tailgating is another one of those social engineering attacks we talked about in last week’s article.
Your staff are likely nice folks who don’t mind holding the door open for someone with full hands.
Or helping out someone who has an appointment on the third floor. Or someone who claims to be there to see “Ellen” in accounting. Just sticking close to an arriving employee can work in a pinch.
Any of the previous scenarios is a common way that cyber attackers get into your onsite server room where they can cause all sorts of harm.
It also is worth mentioning that hybrid work schedules can contribute to the risks posed by tailgaters – your staff isn’t as familiar with the people who belong in the building these days.
What Types of Businesses Are Most At Risk of Tailgating Attacks?
While any business can be the victim of a tailgating attack, mid to large size firms are popular targets because the nature of the business means that there are more people to keep track of and more secondary contractors servicing the facilities.
Other high risk businesses are those with a lot of foot traffic, any business with multiple points or unsecured points of entry, or organizations that have restricted access spaces like server rooms.
If you realistically can’t keep contractors, delivery people, or the general public away from your business location, there are still things you can do to protect against tailgating style attacks.
How to Protect Against Tailgating Attacks
Like any other type of social engineering attack, preventing tailgating is made more challenging by years of engrained human behavior. Holding the door for someone. The threat posed is not obvious.
However, there are several ways that you can protect your data from potential tailgating attacks:
• Develop policies and procedures that are designed to make employees aware of the risks. Ask human resources to consider running awareness campaigns designed to remind employees about the need to swipe badges when entering the building or other secure areas.
• Have a conversation with your contractors. They may be authorized to be on the property, but they can be a weak link in your security. Since they don’t know who should be allowed access, they tend to let anyone who has a feasible reason for being there get beyond security checkpoints.
• Regularly check your employees’ response to other social engineering ruses. It’s unfortunate, but training your staff to be suspicious can really help shore up your defenses.
• Move servers off site. If your network operates off a secure off-site data center, more of your infrastructure is protected. Individual machines and other end points are hardened and protected by cloud-based security that is updated regularly and monitored 24/7. While no system is 100% secure, removing the temptation presented by a server room may help guard against tailgating attacks.
It’s Time to Consider the Security Benefits of a Cloud Hosted Solution
Employee training and improvements to physical security are an ever-growing cost of doing business. Depending on your situation, you may not even have the ability to truly control access to your place of business.
Cloud based solutions can offer another layer of protection by moving your computing infrastructure off site. The cloud has other business benefits as well: reduced IT costs, improved security, flexibility, agility, and lower total cost of ownership.
Ready to migrate your business computing operations to the cloud? Talk to one of our experts today.