Defence methods against tailgating











up vote
28
down vote

favorite
1












This is a follow-up question to this one: Roles to play when tailgaiting into a residential building



How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?










share|improve this question









New contributor




Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    28
    down vote

    favorite
    1












    This is a follow-up question to this one: Roles to play when tailgaiting into a residential building



    How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?










    share|improve this question









    New contributor




    Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      28
      down vote

      favorite
      1









      up vote
      28
      down vote

      favorite
      1






      1





      This is a follow-up question to this one: Roles to play when tailgaiting into a residential building



      How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?










      share|improve this question









      New contributor




      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      This is a follow-up question to this one: Roles to play when tailgaiting into a residential building



      How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?







      physical social-engineering physical-access






      share|improve this question









      New contributor




      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited yesterday









      schroeder

      70.5k27152188




      70.5k27152188






      New contributor




      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked yesterday









      Lithilion

      25127




      25127




      New contributor




      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          11 Answers
          11






          active

          oldest

          votes

















          up vote
          35
          down vote













          This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.



          You have to work with human nature, not against it.



          So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:



          Revolving door only letting one person in at a time.






          share|improve this answer

















          • 13




            there are nicer-looking gates :)
            – schroeder
            yesterday






          • 1




            @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
            – mbrig
            yesterday










          • Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
            – deltzy
            22 hours ago










          • Also stops people from say, propping open key-carded doors the way they tend to do in my building.
            – Jared Smith
            22 hours ago






          • 8




            @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
            – Nuclear Wang
            20 hours ago


















          up vote
          13
          down vote













          You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.



          The company protects itself by




          • installing physical gates that only allow one person in at a time

          • controls that prevent the same passcard being used on the same side of the gate

          • human monitors to detect tailgating

          • training people to politely challenge those trying to get in without using the proper methods






          share|improve this answer

















          • 1




            "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
            – user2357112
            19 hours ago








          • 4




            @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
            – schroeder
            19 hours ago








          • 6




            There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
            – Jörg W Mittag
            18 hours ago






          • 1




            @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
            – alephzero
            18 hours ago






          • 2




            Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
            – Aganju
            13 hours ago


















          up vote
          9
          down vote













          (Just a passer-by opinion)



          Obviously, a physical gate would work the best.



          In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.



          One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.



          At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.






          share|improve this answer










          New contributor




          Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.














          • 4




            The problem with letting in people that you recognise is the case when the employee was recently let go.
            – schroeder
            21 hours ago






          • 7




            Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
            – Monty Harder
            19 hours ago


















          up vote
          5
          down vote













          The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.



          If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.






          share|improve this answer




























            up vote
            3
            down vote













            There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.



            Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.



            I would suggest something like
            Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

            If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.






            share|improve this answer








            New contributor




            ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.

























              up vote
              2
              down vote













              As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.



              Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.






              share|improve this answer








              New contributor




              William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.


















              • Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                – Nosajimiki
                9 hours ago


















              up vote
              1
              down vote













              This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.



              You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.



              How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".



              Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.






              share|improve this answer








              New contributor




              Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.

























                up vote
                0
                down vote













                Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.



                For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.






                share|improve this answer





















                • How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                  – vlaz
                  8 hours ago










                • I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                  – Aganju
                  4 hours ago


















                up vote
                0
                down vote













                If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.



                Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.






                share|improve this answer























                • They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                  – Nosajimiki
                  9 hours ago


















                up vote
                0
                down vote













                One solution is to have "secret drills".



                Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.



                Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".



                Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.






                share|improve this answer






























                  up vote
                  -1
                  down vote













                  If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.






                  share|improve this answer





















                    Your Answer








                    StackExchange.ready(function() {
                    var channelOptions = {
                    tags: "".split(" "),
                    id: "162"
                    };
                    initTagRenderer("".split(" "), "".split(" "), channelOptions);

                    StackExchange.using("externalEditor", function() {
                    // Have to fire editor after snippets, if snippets enabled
                    if (StackExchange.settings.snippets.snippetsEnabled) {
                    StackExchange.using("snippets", function() {
                    createEditor();
                    });
                    }
                    else {
                    createEditor();
                    }
                    });

                    function createEditor() {
                    StackExchange.prepareEditor({
                    heartbeatType: 'answer',
                    convertImagesToLinks: false,
                    noModals: true,
                    showLowRepImageUploadWarning: true,
                    reputationToPostImages: null,
                    bindNavPrevention: true,
                    postfix: "",
                    imageUploader: {
                    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                    allowUrls: true
                    },
                    noCode: true, onDemand: true,
                    discardSelector: ".discard-answer"
                    ,immediatelyShowMarkdownHelp:true
                    });


                    }
                    });






                    Lithilion is a new contributor. Be nice, and check out our Code of Conduct.










                     

                    draft saved


                    draft discarded


















                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197817%2fdefence-methods-against-tailgating%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown

























                    11 Answers
                    11






                    active

                    oldest

                    votes








                    11 Answers
                    11






                    active

                    oldest

                    votes









                    active

                    oldest

                    votes






                    active

                    oldest

                    votes








                    up vote
                    35
                    down vote













                    This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.



                    You have to work with human nature, not against it.



                    So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:



                    Revolving door only letting one person in at a time.






                    share|improve this answer

















                    • 13




                      there are nicer-looking gates :)
                      – schroeder
                      yesterday






                    • 1




                      @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
                      – mbrig
                      yesterday










                    • Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
                      – deltzy
                      22 hours ago










                    • Also stops people from say, propping open key-carded doors the way they tend to do in my building.
                      – Jared Smith
                      22 hours ago






                    • 8




                      @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
                      – Nuclear Wang
                      20 hours ago















                    up vote
                    35
                    down vote













                    This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.



                    You have to work with human nature, not against it.



                    So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:



                    Revolving door only letting one person in at a time.






                    share|improve this answer

















                    • 13




                      there are nicer-looking gates :)
                      – schroeder
                      yesterday






                    • 1




                      @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
                      – mbrig
                      yesterday










                    • Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
                      – deltzy
                      22 hours ago










                    • Also stops people from say, propping open key-carded doors the way they tend to do in my building.
                      – Jared Smith
                      22 hours ago






                    • 8




                      @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
                      – Nuclear Wang
                      20 hours ago













                    up vote
                    35
                    down vote










                    up vote
                    35
                    down vote









                    This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.



                    You have to work with human nature, not against it.



                    So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:



                    Revolving door only letting one person in at a time.






                    share|improve this answer












                    This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.



                    You have to work with human nature, not against it.



                    So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:



                    Revolving door only letting one person in at a time.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered yesterday









                    Anders

                    47.4k21134157




                    47.4k21134157








                    • 13




                      there are nicer-looking gates :)
                      – schroeder
                      yesterday






                    • 1




                      @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
                      – mbrig
                      yesterday










                    • Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
                      – deltzy
                      22 hours ago










                    • Also stops people from say, propping open key-carded doors the way they tend to do in my building.
                      – Jared Smith
                      22 hours ago






                    • 8




                      @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
                      – Nuclear Wang
                      20 hours ago














                    • 13




                      there are nicer-looking gates :)
                      – schroeder
                      yesterday






                    • 1




                      @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
                      – mbrig
                      yesterday










                    • Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
                      – deltzy
                      22 hours ago










                    • Also stops people from say, propping open key-carded doors the way they tend to do in my building.
                      – Jared Smith
                      22 hours ago






                    • 8




                      @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
                      – Nuclear Wang
                      20 hours ago








                    13




                    13




                    there are nicer-looking gates :)
                    – schroeder
                    yesterday




                    there are nicer-looking gates :)
                    – schroeder
                    yesterday




                    1




                    1




                    @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
                    – mbrig
                    yesterday




                    @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
                    – mbrig
                    yesterday












                    Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
                    – deltzy
                    22 hours ago




                    Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
                    – deltzy
                    22 hours ago












                    Also stops people from say, propping open key-carded doors the way they tend to do in my building.
                    – Jared Smith
                    22 hours ago




                    Also stops people from say, propping open key-carded doors the way they tend to do in my building.
                    – Jared Smith
                    22 hours ago




                    8




                    8




                    @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
                    – Nuclear Wang
                    20 hours ago




                    @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
                    – Nuclear Wang
                    20 hours ago












                    up vote
                    13
                    down vote













                    You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.



                    The company protects itself by




                    • installing physical gates that only allow one person in at a time

                    • controls that prevent the same passcard being used on the same side of the gate

                    • human monitors to detect tailgating

                    • training people to politely challenge those trying to get in without using the proper methods






                    share|improve this answer

















                    • 1




                      "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
                      – user2357112
                      19 hours ago








                    • 4




                      @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
                      – schroeder
                      19 hours ago








                    • 6




                      There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
                      – Jörg W Mittag
                      18 hours ago






                    • 1




                      @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
                      – alephzero
                      18 hours ago






                    • 2




                      Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
                      – Aganju
                      13 hours ago















                    up vote
                    13
                    down vote













                    You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.



                    The company protects itself by




                    • installing physical gates that only allow one person in at a time

                    • controls that prevent the same passcard being used on the same side of the gate

                    • human monitors to detect tailgating

                    • training people to politely challenge those trying to get in without using the proper methods






                    share|improve this answer

















                    • 1




                      "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
                      – user2357112
                      19 hours ago








                    • 4




                      @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
                      – schroeder
                      19 hours ago








                    • 6




                      There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
                      – Jörg W Mittag
                      18 hours ago






                    • 1




                      @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
                      – alephzero
                      18 hours ago






                    • 2




                      Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
                      – Aganju
                      13 hours ago













                    up vote
                    13
                    down vote










                    up vote
                    13
                    down vote









                    You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.



                    The company protects itself by




                    • installing physical gates that only allow one person in at a time

                    • controls that prevent the same passcard being used on the same side of the gate

                    • human monitors to detect tailgating

                    • training people to politely challenge those trying to get in without using the proper methods






                    share|improve this answer












                    You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.



                    The company protects itself by




                    • installing physical gates that only allow one person in at a time

                    • controls that prevent the same passcard being used on the same side of the gate

                    • human monitors to detect tailgating

                    • training people to politely challenge those trying to get in without using the proper methods







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered yesterday









                    schroeder

                    70.5k27152188




                    70.5k27152188








                    • 1




                      "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
                      – user2357112
                      19 hours ago








                    • 4




                      @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
                      – schroeder
                      19 hours ago








                    • 6




                      There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
                      – Jörg W Mittag
                      18 hours ago






                    • 1




                      @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
                      – alephzero
                      18 hours ago






                    • 2




                      Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
                      – Aganju
                      13 hours ago














                    • 1




                      "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
                      – user2357112
                      19 hours ago








                    • 4




                      @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
                      – schroeder
                      19 hours ago








                    • 6




                      There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
                      – Jörg W Mittag
                      18 hours ago






                    • 1




                      @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
                      – alephzero
                      18 hours ago






                    • 2




                      Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
                      – Aganju
                      13 hours ago








                    1




                    1




                    "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
                    – user2357112
                    19 hours ago






                    "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
                    – user2357112
                    19 hours ago






                    4




                    4




                    @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
                    – schroeder
                    19 hours ago






                    @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
                    – schroeder
                    19 hours ago






                    6




                    6




                    There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
                    – Jörg W Mittag
                    18 hours ago




                    There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
                    – Jörg W Mittag
                    18 hours ago




                    1




                    1




                    @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
                    – alephzero
                    18 hours ago




                    @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
                    – alephzero
                    18 hours ago




                    2




                    2




                    Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
                    – Aganju
                    13 hours ago




                    Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
                    – Aganju
                    13 hours ago










                    up vote
                    9
                    down vote













                    (Just a passer-by opinion)



                    Obviously, a physical gate would work the best.



                    In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.



                    One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.



                    At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.






                    share|improve this answer










                    New contributor




                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.














                    • 4




                      The problem with letting in people that you recognise is the case when the employee was recently let go.
                      – schroeder
                      21 hours ago






                    • 7




                      Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
                      – Monty Harder
                      19 hours ago















                    up vote
                    9
                    down vote













                    (Just a passer-by opinion)



                    Obviously, a physical gate would work the best.



                    In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.



                    One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.



                    At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.






                    share|improve this answer










                    New contributor




                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.














                    • 4




                      The problem with letting in people that you recognise is the case when the employee was recently let go.
                      – schroeder
                      21 hours ago






                    • 7




                      Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
                      – Monty Harder
                      19 hours ago













                    up vote
                    9
                    down vote










                    up vote
                    9
                    down vote









                    (Just a passer-by opinion)



                    Obviously, a physical gate would work the best.



                    In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.



                    One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.



                    At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.






                    share|improve this answer










                    New contributor




                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.









                    (Just a passer-by opinion)



                    Obviously, a physical gate would work the best.



                    In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.



                    One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.



                    At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.







                    share|improve this answer










                    New contributor




                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.









                    share|improve this answer



                    share|improve this answer








                    edited 22 hours ago





















                    New contributor




                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.









                    answered 23 hours ago









                    Petr

                    1914




                    1914




                    New contributor




                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.





                    New contributor





                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.






                    Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                    Check out our Code of Conduct.








                    • 4




                      The problem with letting in people that you recognise is the case when the employee was recently let go.
                      – schroeder
                      21 hours ago






                    • 7




                      Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
                      – Monty Harder
                      19 hours ago














                    • 4




                      The problem with letting in people that you recognise is the case when the employee was recently let go.
                      – schroeder
                      21 hours ago






                    • 7




                      Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
                      – Monty Harder
                      19 hours ago








                    4




                    4




                    The problem with letting in people that you recognise is the case when the employee was recently let go.
                    – schroeder
                    21 hours ago




                    The problem with letting in people that you recognise is the case when the employee was recently let go.
                    – schroeder
                    21 hours ago




                    7




                    7




                    Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
                    – Monty Harder
                    19 hours ago




                    Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
                    – Monty Harder
                    19 hours ago










                    up vote
                    5
                    down vote













                    The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.



                    If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.






                    share|improve this answer

























                      up vote
                      5
                      down vote













                      The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.



                      If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.






                      share|improve this answer























                        up vote
                        5
                        down vote










                        up vote
                        5
                        down vote









                        The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.



                        If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.






                        share|improve this answer












                        The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.



                        If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.







                        share|improve this answer












                        share|improve this answer



                        share|improve this answer










                        answered 22 hours ago









                        John Deters

                        25.5k23984




                        25.5k23984






















                            up vote
                            3
                            down vote













                            There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.



                            Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.



                            I would suggest something like
                            Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

                            If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.






                            share|improve this answer








                            New contributor




                            ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.






















                              up vote
                              3
                              down vote













                              There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.



                              Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.



                              I would suggest something like
                              Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

                              If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.






                              share|improve this answer








                              New contributor




                              ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                              Check out our Code of Conduct.




















                                up vote
                                3
                                down vote










                                up vote
                                3
                                down vote









                                There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.



                                Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.



                                I would suggest something like
                                Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

                                If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.






                                share|improve this answer








                                New contributor




                                ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.









                                There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.



                                Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.



                                I would suggest something like
                                Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

                                If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.







                                share|improve this answer








                                New contributor




                                ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.









                                share|improve this answer



                                share|improve this answer






                                New contributor




                                ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.









                                answered 21 hours ago









                                ShapeOfMatter

                                313




                                313




                                New contributor




                                ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.





                                New contributor





                                ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.






                                ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                Check out our Code of Conduct.






















                                    up vote
                                    2
                                    down vote













                                    As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.



                                    Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.






                                    share|improve this answer








                                    New contributor




                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.


















                                    • Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                                      – Nosajimiki
                                      9 hours ago















                                    up vote
                                    2
                                    down vote













                                    As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.



                                    Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.






                                    share|improve this answer








                                    New contributor




                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.


















                                    • Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                                      – Nosajimiki
                                      9 hours ago













                                    up vote
                                    2
                                    down vote










                                    up vote
                                    2
                                    down vote









                                    As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.



                                    Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.






                                    share|improve this answer








                                    New contributor




                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.









                                    As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.



                                    Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.







                                    share|improve this answer








                                    New contributor




                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.









                                    share|improve this answer



                                    share|improve this answer






                                    New contributor




                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.









                                    answered 14 hours ago









                                    William Michael

                                    211




                                    211




                                    New contributor




                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.





                                    New contributor





                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.






                                    William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.












                                    • Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                                      – Nosajimiki
                                      9 hours ago


















                                    • Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                                      – Nosajimiki
                                      9 hours ago
















                                    Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                                    – Nosajimiki
                                    9 hours ago




                                    Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
                                    – Nosajimiki
                                    9 hours ago










                                    up vote
                                    1
                                    down vote













                                    This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.



                                    You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.



                                    How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".



                                    Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.






                                    share|improve this answer








                                    New contributor




                                    Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                    Check out our Code of Conduct.






















                                      up vote
                                      1
                                      down vote













                                      This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.



                                      You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.



                                      How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".



                                      Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.






                                      share|improve this answer








                                      New contributor




                                      Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                      Check out our Code of Conduct.




















                                        up vote
                                        1
                                        down vote










                                        up vote
                                        1
                                        down vote









                                        This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.



                                        You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.



                                        How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".



                                        Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.






                                        share|improve this answer








                                        New contributor




                                        Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                        Check out our Code of Conduct.









                                        This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.



                                        You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.



                                        How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".



                                        Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.







                                        share|improve this answer








                                        New contributor




                                        Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                        Check out our Code of Conduct.









                                        share|improve this answer



                                        share|improve this answer






                                        New contributor




                                        Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                        Check out our Code of Conduct.









                                        answered 12 hours ago









                                        Ross Millikan

                                        1113




                                        1113




                                        New contributor




                                        Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                        Check out our Code of Conduct.





                                        New contributor





                                        Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                        Check out our Code of Conduct.






                                        Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                                        Check out our Code of Conduct.






















                                            up vote
                                            0
                                            down vote













                                            Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.



                                            For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.






                                            share|improve this answer





















                                            • How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                                              – vlaz
                                              8 hours ago










                                            • I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                                              – Aganju
                                              4 hours ago















                                            up vote
                                            0
                                            down vote













                                            Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.



                                            For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.






                                            share|improve this answer





















                                            • How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                                              – vlaz
                                              8 hours ago










                                            • I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                                              – Aganju
                                              4 hours ago













                                            up vote
                                            0
                                            down vote










                                            up vote
                                            0
                                            down vote









                                            Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.



                                            For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.






                                            share|improve this answer












                                            Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.



                                            For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.







                                            share|improve this answer












                                            share|improve this answer



                                            share|improve this answer










                                            answered 13 hours ago









                                            Aganju

                                            16016




                                            16016












                                            • How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                                              – vlaz
                                              8 hours ago










                                            • I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                                              – Aganju
                                              4 hours ago


















                                            • How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                                              – vlaz
                                              8 hours ago










                                            • I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                                              – Aganju
                                              4 hours ago
















                                            How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                                            – vlaz
                                            8 hours ago




                                            How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
                                            – vlaz
                                            8 hours ago












                                            I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                                            – Aganju
                                            4 hours ago




                                            I have my doubts too... but they seriously do that in the airport, and they should know what they do.
                                            – Aganju
                                            4 hours ago










                                            up vote
                                            0
                                            down vote













                                            If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.



                                            Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.






                                            share|improve this answer























                                            • They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                                              – Nosajimiki
                                              9 hours ago















                                            up vote
                                            0
                                            down vote













                                            If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.



                                            Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.






                                            share|improve this answer























                                            • They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                                              – Nosajimiki
                                              9 hours ago













                                            up vote
                                            0
                                            down vote










                                            up vote
                                            0
                                            down vote









                                            If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.



                                            Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.






                                            share|improve this answer














                                            If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.



                                            Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.







                                            share|improve this answer














                                            share|improve this answer



                                            share|improve this answer








                                            edited 12 hours ago

























                                            answered 18 hours ago









                                            Joel Coehoorn

                                            1,2551912




                                            1,2551912












                                            • They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                                              – Nosajimiki
                                              9 hours ago


















                                            • They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                                              – Nosajimiki
                                              9 hours ago
















                                            They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                                            – Nosajimiki
                                            9 hours ago




                                            They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
                                            – Nosajimiki
                                            9 hours ago










                                            up vote
                                            0
                                            down vote













                                            One solution is to have "secret drills".



                                            Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.



                                            Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".



                                            Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.






                                            share|improve this answer



























                                              up vote
                                              0
                                              down vote













                                              One solution is to have "secret drills".



                                              Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.



                                              Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".



                                              Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.






                                              share|improve this answer

























                                                up vote
                                                0
                                                down vote










                                                up vote
                                                0
                                                down vote









                                                One solution is to have "secret drills".



                                                Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.



                                                Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".



                                                Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.






                                                share|improve this answer














                                                One solution is to have "secret drills".



                                                Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.



                                                Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".



                                                Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.







                                                share|improve this answer














                                                share|improve this answer



                                                share|improve this answer








                                                edited 53 mins ago

























                                                answered 1 hour ago









                                                PyRulez

                                                1,72431125




                                                1,72431125






















                                                    up vote
                                                    -1
                                                    down vote













                                                    If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.






                                                    share|improve this answer

























                                                      up vote
                                                      -1
                                                      down vote













                                                      If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.






                                                      share|improve this answer























                                                        up vote
                                                        -1
                                                        down vote










                                                        up vote
                                                        -1
                                                        down vote









                                                        If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.






                                                        share|improve this answer












                                                        If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.







                                                        share|improve this answer












                                                        share|improve this answer



                                                        share|improve this answer










                                                        answered 20 hours ago









                                                        Nosajimiki

                                                        2297




                                                        2297






















                                                            Lithilion is a new contributor. Be nice, and check out our Code of Conduct.










                                                             

                                                            draft saved


                                                            draft discarded


















                                                            Lithilion is a new contributor. Be nice, and check out our Code of Conduct.













                                                            Lithilion is a new contributor. Be nice, and check out our Code of Conduct.












                                                            Lithilion is a new contributor. Be nice, and check out our Code of Conduct.















                                                             


                                                            draft saved


                                                            draft discarded














                                                            StackExchange.ready(
                                                            function () {
                                                            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197817%2fdefence-methods-against-tailgating%23new-answer', 'question_page');
                                                            }
                                                            );

                                                            Post as a guest















                                                            Required, but never shown





















































                                                            Required, but never shown














                                                            Required, but never shown












                                                            Required, but never shown







                                                            Required, but never shown

































                                                            Required, but never shown














                                                            Required, but never shown












                                                            Required, but never shown







                                                            Required, but never shown







                                                            Popular posts from this blog

                                                            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                                                            Mangá

                                                            Eduardo VII do Reino Unido