+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is Tailgating in Physical Security?

Tailgating is a physical security and social engineering tactic where an unauthorized person follows an authorized person into a restricted area. The attacker may rely on politeness, distraction, confidence, or the normal rush of a workday to bypass access controls.

Learn More
Glossary Index Phishing & Social Engineering
Short definition

Tailgating happens when someone enters a secure space without using their own credential by following another person through a door, gate, lobby, or checkpoint. It is a physical access problem with cybersecurity consequences because unauthorized access to offices, server rooms, or work areas can expose systems and data.

At a glance: Tailgating turns courtesy into a security gap. A person may hold a door to be helpful, while the attacker uses that moment to avoid identity checks.

Tailgating in Physical Security Meaning

In physical security, tailgating is not about malware or passwords at first. It is about access to space. A person who should not be inside follows behind someone who does have access, often at a doorway, employee entrance, parking gate, elevator bank, or secured office area.

Access control depends on both technology and behavior. A badge reader can confirm one person, but it cannot always stop a second person from walking in behind them. Attackers may make the situation feel ordinary by carrying boxes, pretending to be on a call, wearing a vendor shirt, or acting like they belong.

Tailgating is closely related to social engineering because it exploits expectations. People do not want to seem rude. They may assume the person behind them forgot their badge, works in another department, or is part of a visiting team. In a busy office, that assumption can feel easier than stopping the flow of people.

For businesses, the risk is practical. Physical access can give someone a chance to photograph whiteboards, steal laptops, plug in rogue devices, access unattended workstations, collect printed documents, or observe employee behavior. A simple door entry can become the first step in a larger security incident.

How Tailgating Works

Tailgating usually depends on timing, confidence, and a target who does not want to challenge someone at the door.

  1. The attacker chooses an entry point. They look for doors, gates, lobbies, loading areas, elevators, or shift-change moments where people move quickly.
  2. A believable reason is created. They may carry packages, wear a badge-like lanyard, look distracted, or claim they are meeting someone inside.
  3. The attacker follows closely. They step in right behind an authorized person before the door closes or before anyone asks for identification.
  4. Social pressure discourages challenge. The authorized person may feel awkward stopping them, especially if the attacker seems confident or busy.
  5. Access creates opportunity. Once inside, the attacker can look for unattended devices, meeting rooms, printed information, network ports, or staff-only areas.

Common Tailgating Examples

Tailgating often looks mundane, which is why it can slip past busy teams.

  • Door-holding entry: An employee badges in and holds the door for someone behind them who has not presented a credential.
  • Delivery disguise: A person carrying boxes or food enters behind staff and heads toward office areas without checking in.
  • Lobby rush: Several employees enter at once, and an unauthorized person blends into the group.
  • Parking garage follow-through: A vehicle enters a controlled garage by closely following an approved vehicle through the gate.
  • Vendor confidence: Someone wearing work clothes or a branded shirt acts like they have permission to access a restricted hallway or equipment room.

Why Tailgating Matters

Physical access can undo layers of digital defense. If an unauthorized person reaches an office floor, workstation, network closet, or records area, they may no longer need to defeat every control from the outside.

The risk is not limited to theft. A tailgater may observe badge habits, photograph screens, collect documents, plug in a device, listen to conversations, or learn enough about operations to support future phishing and impersonation attempts.

Tailgating also reveals culture gaps. If employees believe it is rude to ask someone to badge in, the organization is relying on politeness instead of process. Good security makes the expected behavior clear enough that employees do not have to improvise at the door.

How to Reduce Tailgating Risk

The goal is to make secure entry normal, polite, and consistent rather than confrontational.

  • Require every person to badge in. One credential should equal one entry, even when people arrive in a group.
  • Use visitor check-in processes. Guests, vendors, and delivery workers should follow a clear front-desk or escort procedure.
  • Give employees simple language. Phrases like “Please badge in here” or “Reception can help you check in” make challenges easier.
  • Secure unattended work areas. Lock screens, protect printed documents, and limit access to server rooms, storage rooms, and network spaces.
  • Report uncomfortable situations. Employees should not have to handle suspicious entry attempts alone; security or facilities teams should be easy to reach.

What to Do After a Possible Tailgating Event

If someone may have entered without authorization, the response should focus on locating the person and protecting exposed assets.

  1. Notify security or facilities. Share the time, location, description, direction of travel, and any claimed reason for entry.
  2. Avoid direct escalation if unsafe. Employees should not put themselves at risk by physically blocking or confronting someone.
  3. Check nearby assets. Review unattended devices, documents, meeting rooms, network closets, and visitor logs for signs of exposure.
  4. Preserve access records. Badge logs, camera footage, and front-desk records can help determine what happened.

Related Tailgating Terms

Tailgating is a physical form of social engineering that often overlaps with observation-based tactics.

  • Shoulder Surfing covers information theft through observation in shared or physical spaces.
  • Social Engineering explains how attackers manipulate normal human behavior to bypass safeguards.

Tailgating Takeaway

Tailgating succeeds when access control becomes a courtesy decision. The attacker does not need to break a door if someone politely opens the process for them.

The safer habit is simple: every person uses their own approved access path. When that expectation is normal, employees can be polite and secure at the same time.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Tailgating

Quick answers about unauthorized physical entry, badge behavior, visitor processes, and workplace security habits.

What is tailgating in physical security?

Tailgating is when an unauthorized person enters a controlled area by closely following someone who has legitimate access, often without presenting their own badge or credential.

Why is tailgating effective?

It is effective because most people want to be polite, helpful, and efficient. Attackers use those social habits to avoid access checks.

Is tailgating a cybersecurity risk?

Yes. Physical access can lead to stolen devices, exposed documents, planted hardware, network access, or direct access to systems that are normally protected.

How should employees respond to tailgating?

Employees should follow badge procedures, avoid holding secured doors for unknown people, ask visitors to check in, and report uncomfortable or suspicious entry attempts.