Piggybacking is The Security Problem You’re Probably Ignoring

In the movie The Paper, a tabloid editor and a columnist walk right past the front desk at a police station to corner a detective for a quote. The cops at the front desk don’t stop them, don’t ask who they are, don’t do anything at all, as the two journalists stride right past them.

“A clipboard and a confident wave will get you into any building in the world,” says the editor, played by Michael Keaton.

It’s an oft-quoted example of piggybacking, and despite the fact that security measures have changed in the years since the film came out, it’s still more or less true. Every day, despite access control, cameras, and security officers, people walk into buildings they have no business being in. They might have bad intentions, or they might just be visiting a friend, but the fact remains that piggybacking represents a security failure.

What is piggybacking?

Also called tailgating, piggybacking is the practice of getting into a site you’re not supposed to be on, usually by following closely behind an authorized person, or asking someone to hold the door for you. It’s a social engineering tactic, and it’s effective.

Think of all the times you’ve been asked to hold the door for someone while returning to work from an errand, or lunch. An individual might also knock at a door and explain they’ve lost their badge, or hold up a box of donuts and explain that they’re delivering food.

There are a variety of ways to obtain unauthorized access to a site, and social conventions make it feel wrong to let a door slam in someone’s face, but piggybacking is a very real security problem. A recent survey found that 48% of respondents had experienced a piggybacking incident while 54% had found doors propped open or unlocked.

Unblocked doors have been a contributing factor in school shooting cases. Several recent shootings included reports of doors left unlocked.

Piggybacking doesn’t have to be a problem

It’s surprising that piggybacking continues to be a problem after having been a security issue for so long. There are many solutions to the problem, including technology, education, and enforcing security policies about allowing unauthorized people on site. However, when organizations aren’t willing to invest in those solutions, the problem will persist.

The fact that piggybacking is still happening at some organizations tells me a lot about those organizations’ attitudes toward security. It’s like having a leaky sink in your house. It’s an annoying problem, but it’s easy to fix. If you ignore it because it’s not a crisis, the sink will keep leaking until maybe it does cause a problem down the line.

Piggybacking, like the leaky sink, won’t fix itself. But with a little vigilance, you can, and if you don’t, your workplace might end up paying the price.

About the Author

Daniel Young

Founder & Chief Innovation Officer

Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.

He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.