Back to Posts

How to Communicate Tailgating Prevention Expectations to Your Employees: A Q&A Guide for Employers

Dec. 17, 2025

Employee holding door open at secure facility entrance demonstrating tailgating security risk where unauthorized person follows through access point

Tailgating in cybersecurity is a physical security breach that results in unauthorized physical access. Once an attacker is inside a facility, that access can escalate into a cybersecurity incident involving systems, devices, or sensitive data.

Research cited from the Ponemon Institute shows that 71 percent of organizations have experienced a physical security breach with tailgating listed as a common entry method.

Additional industry research estimates that incidents can cost $2 million or more according to security leaders.

Key takeaway: Physical access is often the first step in a cybersecurity incident.

This employer-focused guide explains how to communicate tailgating prevention expectations to employees, strengthen physical access controls, and reduce cybersecurity risk.

What is tailgating in cybersecurity?

Tailgating is a physical security breach where an unauthorized individual enters a restricted area by following an authorized person through a controlled access point. It creates cybersecurity risk because physical access can directly enable digital compromise.

How does tailgating create cybersecurity risk?

Verizon's annual DBIR report documents physical actions as part of breach activity, while IBM's cost report shows that the average breach results in multimillion-dollar losses tied to preventable access failures.

Once attackers gain physical access through tailgating, they can exploit several attack vectors:

  • Access to unattended or unlocked systems
  • Introduction of malware through removable media
  • Theft of devices containing sensitive data
  • Observation of credentials or workflows

What happened in the Target breach?

The 2013 Target breach demonstrates how third-party access can escalate into a major cybersecurity incident. Reporting from Krebs Security shows attackers leveraging vendor access, which later resulted in a significant FTC settlement.

Why do employees allow tailgating?

Tailgating incidents rarely stem from carelessness. Instead, they occur because policies often fail to address predictable human behavior.

Employees allow tailgating for psychological and social reasons:

  • Politeness: Holding doors is socially reinforced behavior
  • Assumptions: Appearance creates perceived legitimacy
  • Conflict avoidance: Employees hesitate to challenge others
  • Fear of error: Employees worry about being wrong
  • Distraction: Multitasking reduces awareness

What are common tailgating scenarios?

Security teams should train employees to recognize these common tailgating situations that occur in workplace environments:

Secured doors: An individual enters immediately behind an employee without authenticating by relying on proximity or conversation.

Courtesy exploit: Someone carrying equipment or materials pressures an employee to hold the door open.

High-traffic blending: Unauthorized individuals blend into groups during shift changes or busy periods.

Impersonation: CISA guidance explains how attackers exploit trust and appearance through social engineering.

What policies prevent tailgating?

Organizations must establish and enforce clear physical security policies. These core requirements form the foundation of an effective anti-tailgating program:

  • Individual credential use: Every person must authenticate individually. Credential sharing is prohibited.
  • No tailgating rule: Employees may not allow entry without proper authentication.
  • Door control: Doors must close fully. Propped doors are not permitted.
  • Visitor management: Visitors and contractors must check in, receive badges, and follow escort rules.
  • Incident reporting: Tailgating attempts and lost credentials must be reported immediately.

How can employers implement these policies?

Start with a comprehensive policy template that includes implementation guidelines, employee communication scripts, and enforcement procedures. A well-structured policy document ensures consistent application across all departments and locations.

Our template includes sample language for employee handbooks, training materials, and incident response procedures tailored specifically for business environments.

Download policy template

Why leadership modeling matters

Employees take cues from leadership. When the CEO stops to badge in instead of expecting doors held open, it sends a powerful message that security is everyone's responsibility. Leaders who visibly follow protocols, challenge potential tailgating, and never make exceptions for themselves create a culture where employees feel empowered to do the same.

Addressing employee concerns

Employees often worry it feels rude not to hold doors, or fear challenging someone who actually works there. Reframe this by emphasizing that every legitimate employee understands security protocols. Challenging someone isn't confrontation - it's following procedure, just like asking for a ticket at a concert. The real rudeness is putting everyone's jobs and data at risk out of awkwardness.

What additional resources does STACK offer?

STACK Cybersecurity provides comprehensive security resources and services to help organizations strengthen their physical and cyber defenses.

Security insights: Access our library of security articles, research, and best practices at stackcyber.com/insights

Control frameworks: Learn about different types of security controls and their implementation at our control types guide

Compliance services: Explore our CMMC, NIST, and regulatory compliance solutions at stackcyber.com/compliance

How can I stay updated on security trends?

Join thousands of security professionals who receive weekly analysis and insights through The Cyber Brief, STACK's LinkedIn newsletter covering emerging threats, compliance updates, and practical security guidance.

Subscribe to The Cyber Brief

Ready to strengthen your security?

Physical security breaches like tailgating can lead to devastating cyber incidents. STACK Cybersecurity helps organizations implement comprehensive security programs that address both physical and digital vulnerabilities.

Our security experts can assess your current controls, develop customized policies, and provide employee training that reduces tailgating risk while maintaining operational efficiency.

Contact STACK for a security assessment

Cybersecurity Consultation

Do you know if your company is secure against cyber threats? Do you have the right security policies, tools, and practices in place to protect your data, reputation, and productivity? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cyber's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices, and provide you a detailed report and action plan to improve your security posture. Don't wait until it's too late.

Schedule a Consultation Explore our Risk Assessment