Cfrtjryk

You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.

The company protects itself by

• installing physical gates that only allow one person in at a time


• controls that prevent the same passcard being used on the same side of the gate


• human monitors to detect tailgating


• training people to politely challenge those trying to get in without using the proper methods

The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.

If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.

(Just a passer-by opinion)

Obviously, a physical gate would work the best.

In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.

One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.

At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.

One solution is to have "secret drills".

Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.

Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".

Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.

As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.

Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.

There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.

Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.

I would suggest something like
Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.

This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.

You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.

How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".

Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.

Once I got a tour by the CEO of ADB through one of their factories. Before we could enter there were 2 control posts. To enter the parking lot you had to go through an ID verification. If you walked to the building you came by this post also.

The second verification you had to go through was at the entrance. All employees, visitors,... must enter through this entrance. After the door closed you were locked in a grey zone. After you passed another ID verification you received your badge to enter the building. There is no other way in or out. If you left you had to go through the same verification.

Another example of this technique is used by a company that I used to work for. They buy/sell gold in large quantities. If you wanted to enter the building, you had to push a button, then state your business and name while looking into a camera. If the door opens and you enter the building you are locked in a small room where ID verification happened. And your bags are checked everytime you enter or leave. Even people that worked there 5+ years had to go through all those security steps. I never saw anyone with bad intents get further than the first door. If the situation is fishy the person stays locked in that room, the security takes away this person for further investigation. Never I have seen this system fail.

If the situation really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access can be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.

Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do most of the job of the guard. It doesn't have to identify people or do facial recognition... the camera only needs to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.

Another option is the door fob only rings an alert in the security office, where it's up to a security officer there to unlock the door based on how the camera feed correlates to the fob logs. That can be much cheaper than stationing a guard at every door, while still providing most of the same security against tailgating.

A lot of good answers already, I'd add just one bit:

People counter. These range from really dumb (single photointerruptor) to pretty neat (oveahead multisegment infrared -- cheap and effective, sometime prone to hats) to AI that tracks people in the video stream. Perhaps couple that with an access card and block access / sound alarm / turn on floodlights if number of presented access tokens is less than number of people detected.

The point is that "good" actor will not be allowed to enter if "bad" actor is present. This helps solve the social problem: "Please let me in, I'm xxx of yyy." is met with the response of "I'd love to but I physically cannot, and now because of you, I can't get in either".

If that were to be deployed, then there has to be a secondary manned entry point, because one day an employee/resident shows up with a kid, a disabled person, accompanied by a camera crew, police, firefighters, etc. Thus, in effect, the automated system takes the load off the manual system.

https://en.wikipedia.org/wiki/People_counter

When dealing with someone who is tailgating me, I use the 'U-turn and wait' method. So for example, if I'm about to approach a locked door and I think someone is following me to get past, I will simply U-turn (not even opening the door) and then move towards a bench, seat or spot where I can pretend busy myself.

If the person is legitimate, they'll haul out their own credentials and go inside. If they're not legitimate they're faced with the awkward prospect of standing there looking like a dope at the door or also doing a U-turn (which is a big giveaway they were indeed tailgating).

I make sure I'm busy looking enough to make asking me difficult, and if they do ask if I'll let them in, I'd simply say 'Sorry, I'm not allowed, company policy'. Then I either wait for them to go away, or an opportunity to slip inside where I can go in and close the door before they can react.

If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.

Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.

For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.

My bank has an "airlock". A (presumably very toughened) glass corridor with automatic sliding doors at both ends. It is impossible for both to be open at the same time. I presume that in the event of a bank robbery a button gets pressed while the robbers are exiting, and they are then trapped between the two doors until the police arrive.

I have never seen this arrangement with the security desk on the other side of the wall of the glass corridor, but that ought to offer maximum deterrence. Your tailgater will see that there is a very real risk of being held until the police or security heavies arrive, and go somewhere else?

I did once visit a very security-minded establishment where after security, you were channelled into a visitors-only lift (elevator) with its destination floor chosen by the security desk (no buttons in that lift except "Emergency"). "OK, I'll send him up ...". I had brief visions of a dungeon in the fifth basement, or in the first circle of hell.

The security process at Apple makes this simple: if there is a badge reader, you are required to badge in for access. No exceptions. At very busy doors, like the ones headed into (and out of) the cafeteria, there is a security guard who verifies that you've badged in -- no unlock noise, no entry. Otherwise, every single person is required to badge in, one at a time, to enter any secured area, which is pretty much every interior space.

All employees and contractors know the rules; there was never any "I don't recognize you" awkwardness because we knew we all had to have our badge and had to always use it, and we all knew that proper process was to wait until everyone had their badge before starting in.

Breaking the rules was a firing offense, so you didn't break them. And before you ask, I don't know if Steve Jobs had to badge in or not.