The Forgotten Layer of Security
Organizations spend millions on firewalls, intrusion detection, and antivirus software. But none of that matters if someone can walk into your building, sit down at an unlocked computer, and access everything. Physical security is the foundation that all other security controls rest on — and it depends on every employee, every day.
Tailgating: The Simple Door Trick
Tailgating (also called piggybacking) is when an unauthorized person follows an authorized employee through a secure door without badging in themselves. It's remarkably effective because it exploits basic human politeness.
The attacker carries a stack of boxes, juggles a coffee cup, or simply walks confidently behind you. Most people hold the door open without thinking — it feels rude not to.
You badge into the office building and hear someone behind you call out, 'Hey, can you hold the door? My hands are full!' You turn around and see a person carrying two boxes with a company logo on their shirt, but you don't recognize them.
How would you respond? Choose the best option:
How to Handle Tailgating Situations
- Don't hold doors for people you don't know — Politely explain that everyone needs to badge in
- Challenge unfamiliar faces — "Hi, can I help you find where you're going?"
- Report propped-open doors — Security doors that are wedged open defeat their entire purpose
- Never share your badge — Your badge is your identity. Lending it makes you accountable for anything that happens
The Clean Desk Policy
A clean desk isn't just about tidiness — it's a security control. Documents left on desks, sticky notes with passwords, unlocked file cabinets, and visible whiteboards can all leak sensitive information to:
- Visitors walking through the office
- Cleaning staff working after hours
- Colleagues who shouldn't have access to that information
- Anyone who takes a quick photo with their phone
Clean Desk Checklist
- Lock sensitive documents in drawers or cabinets when not in use
- Shred (don't recycle) printed documents containing sensitive data
- Never write passwords on paper — Use a password manager instead
- Clear whiteboards after meetings with sensitive content
- Flip documents face-down if you must leave them temporarily
Lock Your Screen — Every Time
Stepping away from your computer for even 30 seconds without locking your screen is a security risk. It takes less than 10 seconds for someone to:
- Send an email from your account
- Copy files to a USB drive
- Install malicious software
- Access confidential data
Lock it every time. The keyboard shortcuts are quick:
- Windows:
Win + L - Mac:
Ctrl + Cmd + Q
Set your computer to auto-lock after 5 minutes of inactivity as a backup, but don't rely on it — manually lock every time you stand up.
You find an employee badge on the floor of the parking garage. The photo shows someone you don't recognize. What do you do?
Visitor Management
Visitors — vendors, contractors, interviewees, delivery drivers — represent an unknown element in your secure environment.
- All visitors should sign in at reception and receive a visible visitor badge
- Escort visitors in secure areas — they should never wander unaccompanied
- Verify identity — If someone claims to be a vendor, confirm with the person who scheduled the visit
- Collect badges when visitors leave
Key Takeaways
- Never hold secure doors for strangers — Everyone must badge in themselves
- Lock your screen every time you walk away —
Win + LorCtrl + Cmd + Q - Keep a clean desk — Secure documents, shred sensitive papers, never write down passwords
- Turn found badges in to security — Don't try to handle it yourself
- Escort all visitors — Unaccompanied visitors are a security risk
- If it feels awkward, it's still right — Challenging someone or refusing to hold a door protects everyone