Train your employees how to be mean...(it's not what you think!)

Overall, most people are friendly by nature, and it’s socially awkward to NOT hold the door open for someone. Unfortunately, bad actors know this, and it’s a huge reason many social engineering attacks work.

We recommend including some role-playing elements in your training, because it’s one thing to have a “lunch and learn” talking about how not to let someone follow them through a locked door (known as tailgating), but it is another thing when they are actually presented with that situation and must make the choice between letting someone through or closing the door in their face.

Role-playing will allow people to practice without the awkwardness, and such training should include suggestions of things to say and do, such as “I’m sorry, but you will need to use your badge, so the security logs don’t get confused” or “I’m sure you are allowed in here, but let me take you by the reception desk so we can make sure you can get to where you need to go.” Once you give your staff these tools and skills, they are more likely to be assertive and use them when needed.

Authored by: David Matt, CISSP, CEH