Piggybacking is a form of cyber attack where a hacker(s) gain access to an unauthorized network, computing resource, or even a physical building.  They do this by leveraging an insecure (open) network (Wi-Fi), an “unlocked” user device, or through the kindness of a helpful but ill-informed employee who opens a door for an attack approaching the building laden with an absurdly heavy or awkward looking object.

Hacker can gain logical access through an authorized user who is already logged into a session on a device who then walks away from the system; leaving it open for the “attacker” to slip in and steal information. A real world example of this is the process of a person approaching a building with card-restricted access with their arms full, but an access ID card at their side. This attacker will wait to follow a employee of the building and will show their badge access card (a fake) to the employee and implore them to hold the door.

In relation to networks, unsecured (open) wireless networks can be piggybacked, where an unauthorized party (hacker) uses the connection to access the Internet. The usual purpose of piggybacking is simply to gain free network access or to gain illegal physical access to a specific location.

Source: TechTarget, Wikipedia – Piggybacking (or Tail-gating)

Related Terms: Guest Wi-Fi Network

What does this mean for an SMB?

Piggybacking is something that can be easily fixed by following proper cybersecurity best practices. In relation to the networks, set up proper security by installing segmented wireless networks and requiring 14+ character unique passwords to access said network.  For physical security protection, it is important to have a training program that teaches employees how to be helpful instead of letting them guess or follow their own inclinations.  For example, security-focused employees would ask a hacker carrying a large load, who are you hear to see and can I walk you to your destination?
Another strong protection to reduce the chance of misuse of an unlocked device is to have the device lock up after a specific amount of time idle (15 minutes). 

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.