When you think of hacking you likely picture a dark room with dozens of monitors and a sinister figure tapping away furiously at a keyboard. This may be one type of hacking, but these days hackers aren't afraid to break into our systems in much more physical ways as well.

Physical social engineering attacks happen when the hacker either uses physical tools (flash drives, discs, etc.) or a physical point of entry (server rooms, company equipment). This article will cover the ways hackers can physically attack your network and what you can do to protect your data.


The phrase, "curiosity killed the cat" is more applicable to cyber security than you might think. Baiting is a social engineering technique that preys on human curiosity and desires to steal important data. While there are baiting methods that don't require physical contact, the techniques that do require some form of physical interaction work fast and are extremely dangerous.

Attackers will leave flash drives in high traffic areas of companies with labels like "Q4 payroll data" or "New incentive structures" in hopes of luring in curious employees. The moment the drive is inserted, malware and other hacking software is downloaded to the system and the attack is underway. By the time anyone notices something wrong, the damage is done.

If you find a suspicious flash drive or disc laying around report it to your security team and avoid plugging it into any system that has access to your network.

Tailgating and Piggybacking

Human kindness is also never safe from motivated hackers. Tailgating and piggybacking are methods that seek to take advantage of basic manners and politeness. Tailgating refers to hackers waiting for authorized personnel to access restricted areas of businesses like server rooms then sneaking in before the door closes. They will often tell stories about forgetting credentials or needing to urgently fix something in the area to convince people to hold the door or let them in.

Piggybacking is similar only using more predatory methods. Standing near restricted areas with an armful of equipment or deliveries, prompting staff to actively let them into restricted areas out of sheer kindness. Keeping staff informed on maintenance and delivery schedules can help reduce the likelihood of these types of attacks.

Setting up delivery drop off zones in public areas will also help raise red flags when employees notice people trying to deliver anything to restricted areas as well.

Know your weaknesses

Knowing where you are most vulnerable and what threats you are most at risk for is the first step to defending your company from all kinds of attacks.

Trava offers a variety of tools to help you pinpoint your weaknesses and build them up to industry standards. Trava's vulnerability scanner and risk assessment tools can give you valuable insight on where your defenses need the most help. Contact Trava today to get started!

Additional Resource: Download the infographic for an easy reference to the Top 10 things you can do now to protect your data.