A WELL-DRESSED VISITOR walks up to reception, drops a name: “I’m here to see Petrus”, and within 30 seconds he is through the turnstile, walking past server rooms and the finance department.
No one asked for an ID. No one called Petrus.
The receptionist trusted the suit, the smile and the confident tone.
When organisations later try to explain how an unauthorised person reached a sensitive area, the temptation is to point at technology.
“The badge reader was old.”
“The camera angle was wrong.”
In my experience reviewing security controls across multiple industries, this post-mortem is almost always wrong.
Breaches are rarely caused by the absence of control. They are caused by the slow erosion of a control that exists on paper but is no longer performed.
Three drivers are predictable.
The first is repetition: the thousandth ID check is not the first. The second is class. We are a society that reads wealth quickly.
The man who steps out of a luxury SUV is waved through with a nod.
John, in jeans and a T-shirt, is asked for an ID and a reference number.
This is not a security posture. It is a social reflex, and every competent social engineer in the world knows it.
The third is executive exemption.
Leaders who approve security policies expect to walk through them, and the example cascades downward faster than any awareness campaign.
The instinct, once exposed to this gap, is to overcorrect: mantraps, biometric turnstiles, and armed guards.
This is the wrong response.
Most organisations cannot sustain that posture, and our economy is built on relationships and hospitality.
We do not need the paranoia of a foreign embassy to run a sensible insurance brokerage.
What we need is a small number of low-friction controls actually performed every time.
Pre-register every visitor through a visitor management system: Hosts should pre-register their visitors the day before.
Walk-ins become the exception, and exceptions are easier to scrutinise.
Plan for the day the system is compromised: A visitor management system is a database of who entered which building and when, exactly what an attacker wants.
If the answer to “the system is down” is “wave everyone through”, you’ve built a control that fails.
Verify everyone’s identity – especially the well-dressed: Train reception staff explicitly: the man in the bespoke suit gets the same ID check as the courier.
Frame it as professionalism, not suspicion.
Senior staff should be the loudest advocates for being verified themselves.
Address tailgating directly: Most unauthorised access does not happen at reception.
It happens at the side door, when a polite employee holds it open for someone carrying a laptop bag and a coffee.
Tailgating is the single most common attack vector in physical security, and it is enabled by the cultural reluctance to be rude to a stranger who looks like a colleague.
None of this requires a culture of suspicion.
It requires only that an organisation decides, deliberately, that controls will be performed equally, regardless of who is standing at the desk.
Job Angula
In an age of information overload, Sunrise is The Namibian’s morning briefing, delivered at 6h00 from Monday to Friday. It offers a curated rundown of the most important stories from the past 24 hours – occasionally with a light, witty touch. It’s an essential way to stay informed. Subscribe and join our newsletter community.
The Namibian uses AI tools to assist with improved quality, accuracy and efficiency, while maintaining editorial oversight and journalistic integrity.
Stay informed with The Namibian – your source for credible journalism. Get in-depth reporting and opinions for
only N$85 a month. Invest in journalism, invest in democracy –
Subscribe Now!
