Currently, with many of us working from home and varying shift patterns or hours of work due to furlough, client requirements or childcare requirements the frequency of use of our Out of Office notifications has increased dramatically.   It is worth considering the potential impact that these notifications can have on the security of the company.

Have you ever considered the information that you freely give to any recipient of your Out of Office?  By saying we are on annual leave or away from the office until a set date/time, you are giving specific detail to the fact you won’t be in the office and are on holiday for this set period of time.  If you work within a small office/premise, does this mean there is more time where you premise may be unoccupied?  Or is your business based at home, which provides details that you are potentially away from your home on holiday?

Using an out of office can be useful to allow senders to know who to contact in your absence, however, providing detailed contacts and email addresses to everyone opens your business up to potential spear phishing attacks.  Cyber criminals are able to use the names and details provided within an out of office, especially if details of projects or departments these contacts work within are given, to create trust and a genuine feel to their requests for more information or other more sinister actions.

When drafting your out of office, it is best to use the option to set separate messages for internal and external contacts.  This way, you can provide the detail required for your colleagues to continue their daily activities during your absence.  While also minimizing the information provided to potential cyber criminals.

So, the top tips for your Out of Office are as follows:

• do not specify a date and time for when you will return
• use a generic email address for people to forward their request onto (such as an office@ or sales@ address) and a main telephone number for the business
• do not advise where you are or what you are doing
• avoid providing specific details of projects/departments you are working within

An example of how to build your out of office could include some of the following phrases:

• “I am currently unable to respond to my emails…”
• “For urgent enquiries please contact the main office on ….”
• “For all other requests I will respond as soon as possible.”

If you want further advice on your Out of Office or help to set this feature up, please don’t hesitate to get in touch with the Team here at MJD.