When you’re heading away, for work or leisure, writing an out of office is one of the last things on your to-do list. Before you head out the office, you’ll go to your email settings and write something like:
I will be out of the office at the ABC conference in London from 1st April – 5th April. If you require a response during this time, please contact my Head of Department, Bob Smith on 01234 567890 or email him directly firstname.lastname@example.org. I will respond to your email on my return to the office.
Manager, Company Name
This approach seems well and good – if a little boring. But did you know the humble out of office can be a security threat? Surprised? Here’s why you could be saying more than you mean.
You’re sharing your current location – and revealing you’re not at home
First, your out of office tells criminals that you’re not going to be at your home, making your home more vulnerable to theft.
Second, knowing your location arms criminals with additional information that they can use to gain unauthorised access to your office. For example, turning up and saying you’re supposed to collect a report from Jane Doe probably won’t get them through the door. However, by adding that Jane is away at ABC conference, and she left the report on her desk, might make a busy receptionist more likely to let them in.
You’re sharing contact information – which can be used for identity theft
Sharing your contact information (and your colleague’s contact information) opens the doors for identity theft. Auto-responses also confirms the email address is live to email spammers, making it more likely that your address will be added to spam lists as a confirmed hit.
You’re sharing your line of command – which opens up the organisation to social engineering attacks
Sharing a point of contact when you’re on holiday is a helpful for customers and other people in your organisation, but you’re leaving yourself exposed to potential criminal activity. Social engineering crime, which relies on human interaction to commit fraud, is on the rise, with 60% of organisations targeted in 2016.
Scammers could use this information to contact your company’s HR department to try and extract personal information by pretending to be your supervisor.
What to do instead – how to create a safer out of office?
One option is to stop setting out of office emails. But, for many people, this risks unhappy customers, who are annoyed that you’ve not responded to their emails. Instead, here are three tips to make your out of office more secure:
Be vague about where you’re going and how long you’ll be away
Don’t say where you’re travelling to, just say you’ll be unavailable. This could mean anything from taking some time off to stay at home, to being on a training course or attending a conference. As well, don’t give a date for when you’ll return, as this removes the window of opportunity for criminal activity.
Leave out your contact information
If criminals don’t have your contact details, they can’t use this to impersonate you to commit fraud.
Don’t share colleague’s contact information
For much the same reasons, leave your colleague’s name and contact details out of your auto response. If you’re worried about leaving this information out of your out of office, then share it with people you think will need to know before you go away.