Your out of office message could compromise security

Does your OOO give TMI? Turns out this everyday office function can be an issue of security awareness.

If you are ever planning to be away from your office for a period of time, creating an out of office (OOO) autoreply in MS Outlook is a courteous and professional way to let others know you’re unavailable and to expect a delayed email reply. But unknowingly, too many well-meaning professionals are putting too much information (TMI) in their message, putting company security and personal security at risk.

Understanding the risks in out of office messages

Professional communication and marketing firms, as well as most company HR or marketing departments provide guidance on effective messaging elements to include in your OOO.

These guidelines may suggest your OOO message includes:

  • why you’re out
  • how long you’ll be gone
  • who can be contacted while you’re away

Although these elements are courteous and professional in nature, how you provide that information could pose a security risk not only to you or your business, but also to your family and your home. Be mindful that you’re not providing too much information (TMI).

What does an OOO TMI security risk look like?

Here ‘s an example of an OOO with TMI. Let’s see if you can spot any concerns.

“I am currently out of the country on a family vacation and will be away beginning December 1, returning December 15. I am unavailable by email or phone during this time. Please contact John Smith at 555-555-5555 with any customer inquiries.”

Chances are, you’ve spotted a concern. If you have a level of security savvy, you could find multiple security risks.

Telling your audience that you are away on vacation or out of town also says, “I’m not at my house for an extended period of time, so please come rob me!” In addition, the info is also useful for competitors, spammers or other perpetrators to perform social-engineering attacks on you or your company.

You may think you’re communicating one thing, however, you’re actually communicating another when a recipient reads between the lines.

How to write a better OOO with security in mind

MS Outlook provides a method to send separate OOO replies to recipients within your organization and those outside of your organization--and this is a great function to put to use for improved security. When sending OOO replies to recipients outside your organization, always keep your safety in mind. Once your OOO reaches the public domain, you don’t know who is reading it. Here are a few guidelines from a safety awareness perspective.

  • Remember to leave out all personal information when writing your out of office message
  • Never mention that you are out of town or away on vacation
  • Instead, say you are unavailable and recipients should expect a delay in your reply
  • Rather than giving strangers a phone number where you can be reached, tell them that you’ll be checking your email
Security awareness is key for your out of office message

Remember, you never know who is receiving or seeing your OOO. It's essential to be mindful; if TMI falls into the wrong hands, it could put the safety of your company data, or your personal belongings and home, at risk. When it comes to writing that out of office message, a little security awareness can make all the difference. Ready to up the security awareness efforts at your business? Locknet Managed IT® can help. Contact us today to see how we can ensure your staff are up to date on security risks and best practices for keeping your company data safe from hackers and cybercriminals.


Recent Posts