Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Out of Office: How to communicate your vacation while protecting your privacy and Cyber Security
Before shutting down your computer and heading out for vacation, there's one detail you shouldn't forget: setting up an "out of office" (OoO) message is a common practice to inform your clients and colleagues that you'll be away for a few days.
However, when configuring an OoO message, it's crucial to find a balance between providing useful information, individual privacy, and company security.
Additionally, since the automatic response is typically sent without distinguishing the sender, whenever your email client allows it —such as in Outlook— you may consider setting up two different messages: a more detailed one for trusted colleagues and clients, and a generic one to respond to any other sender.
What to include (and not) in an OoO message
For a generic message, it's important to limit personal information since the same text will be returned as a response to any incoming message: whether it's for a trusted contact or a malicious actor.
As much as possible:
- Avoid including unnecessary personal details such as exact dates, destination, specific activities, or individuals you'll be with. Not even a mobile for contact. You only have to inform that you are going to be away for a few days.
- Refrain from revealing sensitive company information like "If you're writing regarding Project X, contact...".
- If you mention an alternative contact, ensure it's someone who is aware of your absence, ongoing tasks, authorized, and genuinely able to assist the sender during your absence. Of course, confirm with that person first before including them as an alternative contact.
How to configure an effective and secure OoO message
When writing an out-of-office message in your corporate email account, the text should be concise. Since you don't know who will write during your absence and what the reason is, avoid informal or creative language. At least not too much. Also remember that the person writing to you is probably not on vacation.
A secure out-of-office message could be:
Hello,
Thank you for your message.
I am currently out of the office but will reply to your email upon my return.
Best,
If you feel it's necessary to provide a reference to help the sender manage their expectations regarding a response, you can add a non-specific timeframe, such as:
...I will respond to your email in the second half of August.
Not providing an exact return date, besides being more secure, gives you a margin of time upon your return. This way, you can review the emails received during your absence calmly and prevent the same emails from arriving again from a specific day onwards.
Upon your return, you can dedicate more time and attention to messages received during your absence. This is always beneficial to avoid rushing when responding, and mistakes such as downloading an attachment, or clicking on any suspicious link.
Photo by Ethan Robertson / Unsplash.
