Out of Office notifications can also lead to data leakage and cyber attacks
The use of out of office notifications is one of the most popular tools available to business professionals who wish to share with those who correspond via email that they may be away or delayed in getting back to them.
This is a great way to let others know that you are away from your office for a specific time period. When people go for a business trip or vacation they use the Out of Office tool in their Microsoft Outlook to ensure there is no hindrance in regular business activities. Did you know that this helpful feature also poses a great risk to the business that can lead to possible data leakage or cyber attack?
Many businesses are taking the required safety precautions to protect their employee information and confidential business data, but many are unaware of the risks presented by out of office notifications.
Usually an out of office notification includes a brief clarification of why the respondent is out of the office, how long the respondent will be out office, who can be contacted in case of emergency, personal mobile number and email address to call as well the details of the person who can be contacted in the time of absence.
Although the information might not seem that critical, it can still be dangerous in the hands of a cyber criminal or attacker. If an attacker is looking for the email address or mobile number of a person from a specific company, they can utilize the out of office notification at a suitable time, especially the vacation notification.
Most business professionals will take a few days off around the Christmas period and Thanksgiving. In those times, what the potential attaker will do is send an email to most of the people in a specific company with a hope that they will get an out of office notification. It doesn’t take that much effort anyway. Since most of the official email address has the similar format, firstname.lastname or first initial last name they just send the emails to as many people as possible hoping to get the famous Out of Office notification.
So how could this information be risky in the hands of a potential attacker? To be honest one out of office notification won’t make that much difference. However, if the attacker manages to get multiple notifications, they will have a number of employee details along with vital information ex: mobile number, who is in charge and so on. For a seasoned attacker, these details are all the information they will need to strike an attack on your data or even physically break in to the office or even worse, cross reference this information with a person’s home address and try to cause harm to their residense.
Organizations should be really concerned about the use of Microsoft Outlook’s Out of Office tool. As a standard practice, people shouldn’t mention more than the necessary information and leave personal details out of their Out of Office notification.
Here is an example of a suitable Out of Office message:
Thank you for attempting to contact me. I am out of the office currently and will respond at my first opportunity. If your need is urgent please call our main office number at 212.555.1212. Thank You
The Internet is a haven for cyber attackers and regular criminals. Take the required safety precautions to protect yourself, your business and your famlly.
If you would like a complimentary review of your IT security, please call our office today and our team would be more than happy to discuss how you can protect your business.
Comments are closed.