Give Joy this Holiday, not your Sensitive Data

The end of the year is quickly approaching, which means employees and companies are planning for the new year, but not without some time off for the holiday. As a star employee, you want to make sure that all the ‘T’s are crossed and the ‘I’s are dotted. As you’re checking your list twice, you realize you forgot to set your out-of-office (OOO) message – the most important step in letting your team know that you, too, have decided to enjoy family time and bring some warmth to the coldest time of the year.

Easy peasy, you think, “I’ll just let them know I’ll be traveling for two weeks and if they need anything to contact Chris, in finance, at his cell phone number. He is always responsive.” You think this OOO checks all the boxes: tells the recipient how long you’re traveling, when to expect a return and includes a backup contact to reach in case of urgent issues. You even think about telling them exactly where you are planning on going because you are just that excited!

To you, the following OOO message seems perfect. So you hit ‘save’ and wrap up your last day so you can start enjoying your two week vacation:


Since this message automatically goes out to everyone, let’s take a look at how effectively this OOO message broadcasts personal information to the world – including attackers, who receive instant confirmation they have a valid email address.


1. **Don’t include information about your destination or activities**
As excited as you are about your upcoming vacation, revealing your whereabouts gives attackers information that can lead to sophisticated impersonation attacks.
2. **Only share need to know information**
If you have to set an OOO message, set automated responses to only reply to those within your organization. Keep your message short and brief. Including details of your absence lets attacks know how much time they have to execute.
3. **Eliminate contact information or role hierarchy**
Details of whom to contact during absences provide sought-after context for social engineering attacks. Unfortunately, most OOO messages include personal contact details that put colleagues and your company at risk.

It is best to implement alternative ways to signal your absence so that you do not put your company at risk. Learn how you can help your teams and clients operate smoothly in your absence, without needing to set an OOO message.

## Amorblox Tips and Tricks to Forgo OOO Messages:

* Communicate and pass along necessary details directly with your manager and let internal teams know the dates you will be out of office via a calendar hold or direct email.
* Update your Slack or Teams to out-of-office, utilizing the custom status option for additional details if necessary.
* If you have external parties who you communicate with frequently, share the exciting details of your travels directly and remind them of the return date during prior conversations.
* For ongoing projects that may need support, make introductions of individuals that will assist while you are away.
* Encourage colleagues to utilize the company directory for updated contact information for you or contributing individuals they may need to reach while you are away. This prevents the need to include contact information in automated OOO messages and protects sensitive information from getting in the hands of attackers.

#### *[Armorblox](https://www.armorblox.com/resources/) eliminates the guesswork of email security and keeps sensitive data out of the wrong hands, so both you and your company are protected.*