As the Summer holiday season gets underway, you may well be tempted to leave a jaunty 'out of office' message on your email. But after reading this, you might think twice before you do.
So what's the harm in the seemingly innocuous note to let your colleagues and clients know that you'll be basking in the sun and knocking back a few margaritas for the next few weeks?
Online security experts highly recommend that if you want to use an out of office message, you need to significantly limit the amount of information you provide. By admitting that you're topping up your tan in Tahiti for a fixed time period, you're offering vital information to would-be cyber thieves that you won't be in your office (or at home).
Then it's a relatively simple matter of finding out where you work and live. Et voila. All the data a criminal needs to rob you blind, safe in the knowledge that you won't be around to prevent it happening.
Online expert Andy O'Donnell, who is responsible for network security at About.com, claims to have seen plenty of "crazy stuff" in out of office messages. His simple advice:
"It's amazing what people put in them and reveal about themselves. My rule of thumb is, if you wouldn't tell a room full of strangers the information, you shouldn't put it in your [out of office] reply."
O'Donnell also offers four basic tips to ensure that you avoid revealing too much information:
- Use the facility to send a different message to people within your organization (with more pertinent information) and a far less detailed version to those who do not work directly with you.
- Set up an internal policy on out of office messages so that everyone is entirely clear what they can share and what they can not.
- Be intentionally vague about your whereabouts. If you must use an out of office message, then simply state you are unavailable and will get back to the recipient as soon as possible.
- Don't use your usual signature block. This prevents potential thieves from phoning you to check if you're out of the country.
You may also wish to consider the advice given to me by a previous boss. His assertion was that you should never, under any circumstances, use out of office messages because they come across as unprofessional. He maintained that business leaders in this day and age are effectively 'always on' even when they're on vacation, and to admit that you're going to shut down for two weeks is unrealistic.
To an extent, I think he had a point. I know that whenever I'm away, I always make time to check my emails--even just once a day. I'll respond to anything that's urgent. Two weeks in most industries is an eternity, and I'd worry if I didn't check what was going on in my absence. (Or maybe I'm just a control freak.)
All that said, many would argue that checking emails defeats the purpose of taking a break in the first place--as you're not fully disconnecting from work. But people these days expect that they need to be flexible in their working lives whether that be in the evenings, at weekends or even on their holidays.
Admittedly, there will be times when you simply won't be available. Maybe you're on a desert island, or a boat with no access to WiFi. On those occasions, it's fair to share that you won't be contactable.
So what do you think? Do you think that the humble out of office message is a genuine threat to your security, or is the whole matter being overblown?
And what about the out of office message being a career-limiting move? Do you think that leaving a message makes you look unprofessional, or is that complete nonsense?
As ever, I'm keen to hear your views.