Guidance on staying cyber-secure when you’re out of the office 

Before you put your ‘out of office’ on, consider implementing these four measures to keep your email cyber-secure 

CREDIT: This is an edited version of an article that originally appeared on NHS Digital

Email is the number one route for social engineering attacks. An automatic reply message not only sends the information to designated contacts, but it also bounces back to criminals who send phishing emails. Here are four simple ways to keep your email cyber-secure when you are out of office:

Share as few details as possible

When drafting an out-of-office message, consider what people truly need to know about an absence. You should provide enough information for informed senders to act accordingly should they need to, which means that uninformed senders – including those emailing with unsolicited or malicious requests – will have minimal information to act on.

Draft separate responses for internal and external replies

Take advantage of this option whenever possible. You can feel more confident about providing the name of an internal contact in replies that will go to people within the organisation. For external replies, reveal as few details as possible. 

Handle the ‘need to know’ before you go

Don’t rely on out-of-office responses to provide direction to colleagues you deal with most frequently. This is particularly critical if you’re part of activities such as:

• finance/invoice approvals;
• exchanges involving confidential data or intellectual property.

Before you leave the office, identify the people who are most likely to contact you with time-sensitive needs while you’re away.

Mind your social media 

To avoid a nasty surprise when you get back, avoid posting on social media when you are away. Here are some examples of what NOT to do:

• Post your out of office: there have been examples of people sharing a photo of their out of office reply on social media. This divulges the exact days of annual leave and who to contact, putting both your home and work at increased risk.
• Share stories: share any holiday highlights retrospectively to avoid revealing that you’re away, and your property is empty.
• Post a holiday countdown: the countdown feature on a ‘phone should be kept for personal use only, as posting this can provide the exact dates and duration of a holiday.