Out of Office Messages -- Are they a risk?

Many employees bound for vacation enable their Outlook out-of-office function and modify their voice mail message so those sending e-mail messages or calling know they are unable to respond to incoming messages. But is there a potential security risk in doing so?

Perhaps, but UNMC's Information Technology Services staff says there are reasonable steps employees may take to mitigate potential risks without disabling the out-of-office function.

To mitigate any potential risks, ITS recommends employees:

  • Configure your  out-of-office agent so it does not reply to Internet addresses. Doing so, will keep the message from getting looped into a listserve. It also minimizes other risks by not releasing the out-of-office information outside of the company/organization.
  • Be advised of the potential risks posed by out-of-office messages.
  • Using vague wording, such as "currently unable to reply until xx/xx/xx" or "not in the office at the moment." Avoid saying that you are on vacation.
  • Do not provide your mobile or home phone number, address, or hotel contact information within the out-of-office message.
  • Do provide alternative contact details and make sure that the designated person is fully briefed regarding your absence so they do not give information to unidentified callers.

Out-of-Office Potential Risks
Risk to personal property... letting the sender know you are out of town and make your home the target of a break-in.  

Risk to UNMC campus security... telling the sender that your log-on ID is not in use, prompting them to experiment with it or try to hack into the system.  

Personal privacy concerns... if you leave personal or cell phone numbers or hotel information on your out-of-office message, it could be abused for unsolicited purposes.