What’s the Latest Development?
IT administrators who are charged with protecting the security of company networks now have one more thing to worry about: employees’ out-of-office messages. Common bits of information included in these notifications, including dates of absence, phone numbers, and even supervisors’ names, can be cobbled together to give a criminal the key to acquiring even more sensitive data. According to security expert Andy O’Donnell, “They could [use that information] and contact a department of that company claiming to be the supervisor of that person and they could get that person’s Social Security number if people aren’t thinking on their feet.”
What’s the Big Idea?
O’Donnell, who also runs the Network Security page on About.com, says that when he sends a newsletter to his subscribers, “it will prompt an out-office-reply for a lot of people…They put a lot of their business in those replies when they don’t know who’s going to get them.” Among his suggestions for closing this potential security hole is this one to administrators: A clear policy that details what can and cannot be included in an out-of-office message.
Photo Credit: Shutterstock.com