In the first place, intruders using ‘social engineering’ techniques will find that simple “Out of office” messages can give them an excellent foothold for breaching security. These messages often give information like where you are, how long you’ll be away for, who will be taking care of things in your absence... and all of this information can in turn be used to trick unsuspecting or untrained switchboard staff into giving away even more information.
To deal with this kind of problem, the best thing is to simply avoid leaving an automatic message (depending on your own company’s policy, of course) and if you do, make it as brief as possible. Just say that you’re not in the office and that’s all. Most people won’t be interested in exactly where you are or when you’re getting back, and if they really are, they can easily contact someone else in the office to sort things out while you are away.
Very often people leave someone to keep an eye on their inbox to deal with anything important that comes in. But delegating this task implies a breach of security polices which should not even be considered if the information in any way sensitive. Even in order to let someone check your mail, you’ll have to give them your passwords for connecting to the network and mail server.
So obviously you can only leave someone that you can trust with this data, as at any time in the future they would be able to enter the network pretending to be you and with your privileges.
The best solution is to temporarily change the access details (passwords etc.). If you normally use certain details throughout the year, you can create new ones when you are going to leave someone in charge of your email. In this way, when you return you can simply restore the usual passwords and continue working normally. Also, make sure these temporary passwords can’t give away any clues as to how to work out your usual passwords. If, for example your usual password is a combination of your initials and those of the person next to you, make sure you use a different system to create your temporary password.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.