A “found object” from my Inbox (with sundry modifications).
A vacation greeting from our CSS OPSEC experts!
It’s absolutely fantastic that you’re soon going on holiday and are not at the office. And we’re sure it’s very well deserved! But before you go, consider this – you don’t have to tell the world where you are going, who you are taking with you, why you are going, what kind of disease(s) you have (if there is an illness) or even that you are sick.
The only information vital to an out-of-office message is from when to when you are gone and whom to contact in your absence. If you want to tell colleagues more as part of Outlook’s “Inside my organization” options, then that is your choice. But anything more than “when to when and whom” for externals is a bit excessive. Especially considering the sorts of phishing calls and emails that are currently trending.
P.S. We at CSS also use such tactics for phishing and social engineering when doing various security assessments – hence this tip.
Alternatively, instead of a when to when and whom out-of-office message, you could try something like this.