Out Of Office Message Etiquette And Security Considerations
The property market freeze has placed an incredible strain on all businesses and stakeholders involved in the home buying and selling process.
Law firms have been forced to make difficult decisions in order to save their businesses with many employees placed on the government’s staff retention scheme.
Communication delays have been an unfortunate consequence of increases in furloughed employees and the majority of those still working adapting to remote working having to pick up the additional workload.
Email communication has been used as a way of resetting client expectations during the lockdown. Warnings of delays and informing recipients of your furloughed status or having left the firm are undoubtedly written with the best of intentions but what message are they really sending?
In recent weeks some conveyancing departments have displayed out of office messages such as ‘please note that in light of the current ‘lockdown’ all of our offices are closed’. This advises people of a law firm’s vacant premises and possibly the less well defended digital presence to online predators.
Similarly, seemingly helpful messages such as ‘I’m not working here anymore, your email may get forwarded to someone else but just in case it isn’t’, offers a cyber criminal the information that the email address is now dormant and can be spoofed without being caught.
To a cyber criminal, the information that the majority of the conveyancing team are now on long term furlough, is music to their dishonest ears.
It essentially means cyber criminals have the opportunity to steal email details, such as the employee domain, and start sending messages of their own in the hope of scamming the public.
Any successful spoof attempt will also damage a law firm’s reputation. Whilst it is important to communicate a change of circumstance with the people trying to contact a legal service provider, being mindful of the security consequences also needs to be considered when advising employees about their out of office content.
Jen Williams, head of security at The Practical Vision Network, commented:
“A furlough notice potentially signals to an attacker that the account is dormant and not being monitored. Its really important to block sign in to the account and to make sure that login attempts are being monitored.”