“My calendar is up to date.”

“Just put it on my calendar.”

“If it’s not on my calendar, it won’t happen.”

How many times do we hear these phrases in our daily work lives? How much do we rely on something as simple as Outlook Calendar to run basically every aspect of our work?

Usually, the answer is a lot. The use of Outlook Calendar is so pervasive in our work culture that it’s become automatic, something we don’t even think about anymore. It keeps everyone organized and on the same page. It’s critical to running our organization and ourselves.


Would you like to try Office Protect for free? Learn more in our Ultimate Guide to Office365 Security


The Dangers of Calendar Sharing

For this reason, someone’s Outlook Calendar can be very telling of an organization. A key individual’s calendar (or even their assistant’s) can basically spell out how an entire department works over time.


What Could Hackers Really Learn?

Someone who hacks into your Outlook Calendar could identify key players in the upcoming product line, when they’ll be meeting, and how (and where) they’ll be working.

They could also glean random information, such as the fact that the legal department is about to implement a new policy, or even that the president of the company leaves every Wednesday at 3 p.m. to attend a yoga class.

But so what? Surely the fact that someone outside your organization knows this information doesn’t mean that you’re compromised, right?

Wrong. The above information can make you a prime target for anyone with malicious intent. Let’s look at each scenario above to see how it’s problematic for your security.


A New Product Line


Even looking at a lower level product manager’s calendar would reveal information like “Product X weekly meeting” or “Discussion about adding webcam feature.” This could allow hackers to sell information to your competitors about your upcoming product plans and schedules.

It could also give them access to people higher up the chain who guard more sensitive information. They could then target and steal information from those people’s accounts.

Additionally, the more information that is revealed about who works on what project, the more easily those people can be targeted. For example, scammers or hackers could send out a phishing email to you and everyone on a project with a convincing subject line, such as “New Project X document sharing.” Unless you and your team members anticipated this kind of attack, you’d be none the wiser.


New Legal Policy

Scammers who spy on your organization’s calendars could discover that your legal department is about to announce a new policy. Armed with this information, they could step in and send a seemingly legitimate email on the department’s behalf. Your employees could then find themselves the victim of a Trojan email, phishing, or malware embedded in attachments. What makes this sort of phishing especially dangerous is the fact that it has a legitimate context. After all, how many times do you check to see if an email from HR or your legal department is spam?


The Company President’s Schedule

This one might seem far-fetched—aren’t company presidents the most conscious about security? The most protected? Most of the time, yes. But they are also some of the busiest, most distracted people in the company. Sometimes, they’re so distracted that details like internet security slip their mind.

If this happens, and the company president were to inadvertently share their calendar, hackers could gain access to all sorts of sensitive information or use social engineering to fool even the most cautious employees.

For example, they could send a company-wide email titled, “Check out these photos from my yoga class!” Most people wouldn’t be able to resist the temptation. Scammers could also do something as simple as using the president’s absence to target other key executives in the company, knowing that they’re more likely to slip up if the boss isn’t right down the hall.

Even more dangerous is the possibility of someone kidnapping key officials like this and holding them for ransom if they know when and where they will be outside of the organization’s secure walls.


How Can We Prevent These Scenarios?

As you can see, calendars are definitely not full of harmless information—they could easily be the fuel that a hacker needs to set fire to your company. With that in mind, it’s more important than ever to keep all of your employees’ Outlook calendars secure.

But how? Some calendar sharing is convenient and makes it easier to schedule meetings. You also obviously can’t stand over everyone’s shoulder and make sure they do not accept calendar sharing requests from strangers. So what can you do?


The Solution

Fortunately, Office Protect is here to help. A simple setting can solve all of your calendar sharing security needs. While this is a feature that is offered by Microsoft, it can sometimes be challenging to enable or find, and Office Protect makes that much simpler for busy people like you.

You can also implement these settings just for certain user groups without targeting every single user, which could be helpful if you have a particular group that has different needs from the rest of the organization.

First, go to your dashboard. Access the settings, and you’ll see the toggle menu, security impact (medium), and user impact (medium).


Calendar Sharing Settings

You will also be given the choice of three possible settings: Disabled, Authenticated Only, and Public.

Disabled—this prohibits all calendar sharing. While this is obviously the most secure setting, it may negatively impact your company’s workflow.

Authenticated Only—our most popular setting, this enables calendar sharing only for authenticated users (e.g., your employees). This way, you can still use a normal workflow but prevent any accidental sharing with people outside your organization.

Public—this would allow all of your employees’ calendars to be shared publicly and is not recommended.

As you can see, this simple feature can help you prevent a number of worst-case scenarios and save your business from potentially harmful data loss.

Check out what else Office Protect can do for you today!

Written by Mathieu Pipe-Rondeau Marketing Communications Specialist @ Sherweb

Mathieu is responsible for Sherweb’s blog content and organic social media. Highly conscious of branding and related communications, he’s constantly on the lookout for new and better ways to showcase Sherweb to the world. Mathieu has ten years of communications and marketing experience, including expertise in knowledge management, process creation and improvement, technical writing and content strategy. When he’s not producing engaging content, Mathieu enjoys cooking, singing and skateboarding with his son.