I'm concerned about my coworkers' use of out-of-office (OOO) notifications, particularly during the holidays, and how they may be used to carry out targeted or phishing attacks against the company. Do you have any advice for lowering out-of-office message security risk? Is there a template for the information that should be provided in an out-of-office notification? Or are out-of-office notifications worth the risk?