Employers are being urged to discourage staff from checking work emails while on holiday, after cybersecurity specialists warned that the practice could expose organisations to serious data breaches.
Cyber firm FLR Spectron has highlighted the hidden risk of digital presenteeism, with previous research showing that 67% of UK workers feel pressure to stay online during annual leave. In the same study, 42% admitted to checking their work inbox while away, often using unsecured devices or public Wi-Fi.
“Security breaches aren’t always caused by targeted attacks,” said Kamran Badhur, technical director at FLR Spectron. “They’re often down to someone trying to quickly check their inbox on public Wi-Fi, or forwarding a file to their personal account so they can access it more easily. These small shortcuts create real vulnerabilities.”
The warning comes as millions of employees take summer holidays, many of them continuing to work remotely — or at least stay digitally available — without proper security controls in place.
Common Holiday Habits That Can Compromise Data
FLR Spectron outlined four behaviours that may seem helpful but can inadvertently lead to a breach:
- Logging in on public Wi-Fi
Free internet in airports and hotels is rarely secure. These networks are often unencrypted and can be spoofed by hackers to harvest login credentials in seconds. - Forwarding emails to personal inboxes
While convenient, this bypasses enterprise-level security. Personal accounts lack the same protections and are more vulnerable to phishing and unauthorised access. - Skipping multi-factor authentication
Whether it’s to avoid delays or because of connectivity issues abroad, some employees disable multi-factor authentication. This removes a critical barrier against unauthorised access. - Using unapproved apps to send or store files
Free file-sharing tools may not encrypt data, or may default to public access. If not configured correctly, they can leave sensitive documents exposed.
“The issue isn’t just that staff are working while they’re away; it’s that most don’t have clear guidance on how to do it securely,” said Badhur.
Helping Staff Switch Off — Securely
The company says many holiday-related breaches are avoidable if employers address the culture that pressures staff to stay connected, and provide better tools and advice for those who do need to work.
Make full disconnection the norm
FLR Spectron advises organisations to send a clear message that staff are not expected to check in while on leave. This reduces unnecessary risk and supports better mental recovery.
Provide secure tools for remote access
If employees are working abroad, they should be equipped with secure virtual private networks (VPNs), company-approved apps, strong password management and app-based multi-factor authentication.
Use short, timely checklists
Instead of relying on dense policies, send a pre-holiday checklist outlining best practice, tools to use, risky behaviours to avoid and who to contact in an emergency.
Be specific about unsafe platforms
General warnings like “don’t use public Wi-Fi” often go unheeded. FLR Spectron recommends listing common insecure apps or tools, and blocking them at admin level where possible.
“You can’t control where your team travels, but you can influence how they work when they get there,” said Badhur. “Good cybersecurity isn’t just about systems, it’s about habits. If you don’t give people the right setup and support, they’ll make their own decisions. And that’s often when problems start.”
Security and Wellbeing Are Linked
Presenteeism during annual leave is not only a security issue; it also undermines employee wellbeing and recovery. By setting clearer expectations and removing pressure to stay connected, employers can protect both their people and their data.