Risks of sharing an email address

Your corporation might have good reasons for your directors, contact person, secretary or staff to share an email address, but it should be avoided as much as possible. 

When multiple people use the same email address it can be hard to track activity back to a specific person and even harder to track cybercriminals breaking in. A breach in data security could result in privacy violations, legal consequences, and loss of trust.

With multiple people accessing one email address you could experience:

  • privacy breaches: Sensitive or private information could be viewed or accessed by unauthorised individuals, leading to privacy violations. 
  • hacking into other accounts: If you use the same email address to access other accounts (e.g. for accessing banking, social media, accounting software, ORIC online lodgement) you are more vulnerable to unauthorised access or losing control of your other accounts. If someone with access to the email address generates a password reset email they may hack your other accounts too.
  • confusion and miscommunication: With multiple people opening, replying and deleting emails, it’s easy to lose track of important messages, leading to missed communication or actions. It can also result in confusion about who sent to received specific emails. 
  • difficulty in accountability: It’s challenging to assign responsibility or track actions. This is because it’s harder to pinpoint who took specific actions, like sending an email, clicking on a malicious link, or simply making an honest mistake. If someone doesn’t complete a task on time, they can claim they didn’t see the email because someone else may have deleted it, or claim they thought someone else actioned it. A disgruntled person with access to the email account might use it for harmful purposes such as sending emails misrepresenting your corporation.
  • data loss: Unless you change the password after people leave your corporation, they might continue accessing the account, change or delete data and records, or and possibly lock you out unless you change the password. 
  • compromised professionalism: Using a shared email for business or professional communication can undermine credibility if messages are not properly signed recipients don’t know who sent the email. 

For more see Small business cyber security guide | Cyber.gov.au

To maintain security and privacy we recommend that corporations don’t have multiple people using the same email address. 

How you can mitigate this risk

Log in to ORIC’s online lodgement portal to check if your corporation people are using the same email address. If they are, change their email addresses by lodging a Change of director, contact person or secretary details form.

Content last updated: