All kinds of businesses may have a generic email account, such as a security email address, that multiple users can access. In these situations, users don’t have their own unique logins; instead, they each share a single username and password to log into the mailbox to check messages or respond to emails. With systems like Microsoft Outlook, this practice is exceedingly common. However, allowing several employees to log in with the same information can cause some major security risks for your organization.
Shared Emails vs User Emails
User mailboxes typically refer to individual inboxes that are unique to each employee. These accounts are only supposed to be used and accessed by one person to maintain security and privacy. When two or more users share a single user mailbox, or a single person uses the same password for multiple work accounts, it can become a cybersecurity threat.
A shared mailbox, also referred to as a group email in Office 365, is unique in that it allows for group collaboration and communication among teams. With a group email, employees can easily share files, calendar events, and use other collaboration tools offered by Microsoft. This type of email can’t be accessed directly via login like a user mailbox, which helps keep your data secure.
It can be a little confusing to distinguish between a user email and a group email at first glance. However, the differences are noted in the Office 365 Admin section to help you understand which account is right for each unique situation.
Risks of Sharing a User Account
Brent Williams, the Chief Information Security Officer at SurveyMonkey, says that 81% of hacking-related breaches occur due to stolen or weak passwords. When multiple users share the same login information, it increases the chances of a hacker being able to break into your system. Furthermore, if a hacker happens to find a shared Google document full of different shared passwords, they can wreak complete havoc on your business.
Allowing several employees to share passwords can also lead to issues with accountability and transparency. If 5 different people frequently access the same user account, for instance, it becomes nearly impossible to determine which person made which changes. An employee might skimp out on their fair share of work, make unapproved changes, or simply make an honest mistake, and there would be no way to tell which individual was responsible for what.
Another common issue of shared user accounts occurs after employees leave the company or move to another team. If someone no longer has any reason to be loyal to your business, they might still have access to sensitive information and data. Even worse, a frustrated former employee could potentially change the login information and lock everyone else out of the account.
When your business has a security breach, it doesn’t just impact your company and your employees. Your customers will have a difficult time trusting your store again, and you may see your sales plummet as a result. If the data breach was serious enough, you might even be on the line for lawsuits from buyers whose private information was compromised.
Benefits of a Shared Mailbox
Unlike sharing a single user mailbox, a shared group mailbox allows for greater security, accountability, and collaboration. Other benefits of a shared mailbox include:
- Reduced confusion. One of the most frustrating parts of emailing a group of people is when someone is accidentally added to the thread too late, so they have no idea what’s going on. Organizations of all sizes can waste precious time trying to catch everyone up to speed when critical communication happens mostly online. A shared mailbox emails every person simultaneously, making it easy for everyone to see all pertinent information at the same time.
- Greater accessibility to information. Each member of a team has unique responsibilities, so it can be easy for files to get lost in the shuffle. Instead of forwarding documents or files to different individuals, you can simply have a shared inbox to view all relevant information for your entire department.
- Ability to remove individual access. If an employee leaves the company or moves to a different position, it’s simple to remove her from the Office 365 group mailbox. This can be done entirely from the Admin section, without requiring the employee to do anything on their part. If the employee was using an individual user inbox, this wouldn’t be possible.
- Improved efficiency. Certain departments or teams can get quickly overwhelmed with numerous requests or tickets that need to be divided amongst the employees. A shared inbox allows each individual to see when requests come in, who claims responsibility for each task, and how everyone is progressing. This helps teams prioritize the most important tasks quickly while reducing the amount of redundant work.
- No license requirements. Office 365 groups don’t require a license to operate, which can save your organization money.
- Greater accountability. If someone doesn’t complete a task on time, they can claim they didn’t see the email or weren’t made aware of any changes. With a shared mailbox, pleading ignorance becomes much harder since all information can be viewed by each team member. Additionally, a shared mailbox still tracks individual information for each employee, so everyone can see if someone isn’t doing their fair share.
How to Create a Shared Mailbox
Ready to ditch the shared user accounts? Setting up a Microsoft 365 shared mailbox can be accomplished in just a few simple steps:
- Log into your Admin account.
- Click on Groups > Shared mailboxes.
- To create a new shared mailbox, click +Add a mailbox.
- Type in a name for the mailbox. This is what the “From” line will display in emails. Click Add.
- Under “Next steps,” hit +Add members.
- Click on which users you want to have access to the new shared mailbox.
- Hit Save, then click Close.
Shared Mailbox Permissions
Shared mailboxes also permit administrators to set different permissions for each user. With Microsoft Office, you can select from the following permissions:
- Full Access. This setting lets the employee access the shared mailbox and complete most functions. A user could read or delete emails, create new tasks, and add events to the calendar. However, this permission setting doesn’t allow the user to send emails from the shared mailbox.
- Send As. This setting lets the user send messages as if they were the sole owner of the account. For instance, if an employee with these permissions sent an email, the “From” line would simply look as if it was sent directly from the team or department in question.
- Send On Behalf. This permission lets a user send messages on behalf of the shared inbox. Instead of an email looking as if it’s from the “Marketing Department,” for example, the email might say that it was sent by “[User] on behalf of the Marketing Department.”
More Security Tips
Looking for more ways to keep your organization’s data secure? Check out the free Adobe Magento Commerce Security Best Practices Guide and access a step-by-step action plan for protecting your website!