Common problems with shared email accounts
Shared email accounts are a common practice in the shipping industry, but they come with significant risks. When multiple crew members use the same account, it becomes impossible to determine who actually sent a particular message. This lack of traceability makes it difficult to verify orders, investigate incidents, or enforce accountability. These issues can have serious operational and financial consequences.
Beyond accountability concerns, shared accounts also introduce security vulnerabilities. If one crew member falls victim to phishing or if credentials are leaked, an attacker can infiltrate the account and impersonate key personnel. Cybercriminals frequently target the maritime industry, making shared accounts an added risk.
Security risks of shared accounts
- Increased exposure
A single compromised password can give hackers access to critical communications, allowing them to impersonate officers, issue fraudulent instructions, or gain access to sensitive operational data. Since multiple users rely on the same credentials, it becomes difficult to enforce multi-factor authentication (MFA), making the account even more vulnerable.
- Lack of individual accountability
When an email is sent from a shared account, there is no way to verify the sender. This creates uncertainty in communication, delays decision-making, and complicates audits or investigations.
- Difficult and manual routines for revoking access
When crew members change roles or leave a vessel, managing access becomes cumbersome. Updating passwords for a shared account requires manual intervention and is often neglected, increasing the risk of former employees retaining access.
Read more about modern security risks in maritime email
Compliance and best practices
Major email providers, such as Microsoft, discourage or outright prohibit the use of shared accounts. While there are currently no strict regulations mandating personal logins for the maritime sector, global cybersecurity policies are evolving in that direction. Adopting personal logins now can help shipping companies stay ahead of compliance demands and avoid future disruptions.
Best practices, including guidelines from the International Maritime Organisation (IMO) and the National Institute of Standards and Technology (NIST), emphasize the importance of strong access management policies.
The IMO’s Guidelines on Maritime Cyber Risk Management states that:
“Effective cyber risk management should also consider safety and security impacts resulting from the exposure or exploitation of vulnerabilities in information technology systems. This could result from inappropriate connection to operational technology systems or from procedural lapses by operational personnel or third parties, which may compromise these systems”
Introducing personal login to role-based mailboxes
Why personal logins to role-based accounts are a solution
Implementing personal logins for corporate email accounts offers several advantages:
- Enhanced security
- Each user has their own credentials, reducing the risk of unauthorised access.
- Multi-factor authentication (MFA) can be enforced for individual users.
- In case of a breach, it is easier to isolate and contain the impact.
2. Better accountability and traceability
- Every email can be attributed to a specific individual, helping to track decisions and responsibilities.
- Incident investigations and audits become more efficient and reliable.
Learn how to enable personal login to role-based mailbox with Dualog Mail
3. Simplified access management
- Revoking or updating credentials is straightforward when crew members change roles or leave.
- Eliminates the need for frequent password updates on shared accounts.
4. Regulatory compliance and future readiness
- Aligns with cybersecurity best practices recommended by major organizations.
- Prepares companies for potential future regulations requiring personal logins.
While shared email accounts may seem convenient, the risks they pose to maritime operations are significant. Switching to personal logins will strengthen security and improve accountability. Don’t wait for an incident, act now to protect your communications and ensure a safer, more secure operational environment.
Try role-based mailboxes with personal logins on your ships – for free
