Role-Based Email Addresses

Unsupported Email Addresses: Role-Based Addresses (RBA)

When signing up for MySAU, it is important to use a personal, individual email address rather than an role-based email address. This article explains what role-based addresses are and why we do not support them for account creation and access to MySAU.

What is a Role-Based Email Address?

A role-based email address is an email account associated with a specific job function, department, or group within an organisation, rather than an individual person. Common examples of role-based email addresses include:

• info@company.com.au

• support@company.com.au

• sales@company.com.au

• admin@company.com.au

These addresses are typically accessed by multiple people and are used to distribute communications related to specific functions within the organisation.

Why we’re phasing out Role-Based Addresses

There are several important reasons why we’re phasing out support for role-based addresses for accessing MySAU:

1. Increased Vulnerability to Cyber Attacks - Role-based email accounts are prime targets for cybercriminals because they are often publicly listed and used by multiple people, they are more vulnerable to compromise. The Australian Cyber Security Centre (ACSC) has highlighted the risks associated with business email compromise (BEC), which frequently involves these types of accounts​.

2. Security - Role-based addresses are often shared among multiple individuals, making them inherently less secure. This shared access increases the risk of unauthorised entry to your company’s MySAU account. If a role-based address is compromised, multiple users may be affected, potentially allowing unauthorised individuals to access sensitive information about your account and services.

3. Privacy - Using personal email addresses ensures that sensitive communications and notifications are sent directly to the intended recipient, not to a shared inbox. This reduces the risk of confidential information being exposed to unintended parties within your organisation.

4. Accountability - With individual logins, actions within MySAU can be tracked back to specific users, improving accountability. This is important for tracking changes, ensuring compliance, and auditing purposes. Role-based addresses make it difficult to attribute actions to a single user, leading to potential confusion and reduced accountability.

5. Best Practices for Access Control - MySAU is designed with security and compliance in mind. As a best practice, each member of your company should have their own login credentials. This approach helps maintain a secure and organised environment, ensuring that users only have access to the information they need.

6. Easier ‘Offboarding’ - When employees leave your company, it’s important to be able to quickly and painlessly remove their access to secure systems. Individual email logins make this process straightforward - simply deactivate the specific users account. With role-based addresses, multiple people might be accessing the portal through the same login, making it challenging to remove access for just one person without disrupting access for others.

What should you do?

When signing up for MySAU, or adding contacts to your account, use individual email addresses associated with a specific person within your organisation. This will help to ensure that your account remains secure, private, and fully accountable.

If you have any questions about our policy or need assistance with account or contact setup, please reach out to our support team.