What is a Macro Enabled Document?
A macro enabled document is a digital document (i.e. Microsoft Word or Excel) that contains code used to automate repetitive tasks. Macros are commonly used by attackers to infect users with malware.
What type of Macro Enabled Documents are blocked by CJSM?
Only macro enabled documents that are detected as malware are blocked by CJSM. Macro enabled documents created in older versions of Microsoft Office (2013 and earlier) have similar identifying markers as malware, and may be blocked by CJSM antivirus.
What you need to do
Organisations are advised to disable macros from automatically running in macro enabled documents. For information on how to do this and further information of the risks of macro enabled documents refer to the NCSC guidance: https://www.ncsc.gov.uk/guidance/macro-security-for-microsoft-office#section_1
If your macro enabled document is blocked by CJSM then please first scan the file with up to date antivirus to confirm it hasn't been modified without your knowledge. Then either remove the macro (Save-As a non-macro enabled file) or update the macro enabled document to a Office 2016 or later version and re-send. If your file continues to be blocked then please contact the CJSM Helpdesk on 0207 604 5598 between 08:00 Monday to Friday, or e-mail firstname.lastname@example.org.
Organisations are encouraged to apply for and maintain NCSC Cyber Essentials which will assess an organisation's security posture against common security attacks which includes macro enabled document security. For more information on the Cyber Essentials scheme please see the IASME website: https://iasme.co.uk/cyber-essentials/about-cyber-essentials/
After listening to feedback from our users we are happy to announce the introduction of a new feature, notifications for SHARED webmail boxes.
Organisation Administrators will now have the ability to set a non-secure e-mail address which will receive an e-mail notification (from email@example.com) each time a secure e-mail is delivered to a CJSM shared mailbox.
To add a non-secure address to receive notifications, the Organisation Administrator should take the following steps:
NAVIGATE TO ADMINISTRATION > SHARED MAILBOXES
PRESS THE THREE VERTICAL DOTS TO THE RIGHT-HAND SIDE OF THE SHARED MAILBOX
PRESS EDIT > DETAILS > NOTIFICATION E-MAIL ADDRESS
UNDER NOTIFICAITON EMAIL ADDRESS INSERT THE DESIRED E-MAIL ADDRESS
If you have any questions regarding this new feature, please contact the CJSM Helpdesk on 0207 604 5598 or via email firstname.lastname@example.org.
On 1/4/2021 there were changes to some government email addresses. Please note that this change will not impact your existing CJSM account. However, you may experience issues sending to certain gov.uk destinations.
Emails to addresses containing the following are likely not to be delivered:
Emails to addresses containing the following will not be delivered:
If you experience any delivery issues please reach out to the recipient and ask them to provide a new e-mail address.
If you have any questions on the back of this notification please contact the CJSM Helpdesk on 0207 604 5598 or via email email@example.com.
What are phishing attacks?
Phishing emails are designed to convince you into either handing over potentially sensitive information or downloading malicious software on to your machine. Some sophisticated phishing emails could even be designed to look like they are from CJSM.
What does a phishing email look like?
Phishing emails are designed to look as real as possible, and to the untrained eye can look more or less identical to an email from a trusted sender.
If you find the following features in an email from a seemingly reliable sender, it is often a hint that the email is a phishing attack:
Incorrect spelling and grammar / Name in the email address not matching the user details in the email body / An email received from an unknown sender or email address / An unexpected change to the look/ layout of an email.
Please note that all non-secure CJSM notifications will ALWAYS come from CJSM System firstname.lastname@example.org and will have a link to https://www.cjsm.net.
We are not aware of any CJSM related phishing attacks and no action is required on the back of this notice. The purpose of this notice is to provide information and ask everyone to remain vigilant against any potential spam e-mails or phishing attacks.
We strive to provide the highest levels of security and to keep your data safe at all times.
If you have any questions on the back of this notice please contact the CJSM Helpdesk on 0207 604 5598 or via email email@example.com.
Did you know that in the event that you ever forget your password, or you have enrolled in MFA* and lost your MFA device, a verified phone number can be used to send a recovery SMS to yourself which will allow you to regain access to your CJSM account.
To add a recovery phone number please follow the steps below:
1 - Login to your CJSM account. 2 - Click on the 'Administration' tab, you should then see the 'More' tab below logout. 3 - Click on the 'More' tab and then navigate to 'Account Details'. 4 - Click the 'Account Security' tab followed by 'Recovery Phone Number'. 5 - You should be able to enter your recovery number after providing your CJSM password.
When you successfully enter your recovery number a one-time verification code will be sent to your phone. Please note that your one-time code is only valid for 5 minutes, after this period a new code would need to be generated.
If you have any issues please contact the CJSM Helpdesk on 0207 604 5598 or via email firstname.lastname@example.org and we will be more than happy to help.
*Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.