As part of our continued commitment to enhance the security of the CJSM service, we are following up the enforcement of multi-factor authentication (MFA) and upgrades to our Webmail service with an additional security control, CJSM Defend.
CJSM Defend is an anti-phishing and malware protection service integrated into the CJSM platform that will provide advice to users on emails received via CJSM, indicating whether the email is potentially harmful. This will help the CJSM community be better informed when dealing with email phishing attempts which are on the rise.
How CJSM Defend works
Incoming emails will have a coloured banner inserted to inform you how the email has been classified. The colour of the banner corresponds to the associated level of threat. There are three colour classifications: blue, amber and red.
If an email contains a link, the link rewriting feature helps to prevent time-based attacks by rewriting links and checking at time-of-click. Unsafe links are redirected to a warning page with contextual details. If you are concerned that this may cause issues with your service, specifically if your organisation sends single use links (URLs), please reach out to the CJSM Helpdesk at your earliest convenience via cjsm.helpdesk@egress.com or cjsm.helpdesk@egress.cjsm.net.
A breakdown of the banners alongside further information on the CJSM Defend service can be found here - https://cjsm.justice.gov.uk/training/pdfs/CJSM%20Defend%20-%20User%20Guide%202024v1.0.pdf
CJSM Defend is an advisory notice to provide its users with additional information and guidance and must not replace individuals and organisations existing processes for managing malicious emails.
The rollout of the CJSM Defend service will begin the week of Monday, 2nd December, and will be made available to all users in due course.
If you have any questions, please feel free to reach out to the CJSM Helpdesk, open Monday to Friday between 08:00 - 19:00. We can be contacted via email, cjsm.helpdesk@egress.com or telephone, 0207 604 5598.
We are happy to share that we have several planned updates and improvements coming to CJSM, starting in the next couple of months and continuing into the new year. These updates are designed to enhance your experience of CJSM, offering greater usability, security, and overall performance.
Here is a brief overview of what you can expect:
User Interface and Experience (UI/UX) Improvements: We are refining the design and flow of CJSM to make it even more intuitive, efficient, and user-friendly.
Additional Security Tools: We will implement additional security controls to provide even stronger protection and peace of mind as you use our platform.
While each update will have its own specific communications and rollout schedule, we want to assure you that all changes will be aimed at improving your experience and providing greater value.
Further information regarding the specific rollouts will be provided in due course, and our team will be on hand to assist with any questions or support you may need during this transition.
If you have any questions or need further information, please feel free to reach out to us via cjsm.helpdesk@egress.com.
Did you know that in the event that you ever forget your password, or you have enrolled in MFA* and lost your MFA device, a verified phone number can be used to send a recovery SMS to yourself which will allow you to regain access to your CJSM account.
To add a recovery phone number please follow the steps below:
1 - Login to your CJSM account. 2 - Click on the 'Administration' tab, you should then see the 'More' tab below logout. 3 - Click on the 'More' tab and then navigate to 'Account Details'. 4 - Click the 'Account Security' tab followed by 'Recovery Phone Number'. 5 - You should be able to enter your recovery number after providing your CJSM password.
When you successfully enter your recovery number a one-time verification code will be sent to your phone. Please note that your one-time code is only valid for 5 minutes, after this period a new code would need to be generated.
If you have any issues please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com and we will be more than happy to help.
*Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
Following the invasion of Ukraine, the National Cyber Security Centre (NCSC) urged UK organisations to strengthen their cyber resilience. As a result, the Ministry of Justice have brought forward plans to introduce multi-factor authentication (MFA) when logging in to the CJSM website/webmail service. MFA is already available on CJSM and can be activated by your local CJSM administrator. You can use MFA either by using an authenticator app (known as TOTP) or enrolling for MFA by email. Enforcing MFA for all organisations will be rolled out over the coming months, starting with new organisations joining the service from Monday 21st March 2022 and we will roll out to everyone else as soon as it is practical to do so.
What is multi-factor authentication?
Sometimes known as two factor authentication, it’s described as “something you know and something you have”. The something you know is your password, the something you have is a code which you get either from an Authenticator/TOTP App (such as Google or Microsoft Authenticator) or by email. These codes will change each time you log in. There is a section on MFA in the CJSM Help, including how local administrators can enable it for their organisations now rather than waiting for it to be enforced.
What is the guidance from NCSC?
The statement and links to advice from NCSC can be found at www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
What are phishing attacks?
Phishing emails are designed to convince you into either handing over potentially sensitive information or downloading malicious software on to your machine. Some sophisticated phishing emails could even be designed to look like they are from CJSM.
What does a phishing email look like?
Phishing emails are designed to look as real as possible, and to the untrained eye can look more or less identical to an email from a trusted sender.
If you find the following features in an email from a seemingly reliable sender, it is often a hint that the email is a phishing attack:
Incorrect spelling and grammar / Name in the email address not matching the user details in the email body / An email received from an unknown sender or email address / An unexpected change to the look/ layout of an email.
Please note that all non-secure CJSM notifications will ALWAYS come from CJSM System noreply@system.cjsm.net and will have a link to https://www.cjsm.net.
We are not aware of any CJSM related phishing attacks and no action is required on the back of this notice. The purpose of this notice is to provide information and ask everyone to remain vigilant against any potential spam e-mails or phishing attacks.
We strive to provide the highest levels of security and to keep your data safe at all times.
If you have any questions on the back of this notice please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com.