Last year we told you we were planning to introduce multi-factor authentication (MFA) when logging in to the CJSM website/webmail service. MFA has been mandatory for all organisations joining the service for over a year now and the time has come to roll it out to all webmail users and administrators.
We will be rolling this out over the coming months. Further communication will follow to all affected organisations, and we will always give at least six weeks notice prior to any enforcement.
FAO Organisation Administrators
You don't have to wait for us to switch it on, MFA is already available on CJSM and can be activated by the following route: Administration/Properties/Multi Factor Authentication/Organisation Wide MFA Enforcement: "Enabled". (Although please check with your managers/IT team before switching on).
What is multi-factor authentication?
Sometimes known as two factor authentication, it's described as "something you know and something you have". The something you know is your password, the something you have is a code which you get either from an Authenticator/TOTP App (such as Google or Microsoft Authenticator) or by email. These codes will change each time you log in. There is guidance on MFA in the CJSM Help section, including how local administrators can enable it for their organisations now rather than waiting for it to be enforced.
If you have any concerns on the introduction of MFA please do contact the CJSM Helpdesk via cjsm.helpdesk@egress.com.
Did you know that in the event that you ever forget your password, or you have enrolled in MFA* and lost your MFA device, a verified phone number can be used to send a recovery SMS to yourself which will allow you to regain access to your CJSM account.
To add a recovery phone number please follow the steps below:
1 - Login to your CJSM account. 2 - Click on the 'Administration' tab, you should then see the 'More' tab below logout. 3 - Click on the 'More' tab and then navigate to 'Account Details'. 4 - Click the 'Account Security' tab followed by 'Recovery Phone Number'. 5 - You should be able to enter your recovery number after providing your CJSM password.
When you successfully enter your recovery number a one-time verification code will be sent to your phone. Please note that your one-time code is only valid for 5 minutes, after this period a new code would need to be generated.
If you have any issues please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com and we will be more than happy to help.
*Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
Following the invasion of Ukraine, the National Cyber Security Centre (NCSC) urged UK organisations to strengthen their cyber resilience. As a result, the Ministry of Justice have brought forward plans to introduce multi-factor authentication (MFA) when logging in to the CJSM website/webmail service. MFA is already available on CJSM and can be activated by your local CJSM administrator. You can use MFA either by using an authenticator app (known as TOTP) or enrolling for MFA by email. Enforcing MFA for all organisations will be rolled out over the coming months, starting with new organisations joining the service from Monday 21st March 2022 and we will roll out to everyone else as soon as it is practical to do so.
What is multi-factor authentication?
Sometimes known as two factor authentication, it’s described as “something you know and something you have”. The something you know is your password, the something you have is a code which you get either from an Authenticator/TOTP App (such as Google or Microsoft Authenticator) or by email. These codes will change each time you log in. There is a section on MFA in the CJSM Help, including how local administrators can enable it for their organisations now rather than waiting for it to be enforced.
What is the guidance from NCSC?
The statement and links to advice from NCSC can be found at www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
What are phishing attacks?
Phishing emails are designed to convince you into either handing over potentially sensitive information or downloading malicious software on to your machine. Some sophisticated phishing emails could even be designed to look like they are from CJSM.
What does a phishing email look like?
Phishing emails are designed to look as real as possible, and to the untrained eye can look more or less identical to an email from a trusted sender.
If you find the following features in an email from a seemingly reliable sender, it is often a hint that the email is a phishing attack:
Incorrect spelling and grammar / Name in the email address not matching the user details in the email body / An email received from an unknown sender or email address / An unexpected change to the look/ layout of an email.
Please note that all non-secure CJSM notifications will ALWAYS come from CJSM System noreply@system.cjsm.net and will have a link to https://www.cjsm.net.
We are not aware of any CJSM related phishing attacks and no action is required on the back of this notice. The purpose of this notice is to provide information and ask everyone to remain vigilant against any potential spam e-mails or phishing attacks.
We strive to provide the highest levels of security and to keep your data safe at all times.
If you have any questions on the back of this notice please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com.