All system notifications

We will be carrying out essential maintenance on CJSM on either Saturday 29th October 2022 or Saturday 12th November 2022, from 14:00, for a MINIMUM of 2 hours.

Webmail users – you will not be able to access the service during this time. When service is restored, you will notice some changes to the look of the website with a new colour palette and logo along with several bug fixes.

All other users - may continue to use the service as normal, mail will be queued and delivered when the service is available.

Please make sure you have alternative means of communication for these weekends. We will send you reminders of these outages as it gets closer to the time.

Thank you for your continued patience and apologies for any inconvenience caused.

If you have any questions or concerns, please feel free to reach out to the CJSM Helpdesk via cjsm.helpdesk@egress.com.

Following the invasion of Ukraine, the National Cyber Security Centre (NCSC) urged UK organisations to strengthen their cyber resilience. As a result, the Ministry of Justice have brought forward plans to introduce multi-factor authentication (MFA) when logging in to the CJSM website/webmail service. MFA is already available on CJSM and can be activated by your local CJSM administrator. You can use MFA either by using an authenticator app (known as TOTP) or enrolling for MFA by email. Enforcing MFA for all organisations will be rolled out over the coming months, starting with new organisations joining the service from Monday 21st March 2022 and we will roll out to everyone else as soon as it is practical to do so.

What is multi-factor authentication?

Sometimes known as two factor authentication, it’s described as “something you know and something you have”. The something you know is your password, the something you have is a code which you get either from an Authenticator/TOTP App (such as Google or Microsoft Authenticator) or by email. These codes will change each time you log in. There is a section on MFA in the CJSM Help, including how local administrators can enable it for their organisations now rather than waiting for it to be enforced.

What is the guidance from NCSC?

The statement and links to advice from NCSC can be found at www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences

In light of the current international situation in Eastern Europe, the National Cyber Security Centre (NCSC) and the Government Security Group (GSG) in the Cabinet Office have warned of the potential for cyber attacks related to the current tensions to affect all UK organisations - either directly or indirectly.

The MOJ are working with all our suppliers, including Egress, and partners to ensure that there is a strong focus on cyber resilience.

We would like to draw your attention to the NCSC’s latest guidance (https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened) which provides practical advice of the steps you can take within your organisation.

What are phishing attacks?

Phishing emails are designed to convince you into either handing over potentially sensitive information or downloading malicious software on to your machine. Some sophisticated phishing emails could even be designed to look like they are from CJSM.

What does a phishing email look like?

Phishing emails are designed to look as real as possible, and to the untrained eye can look more or less identical to an email from a trusted sender.

If you find the following features in an email from a seemingly reliable sender, it is often a hint that the email is a phishing attack:

Incorrect spelling and grammar / Name in the email address not matching the user details in the email body / An email received from an unknown sender or email address / An unexpected change to the look/ layout of an email.

Please note that all non-secure CJSM notifications will ALWAYS come from CJSM System noreply@system.cjsm.net and will have a link to https://www.cjsm.net.

We are not aware of any CJSM related phishing attacks and no action is required on the back of this notice. The purpose of this notice is to provide information and ask everyone to remain vigilant against any potential spam e-mails or phishing attacks.

We strive to provide the highest levels of security and to keep your data safe at all times.

If you have any questions on the back of this notice please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com.

Did you know that in the event that you ever forget your password, or you have enrolled in MFA* and lost your MFA device, a verified phone number can be used to send a recovery SMS to yourself which will allow you to regain access to your CJSM account.

To add a recovery phone number please follow the steps below:

1 - Login to your CJSM account. 2 - Click on the 'Administration' tab, you should then see the 'More' tab below logout. 3 - Click on the 'More' tab and then navigate to 'Account Details'. 4 - Click the 'Account Security' tab followed by 'Recovery Phone Number'. 5 - You should be able to enter your recovery number after providing your CJSM password.

When you successfully enter your recovery number a one-time verification code will be sent to your phone. Please note that your one-time code is only valid for 5 minutes, after this period a new code would need to be generated.

If you have any issues please contact the CJSM Helpdesk on 0207 604 5598 or via email cjsm.helpdesk@egress.com and we will be more than happy to help.

*Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.